A few months ago we added a link to our website which included information on GDPR and our policy regarding this. I would now like to take this opportunity to thank the Didomi team, who really helped us to work on our approach.
GDPR requires joint responsibility from Tilkee and its users. We must therefore provide the necessary tools in accordance with the regulation.
Is Tilkee for Sales GDPR compliant?
Yes and as we believe that this new regulation is heading in the right direction, here are the changes (which were already) put in place in October 2017:
- No cookies are stored on the reader’s computer (in fact, this was a choice that was made from the beginning of Tilkee in 2014)
- Prospects’ personal data (IP address in particular) is deleted after 13 months.
- Data is hosted in Europe (AWS, Azure, OVH, Cloudwatt).
- Secured processes (encryption of sensitive data, data access procedures, information restricted to authorised members of the team, bug bounty, etc).
Personal data, required for the proper functioning of the tool, is encrypted (database and flat files) and its access is audited. The data belonging to prospects (IP address, login details) is stored and pseudonymised.
Tilkee ensures the protection and security of the personal data that you have chosen to give us, with a view to ensuring its confidentiality and to prevent it from being altered, damaged, destroyed or divulged to unauthorised third parties.
Respect for your rights
Even if you choose to share your personal data, you still have the right to ask that we correct the data, delete it, limit its processing and you can object to its collection or its retention.
To find out more, please refer to our Privacy Centre.
We must, however, inform you that in the case of opposition or limitation on your part, Tilkee cannot guarantee the proper functioning of its services.
Displaying this to your clients and prospects
From the 25th May, it is essential that you inform the recipients of your documents as to the personal data you have collected and how you process it. F
or example, in the context of sales prospection, if you send documents using Tilkee you must inform your readers that you collect data concerning how the document is read and explain how you process it.
By default, a banner explaining this will appear on your documents starting from today.
Here is the message displayed: “By continuing to read, you accept that we keep a trace of traffic metrics in order to improve the marketing process and browsing experience”.
However, if you have already informed the recipients of your documents about keeping a trace of traffic metrics in order to improve the marketing process and browsing experience (in the context of your General Terms & Conditions or a specific process), you do not have to display this notification.
You can disable it from the Theme section of your Tilkee account.
Tip: Duplicate your default Theme, deactivate the message we display in the viewer (as seen above) and name this theme “XXX without the GDPR banner” for example. This enables you to decide whether you want to display this message on a project per project basis, very easily.
=> If you are not sure that the people you send documents too are informed about the presence of trackers on your documents, we advise that you leave this option activated.
The notification will disappear once the document reader has finished page 1 (and starts page 2).
Obtaining consent in the context of profiling
Consent in the context of profiling
This is the “legal” wording. It just means that you should give your readers the option to refuse their reading data being reported (time, time per page, page order, IP address).
An example of this would be the following… Tilkee detects that someone has read your documents & this data is automatically put into your CRM solution. From here, the person is then automatically called & the call is transferred to an advisor if the person picks up.
Given the rarity of the cases concerned, obtaining consent is not available by default in your Tilkee account. However, we can set this option up for you on request – you can email our team here email@example.com.
If this still isn’t clear or you have questions, please get in touch with our DPO (data protection officer), Simon Gaudin at firstname.lastname@example.org. We also have a few webinars taking place in French with our GDPR experts – you can chose a time to suit you amongst the below options (all CEST).
Choose a time that works for you here.