πŸ›‘οΈ

Use Friendly Automate in a privacy-compliant way

βš–οΈ
Need a template for your privacy policy for using Friendly Automate? Click here.
  • 1. Sign a Data Processing Agreement with us
  • 2. Create a privacy policy
  • 3. Obtain consent for the collection and use of the data
  • 4. Respond to privacy requests in a timely manner
  • 4a. Create an extract of a person's data stored in Friendly Automate
  • 4b. Delete all data about a person in Friendly Automate
  • Disclaimer

Friendly Automate allows you to collect, store, and process personally identifiable information – such as names, email addresses, and phone numbers. Additionally, when you use our web tracking, Friendly Automate stores IP addresses of your visitors and the pages they view, and sets cookies to identify repeat visitors.

Therefore, the use of Friendly Automate is subject to the new Swiss Federal Act on Data Protection (nFADP) and the GDPR of the EU.

πŸ‡¨πŸ‡­
You can find detailed information on the new Swiss Federal Act on Data Protection in our blog post - including templates and checklists for implementing the most important measures.

Our software itself is compliant with these data protection laws. You can find more about this in our Privacy Policy. According to these laws, we have the role of "processor".

There are also things you need to consider and implement. According to the applicable laws, you are the "controller" for all personal data that you process with our software.

In Switzerland and the EU, individuals have the following rights, among others:

  • Every person has the right to know what data is stored about them
  • Every person must consent to the collection of personal data
  • Every person has the right to object to further data processing
  • Every person has the right to be forgotten

Below we explain how you, as a data controller, can implement this.

1. Sign a Data Processing Agreement with us

If you have personal data processed by a third party (in this case by us), you are required by the nFADP and the GDPR to enter into a Data Processing Agreement (DPA). A DPA specifies what your and our obligations are with regard to data protection aspects, and how the data is specifically processed and protected.

Please contact us to arrange a DPA.

2. Create a privacy policy

Your website visitors and also your customers have a right to know what data is stored about them.

You are legally obliged to create a privacy policy that lists, among other things, which tools you use for data processing, with which partners you share the data, for which purposes you will use the data and how you protect the data.

There are numerous privacy policy generators on the Internet that can be used as suggestions. Your trusted lawyer will also be happy to help you.

To inform your website visitors how you process data with Friendly Automate, you are welcome to use our template (without guarantee, of course).

If we host your data in πŸ‡¨πŸ‡­ Switzerland (friendlyautomate.ch), please use this version:

πŸ“„
We use Friendly Automate to send emails and analyze the behavior of our contacts in emails and on our website. Friendly Automate is a service of Friendly GmbH from Switzerland. All personal data of our account is stored and processed by Friendly Automate exclusively in Switzerland with providers headquartered in Switzerland. Friendly Automate sends emails via Amazon AWS with locations in the EU. Information about the nature, scope and purpose of data processing can be found in the privacy policy of Friendly Automate.

And if we host your data in πŸ‡©πŸ‡ͺΒ Germany (friendlyautomate.com), please use this version:

πŸ“„
We use Friendly Automate to send emails and analyze the behavior of our contacts in emails and on our website. Friendly Automate is a service of Friendly GmbH from Switzerland. All personal data of our account is stored and processed by Friendly Automate exclusively in the EU with providers headquartered in the EU. Friendly Automate sends emails via Amazon AWS with locations in the EU. Information about the nature, scope and purpose of data processing can be found in the privacy policy of Friendly Automate.

3. Obtain consent for the collection and use of the data

Before you process personal data, the data subjects must give consent. You also need consent to send emails for marketing purposes.

When registering for a newsletter, creating a user account, etc., you should clearly refer your users to your privacy policy (see point 2). The privacy policy should clearly state what data you store, what you will use this data for and how you protect the data.

When users sign up to receive emails, it is good practice to have the email addresses confirmed via double opt-in. This way you can be sure that the person really agrees to receive them. Double opt-in is not mandatory in Switzerland, but it is in the EU.

When you use our web tracking on your homepage, Friendly Automate sets cookies and stores personally identifiable information (the IP address) of your website visitors.

According to the new Swiss Federal Act on Data Protection, no explicit visitor consent is required.

If, on the other hand, your offer is directed at persons in the EU, you must obtain the consent of the website visitors for tracking for marketing purposes. You can obtain this via a so-called Consent Management Platform (CMP), also known as a "cookie banner". The tracking code of Friendly Automate is then loaded by the CMP only after consent has been given.

πŸ’‘
Friendly Automate uses the following functional and marketing cookies:
  • mautic_device_id expires after 1 year. Used to track contacts for either the tracking pixel, of if the same key isn’t found in the browser’s local storage for the monitored site.
  • mautic_referer_idΒ is valid only for the session. Stores the reference of the last tracked page for the Contact.

We are working on an own Consent Management solution for Friendly Automate. Until we are ready, you will unfortunately have to use an external solution. A proven provider for Consent Management is usercentrics (or Cookiebot bought by usercentrics). An open source alternative to this is Klaro.

Here you can find instructions on how to integrate Friendly Automate's tracking with usercentrics:

πŸͺUsercentrics: Set up Consent Management in WordPress

4. Respond to privacy requests in a timely manner

Persons in Switzerland and the EU have the right to receive information from you about the data stored about them or to have that data deleted.

4a. Create an extract of a person's data stored in Friendly Automate

Any person may request an export of their stored personal data from you. For this purpose, you must name a company data protection officer on your website who can be contacted by data subjects.

In the case of the GDPR, this representative must reside in the EU. If you do not have a suitable person in the EU, services such as Datenschutzpartner.ch will provide such a representative for a fee.

This is how you get an extract of all the data stored about a person in Friendly Automate:

  1. On the left, click on "Contacts"
  2. Select the desired contact
  3. Click on the dropdown in the upper right corner and select "Export" to export all filled out contact fields
    4. image
  4. Click on the "History" tab and click "Export" to export all activities of the contact
    5. image

Verify the person's identity (e.g. via a verified e-mail address or a copy of an ID) and then send the person the two downloaded files.

4b. Delete all data about a person in Friendly Automate

Any person has the right to request the deletion of their data. You can do this simply by following these steps:

  1. Click on "Contacts"
  2. Select the desired contact
  3. Click on the drop-down in the upper right corner and select "Delete"
    4. image

Disclaimer

If you consider and implement these requirements, you should be able to use Friendly Automate in compliance with data protection laws.

We have prepared these instructions to the best of our knowledge. Since we are not lawyers, we can of course not take any responsibility for our information. If you want to be legally safe, please consult a lawyer.

Do you have corrections or additions to our recommendations? Then please let us know.

πŸ™‚
Any questions? We are happy to help you via πŸ“§ email or ☎️ phone.

Don’t have time? πŸ‘©β€πŸ’» Contact us and we’ll implement and design for you.