In working with (personal) data, safety comes first. Security and completeness in guaranteeing the privacy of the visitors, so that you can confidently use the technology to refine your customer relations with all your (legal and human) frameworks.
The Peppered Platform creates these frameworks: it is an environment in which safety and completeness in working with data come first. Together with Stadhouders Law Firm, we have thoroughly reviewed the Platform, and we have drawn up a 10-Step Plan that fully meets the guidelines of the GDPR.
An outline of the most important parts of the GDPR
Below we have outlined the most important parts of the current privacy legislation. If you want more information about one or more sections, we refer to the extensive 10-Step Plan, which we have drawn up in collaboration with Stadhouders Law Firm, and that you can download free of costs (in Dutch).
- You have made an inventory of which data you are tracking and what the purpose is. You have recorded the processing in a Data Processing Register
- You ensure sufficient security in working with personal data and have also entered into a Data Processing Agreement (DPA) with your suppliers.
- You know on the basis of which principles you use the personal data (consent, agreement, legitimate interest)
- You have focus on these principles per individual, and they are properly administered where necessary (opt-ins!)
- You use the personal data correctly and allow people at any time to adjust their (opt-in) preferences or to unsubscribe
- Your systems and processes are structured on the basis of ‘Privacy by design’ and ‘Privacy by default’
- You can meet the other possible requests in the context of the GDPR, such as the right to removal, the right of access, etc.
- You inform your customers / visitors about our working methods in this context through a Privacy Statement. Note: This checklist is only a reflection of important topics and is by no means a complete checklist or legal advice.
Foundations and opt-ins
Tough matter, served tender
One of the most important questions in dealing with personal data and privacy is the question of which people you may and may not (or no longer) send emails, with what kind of messages and on what basis. We will explain this here for each kind of mail campaign.
Regular newsletter The regular newsletter is usually sent on a ‘permission’ basis. People who have signed up for the newsletter. We also use this opt-in in the Platform. This opt-in may be enabled by default when people create an account or order tickets (from a legitimate interest), but should easily be turned off at all times, for all messages.
Service e-mails Service e-mails can be sent on the basis of ‘agreement’. You may inform anyone who buys a ticket about that purchase. However, it may be that people prefer not to receive these messages, for example if they come to your theater very often and know their way. From a service point of view, we also provide the opportunity to uncheck this opt-in (to which is automatically set for a purchase).
Personal e-mails E-mails that are based on someone’s personal behavior (for example, based on his calculated interests or his website visit) are sent on the basis of authorization. We have built this opt-in into the Platform as an independent choice as well, so that people can specifically indicate themselves whether or not they want to receive these messages.
In short … We distinguish 3 opt-ins, which in their mutual connection can ensure a rich field of e-mail communication, that offers you every possibility within the frameworks that the visitor and the legislation require. Make sure to use these opt-ins in all your communication.