Privacy and GDPR

How has ZenShare Suite been adapted to the GDPR regulation?

In compliance with EU regulation 2016/679 (GDPR, General Data Protection Regulation) Interzen has updated its ZenShare Cloud suite (document management, customer relationship management). The GDPR harmonizes the management of personal privacy at European level: the update of ZenShare and ZenCRM has become necessary to process personal data in compliance with the new regulation and to increase the level of security and protection of their confidentiality.

Below is a detail of the work done on the ZenShare Cloud suite for GDPR compliance.

Lead/Contact data sheet

ZenCRM provides for the differentiated management of 3 areas of consent to the processing of personal data:

• Commercial consent (processing of personal data for the purpose of managing the relationship before, during and after the sale of a product / service);

• Marketing consent (processing of personal data for the purpose of sending informative, advertising and promotional communications);

• Profiling consent (processing of personal data for the purpose of observing the interest in a product / service)

EMAIL CONSENT REQUEST For the single lead / contact it is possible to send an email requesting consent to the processing of personal data pursuant to the GDPR, with the creation of a customizable message format.

SAVING EMAIL OF CONFIRMATION AND PRIVACY ACCEPTANCE

For the single lead / contact it is possible to save the email message that ZenCRM sends as confirmation of acceptance of the consent to the processing of personal data pursuant to the GDPR by the lead / contact.

INHIBITION TO EMAIL MARKETING CAMPAIGNS EVEN IN CASE OF CONSENT

For the single lead / contact, it is possible to prevent the sending of newsletter campaigns even if consent has been provided in the Marketing field. If it is necessary to manage further areas for the processing of personal data, simply contact Interzen to share this particular need and request support in this regard.

What to do?

The ZenCRM user can manage this information for each consent area:

•  Willingness of acceptance / non-acceptance;

•  Time duration (only in case of acceptance):

the duration of consent of each area is fixed and is initially configured in the ZenCRM GDPR Settings panel;

for the commercial sector, where there are contracts for the company to which the contact is associated, the duration of consent coincides with the duration of the longest lasting contract, extended by a period of time (fixed) initially configured in the ZenCRM panel GDPR Settings;

•   Date of acceptance / non-acceptance; •    Expiry date of consent (only in case of acceptance):

calculated automatically by ZenCRM based on the time duration;

for the commercial sector, where there are contracts for the company to which the contact is associated, the expiration date of the consent coincides with the expiration date of the longest lasting contract, extended by a period of time (fixed) initially configured in the ZenCRM GDPR Settings panel;

•   Channel through which the will of the interested party was collected (acceptance / non-acceptance of consent): paper, contract, email, voice, verbal recording, consent management page, web-to-lead form

•   Attached document that proves the will to accept: scan (paper channel), message (email channel), registration (voice channel), text file (web-to-lead form channel);

•   ZenCRM user who registered / updated the data;

•   Date and time of data recording / updating.

 

Leads and contacts filter

The lateral search filters available for both leads and contacts contain fields relating to the 3 main areas of consent envisaged by ZenCRM (commercial, marketing, profiling).

What to do?

The ZenCRM user can operate simultaneously with multiple types of filter for each consent area:
• Acceptance / non-acceptance
• Acceptance date (date range from / to)

 

Expired consent to the processing of personal data

Commercial consent.For leads and contacts whose consent to the processing of personal data has expired for the “commercial” area, ZenCRM does not provide for any automated procedure but manual, described later.

Marketing consent. For leads and contacts for which consent to the processing of personal data has expired for the “marketing” area, ZenCRM prevents the sending of e-mails and automatic marketing campaigns.

Profiling consent. For leads and contacts for which the consent to the processing of personal data has expired for the “profiling” area, ZenCRM prevents it from being displayed in the Web visits form: therefore, the visit traced by ZenCRM is related to the company to which the lead or contact.

Notifications on the homepage. For leads and contacts, for which consent to the processing of personal data is close to the deadline, ZenCRM shows an alert on the home page under the News TAB.

What to do?

The ZenCRM user, using the filters available in the list of leads and contacts list, can select leads and contacts for which one or more consents have expired and then choose which action to perform.

Anonymization. The user requests ZenCRM to replace the types of data initially configured in the ZenCRM GDPR Settings panel with a block of “XXXXX” characters; example fields:

– Surname
– First name
– Landline phone
– Mobile Phone
– Email

• Cancellation. The user requests ZenCRM to delete the previously selected leads or contacts.

 

Consent management page

A web page accessible by the single lead or contact has been provided for the autonomous management of their consent to the processing of personal data. The leads or contacts display the fields relating to the areas of consent and other ancillary information.

For the commercial, marketing and profiling areas:

• drop-down menu with the 2 options I agree / do not agree available;
• the menu is preset to the option selected by the lead or contact during the initial collection of consent to the processing of personal data;
• for contacts whose associated company has a contract, it is not possible to change consent in the commercial sphere.

 

Other information available:

• Email address of the interested party. The email address on ZenCRM.
• Data controller. The company name of the owner of the processing of personal data.
• Privacy Policy. Link to the web page or to the online privacy document of the data controller.
• Introductory text. A short presentation text of the management of Privacy pursuant to the GDPR.
• Description of consent. An in-depth text and description of the management of Privacy by the company name of the owner of the processing of personal data.

Notification of the consent to the processing of personal data. Sending an email to the interested party with a summary of his updated preferences.

What to do?

The ZenCRM user must include the link to this web page in the email marketing campaigns managed through ZenCRM, using the tracker “GDPR consent management,” to allow the recipient of the campaign to change their consent to the processing of personal data.

 

Web To Lead Form

In the web-to-lead form the ZenCRM user has these new fields available for consent to the processing of personal data in his online form:

Commercial consent (values I accept / do not accept; the value of this field on “I accept” is mandatory);

Marketing consent (values I accept / disagree);

Profiling consent (values I accept / do not accept).

Notification of the consent to the processing of personal data. Sending an email to the interested party with a summary of his updated preferences.

What to do?

The ZenCRM user must proceed with the modification of the landing pages and online forms that he previously produced using the ZenCRM web-to-lead form, to bring them into compliance with the EU regulation 2016/679 (GDPR) as regards the consent to the treatment of personal data.

 

DPO / Data Controller / GDPR Manager

Users with an “administrator” role are shown a warning in ZenCRM with the following information:

notification of functionality update for compatibility with the GDPR;

request for selection, among all users active on ZenCRM, of the user who has the role of DPO / GDPR manager.

The notice continues to be visible until the user with the role of DPO / GDPR manager is selected.

What to do?

The “administrator” user of ZenCRM must select the user who has the role of DPO / GDPR manager in ZenCRM.

The user with the “DPO / GDPR manager” role is shown in ZenCRM the GDPR Settings panel with the following configurations:

Commercial Consent: select the duration from the drop-down menu;

Marketing Consent: select the duration from the drop-down menu;

Profiling consent: select the duration from the drop-down menu;

Data Controller: the company name of the owner of the processing of personal data;

Privacy policy: link to the web page or to the online privacy document of the data controller;

Anonymization fields: the types of data to be replaced with a block of “XXXXX” characters where the consent to the processing of the personal data of the interested party (lead or contact) is missing;

Supplement to the expiration of the contract: for the commercial sector, where there are contracts for the company to which the contact is associated, the duration of the commercial consent coincides with the duration of the longest contract, extended by a period of time configured initially in this dropdown menu;

Default consent insertion date: this is a date to be indicated at the discretion of the DPO / GDPR manager and to be included in the leads and contacts where the consent date is missing at the time of full application of the GDPR.

The notice continues to be visible until the user with the role of DPO / GDPR manager is selected.
The “administrator” user of ZenCRM must access the GDPR Settings panel and make the required configurations.

 

Security levels of the ZenShare Cloud Suite

The introduction of the GDPR implicitly requires a more solid management of IT security, both system and application.

With a view to strengthening its ZenShare suite, Interzen has developed its own security policy structured on several levels and with a multilateral approach to risk management.

What to do?

The “administrator” user of ZenCRM can take action on the following issues:

• proceed with the activation of IP filtering by accessing the ZenCRM “Security” panel independently;

• contact Interzen to request the activation of the proprietary or external authentication system (for the latter, depending on the case, an economic quotation may be required);

• contact Interzen to request an economic quotation for the encryption of data and documents.

The security of the ZenShare Cloud Suite.

Discover More