The ZenShare Cloud Suite complies with EU regulation 2016/679 (GDPR, General Data Protection Regulation)
In terms of GDPR, the ZenShare Suite guarantees the compliant treatment of personal data, the protection of their confidentiality and the continuous increase of the overall level of IT security
ZenCRM provides the differentiated management of 3 areas of consent to the processing of personal data:
- Commercial Consent (processing of personal data for the purpose of managing the relationship before, during and after the sale of a product/service);
- Marketing consent (processing of personal data for the purpose of sending information, advertising and promotional communications);
- Profiling consent (processing of personal data for the purpose of observing interest in a product/service)
CONSENT TO THE REQUEST OF EMAIL SENDING
The single lead/contact, can send an email requesting consent to the processing of personal data pursuant to the GDPR, with the creation of a customizable message format.
SAVING THE CONFIRMATION EMAIL AND PRIVACY CONSENT
The single lead/contact can save the email message that ZenCRM sends as confirmation of acceptance of the consent to the processing of personal data pursuant to the GDPR by the lead/contact.
INHIBITION OF SENDING EMAIL MARKETING CAMPAIGNS EVEN IN CASE OF CONSENT
the single lead/contact can prevent the sending of newsletter campaigns even if consent has been given in the Marketing area. If you need to manage additional areas for the processing of personal data, it is sufficient to contact Interzen to share this particular need and request support in this regard.
What to do?
The ZenCRM user can manage this information for each consent area:
- Willingness to accept/not to accept
- Duration (only in case of acceptance):
-
- the duration of consent for each area is fixed and is initially configured in the ZenCRM GDPR Settings panel;
- for the commercial area, where there are contracts for the company to which the contact is associated, the duration of the consent coincides with the duration of the longest-lasting contract, extended by a (fixed) period of time initially configured in the ZenCRM GDPR panel Settings;
- Date of acceptance/non-acceptance;
- Consent expiry date (only in case of acceptance):
- calculated automatically by ZenCRM based on the duration;
- for the commercial area, where there are contracts for the company to which the contact is associated, the expiry date of the consent coincides with the expiry date of the longest-lasting contract, extended by a (fixed) period of time initially configured in the ZenCRM GDPR Settings panel;
- The Channel through which the will of the interested party was collected (acceptance / non-acceptance of consent): paper, contract, email, voice recording, report, consent management page, web-to-lead form
- The attached document proving the willingness to accept: scan (paper channel), message (email channel), recording (voice channel), text file (web-to-lead form channel);
- the ZenCRM user who registered and updated the data;
- Date and time of data recording/updating.
In the lateral search filters available for both leads and contacts, there are fields relating to the 3 main areas of consent provided by ZenCRM (commercial, marketing, profiling).
What to do?
The ZenCRM user can operate simultaneously with multiple types of filters for each consent area:
- Acceptance/non-acceptance
- Date of acceptance (date range from/to)
Commercial consent
For leads and contacts whose consent to the processing of personal data has expired for the “commercial” area, ZenCRM does not provide any automated but manual procedure, described below.
Marketing Consent
For leads and contacts for whom consent to the processing of personal data has expired for the “marketing” area, ZenCRM prevents the sending of e-mails and automatic marketing campaigns.
Profiling consent
For leads and contacts for whom the consent to the processing of personal data has expired for the “profiling” area, ZenCRM prevents them from being displayed in the Web visits module: therefore, the visit tracked by ZenCRM is related to the company to which the lead or contact.
Homepage notifications
For leads and contacts, for which the consent to the processing of personal data is about to expire, ZenCRM shows an alert on the home page under the News TAB.
What to do?
The ZenCRM user, using the filters available in the list views of leads and contacts, can select leads and contacts for which one or more consents have expired and then choose which action to perform.
- Anonymization.
The user requests ZenCRM to replace the data types initially configured in the ZenCRM GDPR Settings panel with a block of characters “XXXXX”;
example fields:- Surname
- Name
- Landline phone
- Mobile Phone
- Cancellation
The user requests ZenCRM to delete the previously selected leads or contacts.
A web page accessible by the single lead or contact has been provided for the autonomous management of one’s consent to the processing of personal data. The leads or contacts display the fields relating to the scope of consent and other ancillary information.
For the commercial, marketing and profiling areas:
- drop-down menu with the 2 options I agree/do not agree available;
- the menu is preset on the option selected by the lead or contact during the initial collection of consent to the processing of personal data;
- for contacts whose associated company has a contract, it is not possible to change the consent in the commercial area.
Other information available:
- Email address of the interested party
The e-mail address present on ZenCRM. - Data controller
The company name of the responsible for the processing of personal data. - Privacy Policy
Link to the web page or to the online privacy document of the personal data controller. - Introductory text
A brief presentation text on the management of Privacy pursuant to the GDPR. - Consent Description
An in-depth text and description of the management of Privacy by the company name of the company that owns the processing of personal data. - Update notification of consent to the processing of personal data
Sending an email to the data subject with a summary of their updated preferences.
What to do?
The ZenCRM user must include in the email marketing campaigns managed through ZenCRM the link to this web page, using the tracker “GDPR consent management,” to allow the recipient of the campaign to change their consent to the processing of personal data.
In the web-to-lead form the ZenCRM user has these new fields available for consent to the processing of personal data in his online form:
- Commercial consent (values I accept / I do not accept; the value of this field on “I accept” is mandatory);
- Marketing consent (values I accept/not accept);
- Profiling consent (values I accept/not accept).
Update notification of consent to the processing of personal data. Sending an email to the interested party with a summary of their updated preferences.
What to do?
The ZenCRM user must proceed with the modification of the landing-pages and online forms that it has previously produced using the ZenCRM web-to-lead form, to make them compliant with EU regulation 2016/679 (GDPR) as regards consent to the processing of personal data.
Users with the “administrator” role are shown a notice in ZenCRM with the following information:
- feature of update notification for GDPR compliance;
- selection request, among all active users on ZenCRM, of the user who has the role of DPO/GDPR manager. The notice continues to be visible until the user with the role of DPO/GDPR manager is selected.
What to do?
The ZenCRM ‘admin’ user must select in ZenCRM the user who has the role of DPO/GDPR manager. The user with the “DPO/GDPR manager” role is shown the GDPR Settings panel in ZenCRM with the following configurations:
- Commercial Consent: select the duration from the drop-down menu;
- Marketing Consent: select the duration from the drop-down menu;
- Profiling consent: select the duration from the drop-down menu;
- Data controller: the company name of the company that owns the personal data processing;
- Privacy policy: link to the web page or to the online privacy document of the data controller;
- Fields for anonymisation: the types of data to be replaced with a block of characters “XXXXX” where consent to the processing of personal data of the interested party (lead or contact) is missing;
- Contract expiration supplement: for the commercial area, where there are contracts for the company to which the contact is associated, the duration of the commercial consent coincides with the duration of the longest-lasting contract, extended by a period of time initially configured in this drop-down menu;
- Default consent entry date: this is a date to be indicated at the discretion of the DPO/GDPR manager and to be inserted in leads and contacts in which the consent date is missing at the time of full application of the GDPR. The notice continues to be visible until the user with the role of DPO/GDPR manager is selected. The ZenCRM “administrator” user must access the GDPR Settings panel and make the required configurations.
The introduction of the GDPR implicitly requires a more solid management of IT security, both systems and applications. With a view to strengthening its ZenShare suite, Interzen has developed its own security policy structured on several levels and with a multilateral approach to risk management.
What to do?
The ZenCRM “administrator” user can take action on the following topics:
- proceeding with the activation of IP filtering by autonomously accessing the “Security” panel of ZenCRM;
- contacting Interzen to request the activation of the proprietary or external authentication system (for the latter, depending on the case, an economic quotation may be required);
- contact Interzen to request an economic quote on data and document encryption.
- ZenCRM “administrator” must access the GDPR Settings panel and make the required configurations.
