Privacy Overview

Blendee
Marketing Automation & GDPR

Presented below is an overview of how our company has addressed the entry of the General Data Protection Regulation.
The focus of your marketing activities, digital and otherwise, must be centered on your consumers.
With Blendee's evolved segmentation, you will be able to use demographic, past and present behavior characteristics and understand the stage users are in within the Customer Lifecycle, tracking their behavior both online and offline.
These dynamic segments, updated in real time, will allow you to get to know your users better, building dedicated experiences for them.

GDPR Regulation ➝
Blendee | saoftware for customer experience

What did Adabra do to comply with the New Rules?

Since the beginning Adabra has always paid great attention to the privacy policy and all subsequent changes. Operating in the field of data profiling and segmentation, it was therefore necessary to be in line (even a step forward in many cases) with legal obligations. It was, therefore, relatively easy to adapt to GDPR as most of the requirements of the new rules were already present in the initial framework of our systems. But let's see together and in detail which new functionalities our platform offers and what has been modernized to comply with the new regulations:

The GDPR gives users ("data subjects") whose data are processed a new set of possibilities. One of the most important is that of the "right to be forgotten," or the possibility for data subjects to have their data processed on the Blendee platform, although collected with their consent, completely deleted.
The law applies to data stored in both digital and paper form, as well as to all backups of such data.To make this right effective, Blendee has confirmed the forget button(Opt Out), while also adjusting the standard durations of data storage

The GDPR also introduces the right to data portability, allowing our customers and their users to request in a structured, commonly used and electronically readable format personal data about them and also to request its transfer, for example to another company should their contracts be transferred. The right to data portability applies to processing:- based on consent marketing- carried out in an automated manner. The right to request the transmission of data to another controller exists only if the operation is technologically feasible, it being therefore necessary that, for example, the two systems involved, transmitter and receiver, are compatible.Our Blendee platform is already compliant in this respect as well, and therefore our clients will be able to easily transfer all contacts to external systems in the form that will be most convenient for them: in the form of files or via API.

If the tracking of users is based on anonymous data, which does not allow them to be identified, even indirectly, GDPR does not apply and the customer does not have to worry about obtaining any consent from users.

It is not necessary to modify the contact collection forms. It will not be necessary to include any request for additional consent, compared to those used so far, as long as the customer is able to prove that he has provided the information to those concerned.

The Blendee platform will enable, aligning with the obligations imposed by the GDPR, the identification and disclosure of where the data was acquired from ("data source").

Blendee | Privacy compilance

Contract Modifications

We do as we have always done, addressing our customers with the utmost clarity and transparency.

In order to use Blendee, it is necessary to sign the license agreement and authorize the processing of data by Ad Spray Srl, in accordance with the provisions of our General Terms of Service (GCS ), which we have updated for everything implied by the implementation of the GDPR.

Even for our current customers, the obligations under the GDPR will become effective as of May 25, 2018.

View the General Conditions of Service ➝

What happens to the Current Customer Database?

The law is not retroactive, i.e. it means that the use of all behavioural profiles collected legally before the entry into force of the GDPR will continue to be possible.

Further elaboration and profiling of stakeholder profiles should - from now on - be allowed on the basis of new information in accordance with the GDPR.

Deletion of data will only be necessary if requested by the data subject.

Blendee | marketing ecommerce automation
Blendee | lead generation ecommerce

How to acquire a Valid and Verifiable Consent from the User

The consent is valid if it is "explicit", i.e.: expressed. GDPR has excluded that it can detect any form of implicit or tacit consent (i.e. silence is not equivalent to consent), or obtained by proposing a number of pre-selected options.

It must be free (i.e. not forced or conditioned), formulated in a specific form (and therefore not expressed with reference to a generically identified treatment, while the different consents will have to be separated from each other), informed (i.e. preceded by relevant information).

Geographic Localization

Explicitation Data Storage
Blendee
cares about user privacy and has chosen to locate its servers and data storage activities in EU territory.

‍That's right!
‍The
various servers used by Blendee are in Italy and geographically redundant within the European Union. In addition, our vendors are ISO-27001 (Data Storage) compliant, and even if there are integrations with third-party platforms residing outside the European community, we have verified that they guarantee an adequate level of protection of personal data, according to the "Standard Contractual Clauses" (Art. 46(2)(c) and (d).

Documentation available to the customer
‍Blendee has implemented a data security policy and IT systems management procedures, all of which are documented and available to the customer.

Blendee | advertising automation

The most important changes introduced by GDPR

Here are the most important changes introduced by the GDPR

Your personal data (and your customers' data) will have to be stored on European territory. If the data is stored outside the EU territory, in accordance with the GDPR, Blendee will take care to verify that the countries to which the data is transferred ensure an adequate level of protection of personal data (adequacy decision of the European Commission), or appropriate safeguards are in place through contractual instruments (model clauses; binding corporate rules).

Your users have the right to be forgotten and, at their request, you must be able to delete their data from your database.

Your customers have the right to request that their data be returned to them or transferred to another company in a structured, commonly used and electronically readable format.

The consent to process personal data must in any case be requested in the manner provided for and with respect to a correctly formulated statement.

You will have to apply data protection right from the design (privacy by design) of your IT solutions and systems.

The administrative penalties for violation of the regulations increase - up to 20mln Euro and 4% of the turnover, if higher.

The new accountability rules are designed to ensure that the data controller has adopted the appropriate organizational and technological security measures and is able to demonstrate that its processing is carried out in accordance with the GDPR.

You must keep track of the processed data

You are obliged to notify the Data Protection Authority of any incident involving a data breach in terms of loss of confidentiality, integrity and availability and you have a short period to do so: 72 hours!

What do I have to do to Comply with the New Regulations?

You'll need to prepare the necessary documentation, which includes:

Blendee | M.O.S. Marketing Operating System
Security Policy
A summary document (known as "Security Policy Document") explaining the main precautions to protect the data you manage.
Blendee | M.O.S. Marketing Operating System
Notification procedure for computer incidents
Adoption and documentation of a procedure to notify computer incidents to the Guarantor Authority for the Protection of Personal Data and possibly to your users.
Blendee | M.O.S. Marketing Operating System
Procedures for managing the exercise of the right of access
Adoption and documentation of a procedure on the exercise of the right of access to personal data by users.
Blendee | M.O.S. Marketing Operating System
Register of processing activities
Creation and maintenance of a log that shows how the data process operations are performed.
Blendee | M.O.S. Marketing Operating System
Privacy Impact Assessment
Carrying out the privacy impact assessment in the event that the processing of personal data poses a high risk to the rights and freedoms of data subjects.
Blendee | M.O.S. Marketing Operating System
Designation of Data Protection Officer
Designate a Data Protection Officer when your main activities consist of processing operations, which by their nature, scope and purpose require regular and systematic monitoring of data subjects on a large scale.

Choose the Right Partner as your Guide
to Success.

Learn about Blendee and Create a Winning Strategy!

Contact us for a consultation
Contact us for a consultation

Some Articles That Might Interest You