GDPR FAQ

Welcome to WiserNotify!

Our pledge to help you with data protection and compliance enables GDPR support for all customers.

What is the General Data Protection Regulation (GDPR)?

To strengthen an individual's rights to privacy, the European Union brought about the General Data Protection Regulation(GDPR), supporting existing directives on data protection. The Regulation issued by the European Union applies to businesses processing personal data of European residents and has been in force since May 25th 2018.

What are Processors and Controllers?

A controller is a natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data. A processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Our customer will be considered a data controller (i.e., an organization that determines the purposes and means of the processing of personal data), and we will always be considered a data processor under the law.

Controllers and processors each have their respective obligations under the law. Therefore, our GDPR compliance plan looks a bit different from what yours will look like. That doesn't mean WiserNotify can't be used by data controllers – quite the opposite. When a data controller engages a service provider like us, the service provider is typically a data processor acting on behalf of the controller. The processor acts at the behest of the controller. As stated above, our DPA will govern the relationship, and the nature of the processing activities, between WiserNotify and its customers.

Does GDPR apply to my business?

Since GDPR is an EU framework, all businesses based in the EU will have to be GDPR compliant. But the framework is far-reaching and affects firms outside the EU as well. If you are collecting, recording, storing, using, or processing the personal data from customers who are EU citizens, then you will need to be GDPR compliant.

We would highly recommend consulting with your legal counsel about the full scope of GDPR and how it affects your business.

How is WiserNotify GDPR-compliant?

WiserNotify is compliant with the current GDPR. We value the privacy & rights of our users and their customers. As part of our process for being GDPR compliant, we have reviewed and updated our internal systems, processes, database, and documentation.

Also, build the features that help our client to be GDPR compliant.

For Shopify eCommerce, We have implemented Shopify's mandatory webhooks concerning the redaction of your data in line with the GDPR laws. We redact data following Shopify's Policies.

If you are using WiserNotify as a customer and have agreed to our terms of service, you do not need to sign an additional Data Protection Agreement. As of May 25th 2018, our terms of service include a provision to ensure compliance with GDPR.

If you are a Partner or a customer who needs further documentation of compliance with WiserNotify acting as a Processor, you can sign our DPA. For that, We are requesting you to mail us at support@wisernotify.com for further information. We have appointed a Data Protection Officer & you will get reverted once you submit the request.

We trained our team so that they are aware of GDPR and the requirements of its laws. Moving forward, we will be developing our product and business strategy with the new laws in mind.

How WiserNotify prepared for GDPR?

WiserNotify helps you meet your data portability requirements; you can easily export all of your data linked to an individual and permanently delete all data linked to an individual user.

Our teams worked hard to ensure we complied with GDPR. We did the best thing for our customers while still letting us move fast, scale, and build it.

According to GDPR, WiserNotify is classified as a 'Data Processor.' In other words, WiserNotify processes the data of the visitors who visit your website/store & see the notifications, including both personal and non-personal data.

We will automatically expire data on visitors that have not been seen in 3 months to ensure we comply with GDPR retention requirements.

We have created new features and improved existing ones, which allows you to get consent to show the cookie's consent. It is essential to ask for permission to store cookies & tracking them. Also, added options to give you more control over what personal data they want to collect.

Following settings, you will apply at your Website level at your account.

  • Opt-out of Analytics WiserNotify will stop sending any data to third party analytics tools.
  • Do not save User IPs With this option; We will not store IP. If you select it, we won't be able to tell the user's location.
  • Do not capture visitor email id With this option; We will stop storing visitor emails on our server.
We coordinated with our vendors.

We've reviewed all our vendors, finding out about their GDPR position, and signed Data Processing Agreements with them.

Subprocessors are:

  • Google Cloud
  • Mixpanel
  • FreshDesk
  • Google Tag Manager
  • Google Analytics
Does the GDPR apply to Processors and Controllers?

Yes, the GDPR applies to both controllers and processors. Controllers must only use processors that take measures to meet the requirements of the GDPR.

Under the GDPR, processors face additional duties and liability for noncompliance or acting outside of the controller's instructions, compared to the Data Protection Directive. Processor duties include, but are not limited to:

Processing data only as instructed by the controller.

We are using appropriate technical and organizational measures to protect personal data.

We are assisting the controller with subject data requests.

Ensuring Subprocessors it engages meets these requirements.

What are security measures in place for the WiserNotify platform?

Customer trust and data security are critical to everything we do at WiserNotify. The GDPR requires appropriate technical and organizational measures to be in place for the processing of personal data to ensure a level of security appropriate to the risks associated with the specific processing activity. The security measures for the WiserNotify platform include physical access controls, logical and data access controls, network security, applicational security, personnel security, security incident management.