GDPR and Klenty

The European Union will begin enforcing the EU General Data Protection Regulation starting on May 25, 2018 in an effort to strengthen the security and protection of the personal data of EU residents.

The full text of the GDPR can be found here

Does the GDPR apply to me?

While the current EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU, the territorial scope of the GDPR is far wider in that it will also apply to non-EU businesses who a) market their products to people in the EU or who b) monitor the behavior of people in the EU. In other words, even if you’re based outside of the EU but you control or process the data of EU citizens, the GDPR will apply to you.

In keeping with our ongoing commitment to privacy and security, Klenty is committed to making it easier for you to comply with the GDPR.

Important Definitions:

Term	Definition
Data Subject	A person who lives in the EU
Personal Data	Any information related to an identified/identifiable data subject (e.g., name, national ID number, address, IP address, health info)
Controller	A company/organisation that collects people’s personal data and makes decisions about what to do with it. So if you’re collecting personal data and are determining how it will be processed (for example using the Klenty services to market to prospects and customers), you’re the Controller of that data and must comply with applicable data privacy legislation accordingly.
Processor	A company/organisation that helps a Controller by “processing” data based on its instructions, but doesn’t decide what to do with data. So for example, Klenty is the processor of the data you collect in your Klenty application. We don’t control how you collect or use the data; we merely process it on your behalf and on your instruction.
Data Protection Officer (DPO)	A representative for a controller/processor who oversees GDPR compliance and is a data-privacy expert
Data Privacy Impact Assessment (DPIA)	A documented assessment of the usefulness, risks, and risk-mitigation options for a certain type of processing
Supervisory Authority	Formerly called “data protection authorities”; one or more governmental agencies in a member state who oversee that country’s data privacy enforcement (e.g., Ireland’s Office of the Data Protection Commissioner, Germany’s 18 national/regional authorities)
Third Countries	Countries outside the EU

Who is the Controller and who is the Processor, In the case of Klenty’s relationship with a Customer

Unless explictly clarified in any engagement, Klenty will be the Processor and Customer will be the Controller.

What does Klenty do to ensure lawful data transfers from the EU?

The GDPR permits transfers of personal data outside of the EU subject to certain conditions. The EU model clauses (Standard Contractual Clauses or SCC) provide a valid mechanism to lawfully transfer personal data. Klenty offers a Data Processing Agreement that incorporates the model clauses to our EU/EEA customers.

We have created a new Data Processing Agreement (DPA) incorporating the Standard Contractual Clauses (SCC) to meet the requirements of the GDPR in order to permit our Customers to continue to lawfully transfer EU personal data to Klenty and permit Klenty to continue to lawfully receive and process that data;

We have updated our Terms of Service to refer to DPA as a mechanism to lawfully transfer data of EU Data Subjects to Klenty.

What changes is Klenty doing to help Customers comply with the GDPR?

Product Changes:

Klenty has conducted a review of the Personal Data being stored and has made several changes to the product

Users now have the ability to turn off Open/ Click tracking – giving you greater power to choose what level of tracking you wish to incorporate in your email campaigns

We now enforce appropriate Data Retention periods for Personal information such as Email content, imported and exported CSV files, Cookies (if you are using our Website Tracking feature)

We now permit complete customization of the unsubscribe link across all plans. This will allow you to include a link to your privacy policy should you choose to include it in your emails

Klenty permits you to download Data Subjects information in CSV format, and also permanently delete Data Subjects and all of their Personal Data

You can also use custom fields to store information relating to consent for each prospect

To help Users comply with the Rights of Data Subjects, you can reachout to support@klenty.com for reasonable requests

Data privacy and security is an ongoing effort and we will continue to release new features to help you comply with GDPR requirements

Contractual Changes:

We have created a new Data Processing Addendum(DPA) to meet the requirements of the GDPR in order to permit our Customers to continue to lawfully transfer EU personal data to Klenty and permit Klenty to continue to lawfully receive and process that data

We have updated our Terms of Service to refer to the DPA as a mechanism to lawfully transfer data of EU Data Subjects to Klenty

We maintain a list of sub-processors here

Should you require a copy of our DPA, please send an email to support@klenty.com.