GDPR Policy. Last Updated April 1st, 2022.
ReviewBase is aware of the need of all companies operating within the EU to ensure their compliance with the policies outlined by the General Data Protection Regulations (GDPR) entering into effect on the 25th of May 2018.
We are taking steps to ensure that our responsibilities are met to comply with the requirements of the GDPR, both in terms of our operations as a Data Processor (where ReviewBase processes data on behalf of the companies for whom it provides services) and as a Data Controller (where ReviewBase stores information relating to those persons it is in contact with regarding the products and services offered by ReviewBase).
This policy is not intended to act as legal advice for your company and we strongly recommend that each company undertakes its own review of GDPR policies and seeks legal advice where appropriate.
All enquiries relevant to this policy and our actions related to the GDPR can be addressed to firstname.lastname@example.org
ReviewBase as a Data Processor
ReviewBase is making every effort to ensure that their responsibilities as a Data Processor under the GDPR are met, and seek to do so in an open and transparent way. In our role as a Data Processor, our clients entrust us with private information regarding their end customers (Data Subjects). This is already limited to the minimum data required to perform the core function of requesting reviews, namely: contact details (such as email), name, and purchase information directly relevant to the review. We have always offered the ability to request, review, amend or delete any such data stored by us, and will continue to do so under the GDPR while further enhancing relevant notifications and processes surrounding this.
ReviewBase already takes the data it handles very seriously, working to protect the privacy and security of the information which it processes. Further, we are reviewing all steps involved to ensure that the data collected is minimised to the greatest degree possible, and that everything is as transparent as possible for all parties involved.
What this means for us:
- ReviewBase will continue to review all of its internal policies and procedures to ensure compliance with the GDPR and in addition to this policy will release updates to both the Terms of Service and Data Policy which reflect changes relevant to GDPR compliance.
- ReviewBase is monitoring the compliance of all sub-processors involved in the handling of any private data.
- ReviewBase will comply with all requests from data subjects relevant to the personal data stored regarding them (data subject access requests), including the ability to amend or delete all data.
- ReviewBase will continue to minimise all data which is stored related to data subjects and release further updates to ensure transparency and ease of use for all data subjects in relation to their data.
What this means for your company:
- As a Data Processor, ReviewBase is processing review requests on behalf of your company, the Data Controller. Depending on the nature of the services provided by ReviewBase, and/or the integration option chosen, your company will provide us with private data related to data subjects.
- While your own internal review related to GDPR policy is likely necessary to determine your obligations, it’s recommended that you name ReviewBase as a data processor for this information and state the purpose for using our services.
- Where ReviewBase will be contacting data subjects on behalf of your company in order to collect reviews, and/or processing any private data related to the data subjects, it may be necessary that ReviewBase is explicitly named as a data processor for this purpose in any consent obtained from your customers. We recommend being as open and transparent as possible regarding the purpose and the nature of the services being used, as well as the data being processed.
- Under the GDPR your company will be required to comply with any requests for personal information from your customers, known as a data subject access request. ReviewBase intends to meet compliance in this regard and give access to any relevant information required for your company to comply with such a request in relation to the data which has been processed by us. Please don’t hesitate to contact us at email@example.com for any further information or assistance with such a request.
ReviewBase as a Data Controller
In our operations as a commercial business, ReviewBase may collect private data related to individuals who are current, past, future or potential customers of ReviewBase. Every effort is already undertaken to ensure that the level of personal information obtained is minimal and serves a clear business purpose.
ReviewBase may gather this information from interactions with our website (as outlined in our Data Policy), information submitted directly on our website via forms, or through direct communication with company representatives. Further information may be gathered from available public sources such as online directories, business registries, and publicly displayed information on social networks and company websites.
ReviewBase continues to monitor the compliance of the data processors it engages to ensure their compliance with the GDPR. Relevant policy announcements from Data Processors engaged by ReviewBase for its business activities can be found here:
ReviewBase makes every effort to ensure that all commercial communication is carried out with a clear and apparent business interest and will comply with any requests for deletion of any relevant personal data or end further contact per the GDPR. Please do not hesitate to bring to our attention any unwanted communication or lodge a “request to be forgotten.”
To make a request, simply email firstname.lastname@example.org