Qwilr & GDPR
Disclaimer: the contents of this page are provided for informational purposes only, and not meant to serve as legal advice. You should consult with legal and other professional counsel to determine whether and how the GDPR may affect you or your business.
Qwilr is committed to best practices around data security and privacy, including the protection of individuals' rights with respect to their personal data, and believes it is compliant with the General Data Protection Regulation (GDPR).
In this article, we'll be covering information about the GDPR and how Qwilr complies and allows its customers to achieve compliance with GDPR.
What is the GDPR?
The GDPR is a European Union regulation that introduces a range of obligations on internet software companies with regard to the personal data they process in doing business. These obligations seek to assure individuals that their personal data are secure and that their rights in relation to that data will be respected.
What has Qwilr done to comply?
For GDPR purposes, Qwilr is both a:
- Data Controller: Qwilr collects personal data from its own users; and
- Data Processor: Qwilr collects personal data from its users' clients and contacts — e.g., when those clients/contacts submit their names and email addresses during the Qwilr Accept process.
In either case, Qwilr is responsible for safeguarding the data it processes — whether the data are acquired and processed on its own behalf or on behalf of its users.
Qwilr has dedicated significant resources to preparing for the GDPR. The following are some of the principal activities we've undertaken in the several months prior to the GDPR's introduction:
- Research: We've reviewed the text of the GDPR and related guidances to gain a clear understanding of Qwilr's obligations, and we've considered industry best practices in seeking to ensure that we fulfill those obligations.
- Updates to legal documents: We've updated our Terms of Service and Privacy Policy, and we've prepared a Data Processing Addendum to assist our users in complying with their own obligations under the GDPR.
- Internal data audit: We've undertaken a review of all the data we collect, including the reasons why the collect that data and what we do with that data, and limiting access to the data by Qwilr personnel where appropriate.
- Data Management Policy: We've adopted a company-wide Data Management Policy that offers Qwilr personnel a comprehensive guide around their handling of personal data.
- Vendor review: We've reviewed the GDPR-compliance status of our software vendors to ensure that they are adhering to the GDPR, including by signing Data Processing Addenda with those vendors where appropriate.
Going forward, we'll be working on our internal practices and processes around data security and privacy with a view to continually improving them.
What are my GDPR obligations and how can Qwilr help?
If you are collecting personal data from individual clients or contacts based in the EU, including in the course of using Qwilr, then you may have certain obligations with respect to that data — as a ‘Data Controller' under the GDPR. In those circumstances, we recommend:
- Ensuring that your Privacy Policy and Terms of Service are up-to-date.
- Considering how you handle consent from those individual clients or contacts.
- Getting legal and other professional advice regarding your obligations.
- Where appropriate, agreeing to Data Processing Addenda with those software vendors that possess and otherwise process the personal data you're collecting. If you'd like to sign a Data Processing Addendum with Qwilr, please let us know.
What are my GDPR rights and how can I exercise them?
If you're an individual whose data Qwilr possesses or processes, then you have a number of rights, including the right to object to certain data processing activities and to rectify data that is inaccurate or complete data that is incomplete. These rights are outlined in greater detail in our Privacy Policy, under "Rights to Information".
To enquire about or exercise these rights, please contact us.