EU GDPR Compliance
Please review GDPR legislation: https://www.eugdpr.org/
For the purposes of GDPR, LeadsHooks’ clients are data controllers and LeadsHook is a data processor.
LeadsHook is here to help data controllers comply. Much about GDPR is still subject to interpretation and change. Please contact us if there is something you need help with.
| GDPR Compliance Requirement | How LeadsHook Helps With Compliance |
|---|---|
| GROUNDS FOR LEGAL PROCESSING | |
| Consent | Get consent via a personalized decision tree and/or form with checkboxes and/or radio buttons. |
| Legitimate Interest: | Store or link to your Legitimate Interest Assessment on a decision tree or campaign basis. |
| PURPOSE OF PROCESSING | |
| Benefits | Ability to record benefits to Individual(s), group of individuals, organisation(s) or society. |
| Risks | Ability to record types of risk, possible threats/sources of risk, likelihood of risk occurring, impact if risk occurs/type of damage and risk mitigation options and strategies. |
| PROTECTION OF INDIVIDUALS’ DATA RIGHTS | |
| Right to be informed | Ability to inform via decision tree, forms and content. |
| Right of access | Ability to search, export and delete data stored. |
| Right to rectification | Ability to allow data subject to go through your decision tree(s) as many times as needed. Updated data can be transferred to external systems as required. |
| Right to erasure/right to be forgotten | Ability to create custom fields marked as ‘personally identifiable information’. These fields can be deleted so data stored is no longer identifiable. Ability to search and erase data. |
| Right to object and restrict processing | Ability to deactivate your decision trees and also terminate your account. |
| Right to data portability | Ability to export data into a CSV. |
| Rights in relation to international transfer(s) | LeadsHook offers a Data Processing Agreement using Standard Contractual Clauses for the transfer of personal data from the European Union to processors established in third countries (controller to processor transfers) as per Article 26(2) of Directive 95/46/EC. |
| Rights in relation to prior consultation | Not applicable. Data controllers need to consult with their supervisory authority. |
| Rights in relation to automated decision-making and profiling | Ability to inform data subjects of automated processing and profiling. |
| ARRANGEMENT FOR VULNERALBLE INDIVIDUALS | |
| Minors | Ability to STOP your decision tree or to redirect to a form to capture details of parent or responsible person or entity. |