🛡️

nFADP & GDPR: How to use Friendly Automate in a privacy-compliant way

⚖️
Need a template for your privacy policy for using Friendly Automate? Click here.

Introduction

Friendly Automate allows you to collect, store, and process personally identifiable information ("PII") - such as names, email addresses, and phone numbers. Additionally, when you use our web tracking, Friendly Automate stores IP addresses of your visitors and the pages they view, and sets cookies to identify repeat visitors.

Therefore, the use of Friendly Automate is subject to the new Swiss Federal Act on Data Protection (nFADP) and the General Data Protection Regulation of the European Union (GDPR).

Our software itself is compliant with these data protection laws. You can find more about this in our Privacy Policy. According to these laws, we have the role of "processor".

There are also things that you must consider and implement. Indeed, according to the wording of these laws, you are "controller" for all personal data that you process with our software.

In Switzerland and the EU, individuals have the following rights, among others:

  • Every person has the right to know what data is stored about them
  • Every person must consent to the collection of personal data
  • Every person has the right to download the data stored about them
  • Every person has the right to be forgotten

Below we explain how you, as a data controller, can implement this.

How to use Friendly Automate in a privacy compliant way:

1. Sign a Data Processing Agreement with us

If you have personal data processed by a third party (in this case by us), you are required by the nFADP and the GDPR to enter into a Data Processing Agreement (DPA). A DPA specifies what your and our obligations are with regard to data protection aspects, and how the data is specifically processed and protected.

Please contact us to arrange a DPA.

2. Create a privacy policy

💡
“Every person has the right to know what data is stored about them.”

Your website visitors and also your customers have a right to know what data is stored about them.

Therefore, you should create a privacy policy that lists, among other things, the tools you use to process data, the partners with whom you share the data, the purposes for which you will use the data, and how you plan to protect the data.

There are numerous privacy policy generators on the Internet that can be used as suggestions. Your trusted lawyer will also be happy to help you.

You can use this template for your privacy policy (of course without guarantee).

You could choose when ordering if you want us to host your data in Switzerland or in the EU (since the beginning of 2023, before that we chose the hosting according to the location of your company). If the URL of your Friendly Automate account ends in .friendlyautomate.ch, we will store your data in Switzerland. If the URL ends in .friendlyautomate.com, we store your data in the EU. If you are not sure or want to change the hosting region, feel free to contact us.

If we host your data in 🇨🇭 Switzerland, please use this version:

📄
We use Friendly Automate to send emails and analyze the behavior of our contacts in emails and on our website. Friendly Automate is a service of Friendly GmbH from Switzerland. All personal data of our account is stored and processed by Friendly Automate exclusively in Switzerland with providers headquartered in Switzerland. Friendly Automate sends emails via Amazon AWS with locations in the EU. Information about the nature, scope and purpose of data processing can be found in the privacy policy of Friendly Automate.

And if we host your data in the 🇪🇺 EU (Germany), please use this version:

📄
We use Friendly Automate to send emails and analyze the behavior of our contacts in emails and on our website. Friendly Automate is a service of Friendly GmbH from Switzerland. All personal data of our account is stored and processed by Friendly Automate exclusively in the EU with providers headquartered in the EU. Friendly Automate sends emails via Amazon AWS with locations in the EU. Information about the nature, scope and purpose of data processing can be found in the privacy policy of Friendly Automate.

3. Obtain consent for the collection and use of the data

💡
“Every person must consent to the collection of personal data.”

Before you process personal data, the data subjects must consent. You also need consent to send emails for marketing purposes.

So you should have users agree to your privacy policy (see point 2) when signing up for a newsletter, creating a user account, etc. The privacy policy should clearly outline what data you will store, what you will use that data for, and how you will protect the data.

When users sign up to receive emails, you should always have them double opt-in confirm the email address. This way you can be sure that the person really agrees to receive it.

When you use our web tracking on your homepage, Friendly Automate sets cookies and stores personally identifiable information (the IP address) of your website visitors.

According to the new Swiss Federal Act on Data Protection, no explicit visitor consent is required.

If, on the other hand, your offer is directed at persons in the EU, you must obtain the consent of the website visitors for tracking for marketing purposes. You can obtain this via a so-called Consent Management Platform (CMP), also known as a "cookie banner". The tracking code of Friendly Automate is then loaded by the CMP only after consent has been given.

💡
Friendly Automate uses the following functional and marketing cookies:
  • mtc_id expires after 1 year. This is a targeting cookie to enhance the user communication and experience.
  • mtc_sid expires at the end of of the session. This is a targeting functional cookie in case you use forms or focus items.
  • mautic_session_id expires at the end of of the session. This is a targeting functional cookie in case you use forms or focus items.
  • mautic_referer_id expires after 1 year. This is a targeting cookie.
  • mautic_session_id expires depending on your configuration. This is a functional cookie in case you use focus items.

We are working on an own Consent Management solution for Friendly Automate. Until we are ready, you will unfortunately have to use an external solution. A proven provider for Consent Management is usercentrics (or Cookiebot bought by usercentrics). An open source alternative to this is Klaro.

Here you can find instructions on how to integrate Friendly Automate's tracking with usercentrics:

🍪Usercentrics: Set up Consent Management in WordPress

4. Respond to privacy requests in a timely manner

Persons in Switzerland and the EU have the right to receive information from you about the data stored about them or to have that data deleted.

3a. Create an archive of a person's data stored in Friendly Automate

💡
“Every person has the right to download the data stored about them.”

Any person may request an export of their stored personal data from you. For this purpose, you must name a company data protection officer on your website. In the case of the GDPR, this representative must reside in the EU. If you do not have a suitable person in the EU, services such as Datenschutzpartner.ch will provide such a representative for a fee.

In addition to this, you can also integrate a form on your website, which visitors can use to request an extract of their data or a deletion of their data.

In order to download an export of all data stored in Friendly Automate about a person, please proceed as follows:

  1. Click on "Contacts"
  2. Select the desired contact
  3. Click on the dropdown in the upper right corner and select "Export" to export all filled out contact fields
  4. Click on the "History" tab and click "Export" to export all activities of the contact
  5. Send the person the two files you have downloaded
image
image

3b. Delete all data about a person in Friendly Automate

💡
“Every person has the right to be forgotten.”

Any person has the right to request the deletion of their data. You can do this simply by following these steps:

  1. Click on "Contacts"
  2. Select the desired contact
  3. Click on the drop-down in the upper right corner and select "Delete"
  4. Once a contact is deleted - all the information and history connected - is irreversible deleted
image

Conclusion

If you consider and implement these requirements, you should be able to use Friendly Automate in compliance with data protection laws.

We have prepared these instructions to the best of our knowledge. Since we are not lawyers, we can of course not take any responsibility for our information. If you want to be legally safe, please consult a lawyer.

Do you have corrections or additions to our recommendations? Then please let us know.

Do you have any questions? We are happy to help you via 📧 email, ☎️ phone and 👩‍💻 video calls.

Click here to go back to the main help page:

Friendly AutomateFriendly Automate