Personal Data and GDPR

 

Acclaim Ideas Privacy Policy

 

What is GDPR?

The General Data Protection Regulation is legislation designed to ensure that all organizations who hold personal data about individuals store and use it in a responsible and legal manner. It came into effect on 25 May 2018. You can read more about GDPR at the Information Commissioner’s website ico.org.uk.

 

What personal data does Acclaim Ideas hold?

When the Platform Manager sets up an account, we collect their name, email address, and organization name, as well as financial details such as billing address and credit card details.

When an individual signs up as a user, we collect their name and email address so that we can identify them again when they log in. Once they have registered, they are free to add other information about themselves, such as a picture and biographical details.

As users use Acclaim Ideas, they create personal data in the form of contributions to the site, specifically comments and other interactions.

Contributions such as Ideas remain the property of the organization that set up Acclaim Ideas, however, users can ask to have their identifying details removed from these Items. (See the Right to Erasure, below.)

We also collect data such as transaction history, usage data, and other technical information - for a full list of the types of data we collect please consult our full Privacy Policy.

 

Is Acclaim Ideas allowed to collect personal data?

The GDPR sets out a number of reasons why organizations are allowed to collect and process personal data - these are known as Lawful Bases. Acclaim Ideas collects and processes data under the following lawful bases:

• To fulfill our contractual obligations - as our customer, we need your personal data to provide you with our services

• For our legitimate interests, where they don’t clash with your rights - for example to collect payments due to us under our contract

• To fulfill our legal obligations - for example, we need your email address in order to tell you of changes to our terms and conditions

 

If Acclaim Ideas collects the data, why is my organization the Data Controller?

According to GDPR, the Data Controller “determines the purposes and means of processing personal data.” By setting up an instance on Acclaim Ideas, your organization has made the decision to collect personal data on its invited users for its own business or organizational purposes, and is therefore the Data Controller.

By providing the software, Acclaim Ideas processes the data on behalf of your organization, and is therefore the Data Processor.

 

What do I or my organization have to do?

We’ve made it as easy as possible for your organization to be compliant with GDPR by setting up a Privacy Center for all users where they can understand and control what happens to their data (see below). As far as we can, we have automated these requests. However, there are a few actions that as a Data Controller, you still need to do.

1. Accept our new Terms and Conditions and Privacy Policy, which will pop up next time you log in to Acclaim Ideas.

2. Ensure that your users accept the updated Privacy Policy - this will pop up next time they log in to Acclaim Ideas.

3. We recommend that you assign a Privacy Manager to deal with data protection requests and issues. As Platform Owner, you are the default Privacy Manager, but you can assign this to someone else in your organization in the Settings.

 

What does the Privacy Manager do?

Some of the changes your users have the right to make to their personal data can be done automatically. Others require us to make manual changes or provide anonymized data such as logs. Users will send these requests to your organization’s Privacy Manager via the Privacy Center. The Privacy Manager must collect them and liaise with us to ensure that they are actioned by contacting Acclaim Ideas' Privacy Manager privacy@sopheon.com.

 

What kind of changes can users make?

Under GDPR individuals have a specific set of rights regarding their data:

• The right to be informed - this means we need to tell them that we are collecting their data, and how we intend to store and use it. This is covered by our Privacy Policy, which all users must now read and sign next time they log in to Acclaim Ideas.

• Right of access - Users have the right to see all personal data we hold about them. They can make this request in the Privacy Center on their Acclaim Ideas profile. We will then provide them with the relevant data logs within one month of the request. As the Privacy Manager, you can request to see all personal data logs we hold for your instance of Acclaim Ideas, which we will provide in an anonymized form.

• Right to rectification - Users have the right to change any data about themselves they believe to be incorrect. They can alter most of their data via their Acclaim Ideas profiles, and can request other changes by contacting the Privacy Manager via the Privacy Center.

• Right to erasure - Users can request that all their personal data is removed from Acclaim Ideas. Because Acclaim Ideas contains interlinked data such as comments, we cannot remove their contributions completely from the platform. Instead we remove all their personal data and anonymise their contributions so they cannot be identified. PLEASE NOTE THIS REQUEST MEANS THEY WILL NO LONGER BE ABLE TO USE ACCLAIM IDEAS. If a user requests to be erased, we ask them for double confirmation and notify their Privacy Manager before removal.

• Right to restrict processing - Users can ask that we do not use their personal data for any purpose. This would normally be a temporary measure while any data issues are resolved, and they do this by contacting the Privacy Manager via the Privacy Center.

• Right to data portability - Users can request that we supply their personal data in a form that can be used elsewhere. They do this by contacting the Privacy Manager via the Privacy Center.

• Right to object - Users can object to their data being processed for any purpose. If the purpose is for marketing, this is an absolute right, and Users can opt-out of marketing communications at any time via the Profile. In other cases, we may still need to process their data for legitimate reasons, for example to notify them of new terms and conditions. Users object by contacting the Privacy Manager via the Privacy tab in their Profile.

• Rights related to automated decision making including profiling - At the moment Acclaim Ideas does not use personal data in this manner, so this is not included in the Privacy Center.

 

Why do you not remove contributions to Acclaim Ideas when you erase my data?

Contributions to Acclaim Ideas such as Comments, Ideas etc are all interlinked: an idea is posted to a specific goal, other users might comment on it, and so on. If we remove the content of these contributions, many interactions on the platform will cease to make sense for those users still using Acclaim Ideas.

Furthermore, removing them completely from our database would create technical inconsistencies that could affect how the platform operates. By removing all identifying data from these contributions, we maintain the integrity of the platform while ensuring that your personal identity is no longer associated with them.

 

Is personal data secure on Acclaim Ideas?

We take security very seriously at Acclaim Ideas, and use leading systems to ensure that your data is as secure as possible. Please read our full Privacy Policy for further information.

 

Does Acclaim Ideas ever share personal data with other organizations?

No. We will never do this, except where we are compelled to by law.

 

What happens next?

We will let users know that they need to accept the updated Privacy Policy next time they log in to Acclaim Ideas. If they are unsure about accepting, they can contact their Privacy Manager for more information.

Users will not be able to use Acclaim Ideas until they have accepted the updated Privacy Policy.

 

Who can I talk to for more information?

If you or your users have any queries about how Acclaim Ideas helps your organization be compliant, please don’t hesitate to get in touch: privacy@sopheon.com.

To find out more about GDPR, please go to the Information Commissioner’s website.