Ixonn Group

User Guides

GDPR Compliance

Table of Contents

it’s very important to note that you as Ixonn/website/server owner are the data controller that process the information you store. We can offer various features that will help your CRM to comply with the GDPR law, but it’s your responsibility how you comply with GDPR, we recommend that you review your data privacy and security practices.

Every business and company is different and that may affect what you need to do to comply with GDPR. We encourage you to work with legal and other professional counsel to determine precisely how the GDPR might apply to you and your business.

Enable GDPR in Ixonn

To enable GDPR and GDPR features in Ixonn, you will need to navigate to Setup -> GDPR and click Enable GDPR button. All the options by default will be turned off, you can adjust the GDPR config to fit your requirements.

Individual rights

Learn more about individual rights

The right to be informed

Click here to learn more about the right to be informed

Ixonn GDPR options give you the ability to provide a privacy policy and terms and conditions, to enable terms and conditions click on Right to be informed tab and enable Terms & Conditions, you may want to include the privacy policy link into your terms too.

  • Enable Terms & Conditions for registration and customers portal – Before registering, a user must agree to your terms and conditions before the data is collected.
  • Enable Terms & Conditions for web to lead forms – If you use a web to lead forms, you can enable the terms and conditions checkbox at the bottom, in this case before Ixonn collect the data, the data owner must agree to the terms.
  • Enable Terms & Conditions for ticket form – If you use ticket forms embedded on your website, you can enable the terms and conditions checkbox at the bottom, in this case before Ixonn collect the data, the data owner must agree to the terms.
  • Show Terms & Conditions in customers area footer – Additional option to show terms and conditions in the footer for all customers area users (logged in and not logged in)

The right of access/right to rectification

Click here to learn more about the right of access

Click here to learn more about the right to rectification

The customer’s area gives the customer contacts ability to log in and view their personal information. Also, the customer’s area provides them with access to update their personal information like first name, last name, email address, phone etc…

Below you can read for more additional options.

Contacts

  • Allow primary contact to view/edit billing & shipping details – the billing and shipping for customers are stored in separate fields, you can allow the primary contact to update those fields. Note that updating billing and shipping details from customers’ area won’t affect already created invoices, estimates and credit notes.
  • Allow contacts to delete their own files uploaded from the customers’ area – In case of contacts uploaded a file eg. to their profile, tasks or project file, you can allow those files to be removed too.

Leads

  • Enable public form for leads – The leads you add in the system will have unique URL to view the information you store for them and they will be able to update the information when they access the URL after you enable this option the lead public URL can be found in the GDPR lead tab. Lead public form URL merge field will be available in email templates too.
  • Show lead custom fields on the public form – This option is used if you have custom fields for leads and you want the custom fields to be shown in the public form.
  • Show lead attachments on the public form and allow attachments to be removed by the lead – If you uploaded files for the lead in the Attachments tab, those files will be visible in the public form also the lead will be able to remove any files.

The right to erasure (known as the ‘right to be forgotten’)

Click here to learn more about the right to erasure

Contacts and leads can request their data to be removed from Ixonn, click on the Right to be forgotten tab to check all the available options.

Contacts

In order for contacts to request their data to be removed, you will need to show the GDPR link in the customers’ area, to achieve this you can click on the General tab and set Show GDPR link in customers area navigation to Yes

After contact login to customers area, the contact can click on the GDPR link and check various options.

Leads

Leads can request data removal via the public lead form which needs to be enabled from The right of access/right to rectification tab

Removal request

If you receive a request for data removal, you can use Ixonn default delete functionalities eq for leads, customers, contacts and delete the data after the request is received. Additionally, you can track all requests in The right to be forgotten tab then click on Removal Requests. You can change the status to the removal request to PendingRemovedRefused, this is used for your own purposes to know the steps taken for this removal request.

After contact/lead request data removal, all administrators will receive an email that there is an active removal request, after you enable the removal request, you can check the available email templates in Setup->Email Templates.

The right to data portability

Learn more about right to data portability

In Setup->GDPR->The right to data portability you can choose various options to be exported when the contact or lead use the export feature. Ixonn will export the data in human-readable JSON format.

Contacts can export data via the customer’s area and leads can export data via the public form, note that no attachments will be included in the export.

The right to restrict processing

Click here to learn more about the right to restrict processing

There is no specific option for this right in Ixonn, but Ixonn is already compatible with this right and this can be achieved in various ways.

In Ixonn you can do the following:

  • Set the customer/contact to inactive so you can have an indicator that this customer has restricted data processing, also when a customer is set to inactive eq staff member can’t create an invoice under this customer.
  • Create custom field select eg. with a name: Data processing restricted with 2 options Yes and No, this will help you to know that this customer/contact data is restricted for processing.
  • Disable all email notifications for the contact, navigate to the customer contacts tab and open the contact, at the bottom you will be able to disable the email notifications.

Inform your staff members of the steps you performed to restrict the data and how they can know if the data is restricted to processing.

Consent

Click here to learn more about consent

If you are collecting the consent for marketing purposes, you will need to get consent from the user from a separate opt-in form, the consent can’t be included in the terms and conditions policy.

The consent forms that Ixonn offers, will give a simple and easy way to the users to give and withdraw consent at the same time without the need to contact you, a very important part of GDPR concept for consent is that the consent checkboxes can’t be pre-checked which Ixonn complies with this.

Keep in mind that you cannot mix multiple consents in one, you must separate them and the user must give consent for all of them separately.

In the Consent tab, you can add an unlimited number of consent purposes.

Ixonn will store information about when the consent is given, IP address and the consented purpose, also if consent is manually added from the admin area, the staff name will be stored and the staff will be able to add additional information on how the consent is given from the contact.

Consent URL

Each contact and each lead will have a unique consent URL, where they can give you consent or withdraw the consent anytime they want.

For contacts, the consent public URL is located in the customer profile under the contacts tab, for each contact you can click on the View Consent URL.

For leads, the consent public URL is located in the lead modal under the GDPR tab.

After consent is enabled you will be able to include the consent URL for leads and contacts in email templates, a new merge field will be available in Setup->Email Templates.

Custom Fields GDPR compliance

Custom fields in Ixonn give you the ability to create your own personalized fields for your own purpose to store and collect more data, as GDPR comes in into force, you may want to re-think how you will use the custom fields data you store and how you will manage the custom fields in Ixonn.

Our recommendation is to add only custom fields you really need and make them visible to customers area too, so in this case, contacts will be able to see the data you store about them and also update the data.

Keep in mind that when you contact will export data, only custom fields that are checked to be visible on customers area will be included in the JSON format, as for leads in Setup->GDPR->The right of access/right to rectification you may want to show lead custom fields in public form and also enable custom fields to be exported in Right to data portability.


Have an idea how GDPR features for Ixonn can be improved? Drop us an email at info@ixonn.com we would love to hear about it!

Related Articles

111238