Introduction: BookSweeps + GDPR
BookSweeps has always taken privacy matters seriously, and is fully supportive of the GDPR and its emphasis on strong data privacy and security principles.
In fact, we have long been a proponent of many of the policies being introduced as part of the landmark General Data Protection Regulation (“GDPR”) being implemented in the EU.
What is the General Data Protection Regulation (GDPR)?
GDPR is a EU privacy law approved by the European Commission in 2016, that will be enforced beginning on May 25, 2018.
GDPR expands the rights of individuals in the European Union whose data you use for marketing purposes, as well as the definition of consent for use of a person’s data. Per the regulations, consent must be freely given, specific, informed, and unambiguous.
As the law is new and has not been enforced to date, please note there is still some uncertainty about how it will affect the operations of many businesses, including our own.
How Does BookSweeps Comply with GDPR?
Many of the policies required by the law have long been held by BookSweeps as best practices, and we will continue to make any adjustments required to ensure compliance moving forward.
Here are some of the ways in which we comply with GDPR:
- We collect only such information as is required for the functionality provided by the site. (For example, physical addresses are only requested from contest winners.)
- For our standard list building giveawys, we require readers to actively check off boxes indicating specific authors (or groups of authors) from whom they would like to receive newsletter emails.
- We utilize a modified double opt-in system to ensure readers provide consent to those authors to whom their personal information, including email, is provided. (Readers check an additional box to ensure they want to receive marketing communications from the authors selected.)
- We provide multiple opportunities for readers to unsubscribe from receiving author emails, prior to their information being distributed by Booksweeps to participating authors.
- We remove reader’s information from our databases upon request.
- We maintain electronic records of subscribers’ consent to join author email lists via our book promotions, should an author ever be required to produce it.
- We also encourage authors to only use GDPR-compliant email marketing systems and otherwise be in compliance themselves. However, please note we cannot give legal advice and do not endorse the use of any particular email program from the perspective of GDPR.
Specifically, here is how we will comply with GDPR’s expanded individual rights:
- Right to be forgotten: Upon request, we will delete any subscriber’s information from our database.
- Right to object: As part of our double opt-in process, readers may decide not to receive emails from participating authors.
- Right to rectification: Subscribers can already update their information on BookSweeps upon request via email, and will soon be able to update their preferences from inside their own accounts on our website.
- Right of portability: You may access details of your purchase history by visiting your author dashboard, and you may obtain any subscriber lists you have received from us by emailing us.
Here are some additional steps we are taking to ensure we comply with GDPR regulations moving forward:
- Subscribers will be required to confirm consent with our updated terms and conditions.
- Subscriber lists we distribute will contain a consent column (indicating yes).
- We will monitor additional developments as GDPR is rolled out across our industry, and will endeavor to implement any additional requirements.
As always, thanks for your support of BookSweeps. If you are interested in any future GDPR updates, please make sure to bookmark this page.
We look forward to working with you to build your author platform in compliance of GDPR moving forward!
The BookSweeps Team
Frequently Asked Questions
Based on our understanding of the law, you do not need to re-confirm emails we have provided, as these readers actively provided consent to hear from you by filling out a checkbox indicating such, and not choosing to opt out at any later point of the process.
As we do not collect subscriber location data, unfortunately we are not able to provide this information to you. Email addresses alone are unfortunately insufficient to determine a subscriber’s location.
To learn more about GDPR regulations, please visit the following resources:
Please consult with your own lawyer for a more complete understanding of what this legislation entails. While we would love to help, we cannot provide any legal advice and can speak only for ourselves.