WebBasta and GDPR
At WebBasta, we are committed to and help our partners in achieving GDPR compliance. We firmly believe in respecting our partners and their respective users’ privacy rights. WebBasta has carried out the necessary changes to its platform to meet GDPR standards worldwide, and we will continue to invest in industry-leading data privacy initiatives.
How WebBasta supports GDPR compliance for our partners
What is WebBasta’s take on GDPR?
At the onset, GDPR may look intimidating making it harder for marketers to access user information. However, it also provides marketers with an opportunity to reconnect with their audience and strengthen the brand-consumer relationship. Take the opportunity to inform users of the data you collect and how you use them, make them aware of their rights which can be reassuring and builds trust.
How does GDPR apply to WebBasta?
When it comes to using of our platform by WebBasta clients, those clients are the controllers and WebBasta is a processor—and that means that WebBasta will follow the instructions of its clients when it comes to the processing of personal data on their behalf. However, WebBasta is the controller when it comes to personal data that it collects from its employees (well, the employees who are EU citizens) and from EU citizens who visit the WebBasta website or have their data collected in other ways through our marketing programs.
WebBasta’s commitment to data security and privacy?
At WebBasta, we believe in “security by design,” meaning that we have built security into the core of our product and have made it a key focus area since day one. WebBasta’s security by design committee meets on a regular basis to review, discuss and implement privacy principles in the design and development of the features, functionalities, and operations of the WebBasta. WebBasta’s security by design committee includes manager level employees from product, engineering and operations organizations together with WebBasta’s privacy and security teams.
How we enable our customers to be GDPR compliant?
As a data processor, WebBasta is focused on automating—as much as is technically feasible—the ability of its clients to comply with the rights of EU citizens. For instance, WebBasta has already updated its platform so that clients can respond to requests of individual data subjects. WebBasta already provides a way for the customers to export the user data. If required, clients can raise a support ticket to delete the customer data on demand.
The GDPR throws emphasis on how data controllers handle user personal data. Under GDPR, data subjects need to be made well aware of how brands collect, store, and process critical customer data.
The data subject under GDPR has the right to:
Confirmation that their data is being processed; Access to their personal data; and Other supplementary information – this largely corresponds to the information that should be provided in a privacy notice (see GDPR Article 15).
How is WebBasta compliant with this right?
As a data processor, WebBasta has established mechanisms that help customers, as data controllers, access specific information about data subjects. WebBasta customers can download data for particular users based on any user identifier. WebBasta dashboard users with Admin and Manager access can download user data directly from the dashboard.
Data subjects, under GDPR, are entitled to have personal data rectified if it is inaccurate or incomplete. If you have disclosed the personal data in question to third parties, you must inform them of the rectification where possible.
WebBasta customers can update the user data of specific users in WebBasta by using one of our data import APIs. These are by default enabled for all clients and can be used whenever an end user requests for their information to be updated. For information on WebBasta Data Import API and how to update user data in WebBasta.
The Right to Erasure, also known as the ‘right to be forgotten’ allows users to have their data removed from specific systems used for processing or holding their data. As a WebBasta customer, your end users can request you to erase their personal data.
To help WebBasta customers delete personal data of users from WebBasta database, we recommend the below two solutions –
- An Erase API is available which erases the personal data of specific users entirely from within WebBasta. For more details on the delete API, you can refer this article. Please note that deleting the data does not automatically stop processing additional data that you send to WebBasta for a given user.
- Alternatively, you can ask your end users to uninstall the app from all their devices.
Deleting a user from the WebBasta platform will permanently remove the user profile for that particular user. This includes all personal data as mentioned under GDPR guidelines.
Analytics within WebBasta is tied to an anonymous WebBasta User ID. Once the user profile is deleted, the WebBasta user id effectively becomes a wholly anonymized identifier, as we cannot tie it back to any personally identifiable information.
Data Subjects have the right to ‘block’ or suppress processing of specific subsets of their personal data in the event of inaccurate or improperly obtained data. When processing is restricted, you are permitted to store the personal data, but not further process it. You can retain just enough information about the individual to ensure that the restriction is respected in future.
WebBasta SDKs are shipped with the functionality to suppress tracking of personal data for a particular user. As of now, we cannot suppress the tracking of specific categories of data, but we will stop tracking all the data entirely. For more information on disabling data tracking from the WebBasta SDK.
The right to data portability allows individuals to obtain and reuse their personal data for their purposes across different services.
Similar to Right to Access, WebBasta customers can easily download data of specific users based on any user identifier. WebBasta dashboard users with Admin and Manager access can download user data directly from the dashboard.