Terms of Service Compliance to GDPR’s Applicable Provisions
Data Protection Impact Assessment
In the interest of the data subject, as the controller, it is imperative for the JCA Oils to undertake data protection impact assessment (DPIA) pursuant to Art.35: GDPR Data protection impact assessment. It is designed to identify and prevent the occurrence of the data protection risk through the application of various elements such as procedures, policies, and processes.
Strengthening the fundamental rights and freedoms of EU nationals
Cognizant of the impact of the applicable provisions of GDPR to JCA Oils as well as its users, it is committed to strengthen and set out in detail the fundamental rights and freedoms of the EU citizens who are also called data subjects. Further, it is set to observe the following concerns such as the obligations of either the data controller or processor tasked to process and determine lawful personal data processing; supervise its data controller and data processor in complying data protection laws; and imposes penalties for non-compliance
Issues on Consent
We, at JCA Oils, are aware that express consent needs to be taken from anyone whose personal data is being collected and recorded. Further, the users need to be informed explicitly how this data would be used. These confirmations should be kept on record so that they can be produced before a competent authority when required.
When this consent is being asked for, there might be several email recipients who would want to opt-out. We take measures to ensure that they will be in place in a simple and non-combative way for
existing subscribers to exit if they want to. As soon as a subscriber opts out, the JCA Oils delegates
the responsibility to its staff to erase all data previously collected from him, and confirm the same.
The subscribers should be provided with a way to access not only all data collected from him but also
a confirmation that it is being used solely for the purpose stated while obtaining consent.
Using Aweber for detecting data breaches
There could be a situation where data has been breached. In such a case, the competent authority needs to be intimated within 72 hours. The Jay Clark & Associates using Aweber has guaranteed its users to have in place the technology to detect data breaches as soon as it happens and take immediate steps to prevent further leaks.
Appointment of the Data Protection Officer (DPO)
The JCA Oils using Aweber have appointed their DPO either from internal resources or from external service providers.
Using ClickFunnel and its Impact on Complying GDPR
JCA Oils uses ClickFunnel software to affect sales of its goods and services; it would be collecting data from prospects and customers, and so would be considered as a data controller. The onus of keeping the ClickFunnel package and usage GDPR-compliant would rest on the user. ClickFunnel, as a data processor only guarantees GDPR compliance for the data it collects from JCA Oils which uses its software.
The JCA Oils ensures that it will go over all data collected from employees, clients, and vendors so that specific data can be easily retrieved in response to a query.
Knowing the relevance of the opt-in of a client as the most important area of change that a
ClickFunnel user, the JCA Oils ensures that it is included in its website. It makes sure the consent will need to have a physical act like clicking on a checkbox to signify consent. The user will need to get a code from ClickFunnel that makes the ‘Submit’ button on any personal datasheet or any other web form completely GDPR compliant.
The ‘submit’ button will need to be made bigger now because it will not only have the customary line (with checkbox) about the consent but below it, the user will need to list out everything that his client’s data will be used for. As a ClickFunnel user, JCA Oils will need to devise ways to keep this recorded (a very basic way is to
keep screenshots of the submit button) so that it can be shown to an authority if the need arises. Maintaining the ClickFunnel, the JCA Oils needs to ensure that all data collected is kept secure to avoid breaches.
Protection of Children In Relation to Information Society
Services We are obliged to put appropriate systems in order to address the special protection for children’s personal data provided under Article 8, entitled “Conditions applicable to child’s consent in relation to information society service.” For any activity classified within the context of commercial internet services such as social networking and the like, we shall conduct verification of children’s ages requiring them to obtain parental or guardian consent prior to allowing them to access our Site.