The General Data Protection Regulation, or GDPR, has been a core topic in the business world for quite a few months now; and whether you are a business owner, or a user looking out for its right to privacy, its a subject that you are probably aware of and that matters to your online wellbeing.
GDPR is a regulation in EU law that seeks to ensure data protection and privacy for all individuals within the European Union. However, due to its wide and overall complete approach to the matter, it is being globally applied as a standard in any business that provides online services both within the European Union, and in the rest of the world.
At its core, GDPR enables you to opt-in or out of any data gathering and gives you the right to know what’s the purpose and destination behind each data handling process, with the option to access, port, modify, or delete/anonymize their personal information.
At Franklin Covey we have always cheered for transparent data handling and user privacy has been one of our core values since the very beginning. As a service, Franklin Covey doesn’t require other Personally Identifiable Information (pii) from its users than their name and email, and all of the device’s and account data is only available for its respective user, and not for ourselves or any external actor.
Following this trend, Franklin Covey is making all necessary adjustments to fully comply with the European General Data Protection Regulation. This will apply to all Franklin Covey users, globally, not in the EU region only.
In general, this is a fine-tuning process with minor tweaks that won’t affect the service, since most regulations established by this law were already contemplated by our platform. It’s certain that transparency will be boosted, and our users -you!- will gain further power over the usage, maintenance, and destiny of their data.
Below you can find an explanatory table that showcases each aspect of GDPR that relates to our services, and how Franklin Covey complies with it:
|GDPR ARTICLE||WHAT IT MEANS||HOW Franklin Covey COMPLIES WITH THIS LAW|
|Lawful basis of processing||Article 6, GDPR|
In order to justify the processing of personal data, one of the following must apply: The individual has given you consent; the processing is necessary to fulfill a contract; there is a legal obligation behind the processing; there are vital interests; the processing aids a public task; or there is a legitimate interest from you or a third party involved.
|Regarding the processing of personal data, Franklin Covey’s justification is contractual. This applies for any relationship between Franklin Covey Co. and our users: the Leader in Me application, the online panel, and the services provided. Our Terms of Services and Privacy Policies are at hand for our users to review before creating a Leader in Me account utilizing their basic personal information (Email, name). We will continue to simplify these documents and make accessible and interactive resources to make a positive experience – instead of a real pain – to read and understand these policies. At this point, Franklin Covey is obligated by contract to provide its services according to the type of user and account that entered the platform. By default, Franklin Covey doesn’t actively utilize or generate user data. On the other hand, when it comes to data processing instances like our website’s cookies, and Franklin Covey’s newsletters, website interactions, users are informed of the data’s gathering purpose with a disclaimer and prompted to give, or don’t give, their consent.|
|Cookies||Cookies are considered as personal data that can identify a user and leave online traces that are to be protected. Therefore, the user needs to be given notice of their use, and their consent is required for those that are non-essential cookies (ad tracking, e.g). Essential cookies are those which are necessary for the correct functioning of a website, application, and/or service. Non-essential cookies refer to data gathered with purposes not related to functions, but to analytics and interaction trackers for marketing purposes.||At our Website: Users will be informed and prompted to opt-in to all non-essential cookies, with a detailed look into their use and the data’s destination. To learn more about which cookies are utilized both in the panel and in our website, please visit the following link.|
|Opt out||Art. 7, (3), GDPR|
Users have the right to withdraw his or her consent at any time, when it comes to data processing that is based on user consent.
|Cookies: Users who have opted into non-essential cookies they no longer want Franklin Covey to utilize can visit the edit profile page and Opt-out of Cookies to turn these trackers off. This will be present at all times in our website’s navigation, for an easy access.|
Email: All automatic email communications offer an unsubscribe option, both for email notifications regarding the website, and commercial or marketing email listings and communications (unsubscribe). Direct communications from Franklin Covey to users regarding the service’s functioning, contractual changes, and/or service modifications remain untouched by this regulation (e.g. transactional emails).
Services: If necessary, users can fully opt-out from Franklin Covey’s services by deleting their accounts at any given moment.
|ARCO Rights||Art. 15, 16, 17, 18, GDPR Art. 15, 16, 17, 18, GDPR|
Access: Right to know what personal data are contained in a file.
Rectification: Right to rectify incorrect or incomplete data in a file.
Cancellation: Right to cancel and block incorrect data in a file.
Opposition: Right to oppose certain, specific processing of personal data within a file.
|Access: Franklin Covey only handles basic personal data the user enters to create the Franklin Covey account, therefore it is directly accessible through the account’s Settings.|
Rectification: All personal data related to the account, email and name, can be directly modificated through the account’s Settings.
Cancellation: An user can cancel or block its basic personal data by deleting their Franklin Covey account using the Online Panel. As for all data generated by Franklin Covey’s use and applications, see Deletion, below.
Opposition: It doesn’t apply to the personal data handled by Franklin Covey’s service (name and email). However as it was mentioned before, users can opt-out of any data processing that is not directly necessary to the service’s proper functioning (cookies, mailing lists, notifications).
|Portability||Art. 20 GDPR|
Users have the right to request and receive all personal data concerning him or her that has been provided to a controller. This data has to be delivered in a structured, commonly used and machine-readable format with the proper rights to export said data onto a new platform without any obstructions.
|Franklin Covey stores very little personal data aside from name & basic contact information for account access & recovey purposes. Franklin Covey will add the Portability setting to the user’s profile itself, so that any user can request all data that concerns he or she, which will be complied and delivered automatically by Franklin Covey.|
|Privacy Shield||This certification by the U.S Department of Commerce and the European Commission provides companies on both the US and EU a framework that ensures they comply with all data protection requirements when transferring personal data from the European Union to the United States.||Franklin Covey has aquired a Privacy Shield certification, see the Privacy Shield Policy for additional information|
|Data Transparency||As said before, Franklin Covey stands as a promoter of the proper and transparent handling of data.||Therefore, we will continue to provide transparent and public information regarding Franklin Covey’s practices. Both our Terms & Conditions, and our Privacy Policies will reflect all necessary knowledge regarding the gathering, use, and destiny of all personal data. We’re looking to simplify these documents and make accessible resources for anyone to learn and understand how our Policies affect them. These documentations will continue to be updated in the future as new necessities and concerns arrive, and our users will be informed diligently.|
|Deletion||Art. 17, GDPR||Franklin Covey and its third-party integrations will offer the proper platform to request the erasure of all personal data. When requested, all data from third-party databases will be deleted, while user-generated data and interactions stored in Franklin Covey’s servers will also be wiped permanently.|
|Third-Party Integrations Compliance||All third-party providers and integrations have been reviewed to ensure their works regarding all GDPR regulations are in line with Franklin Covey’s efforts.|
|Information security||Art. 35 GDPR|
Data protection impact assessment
|Franklin Covey’s data protection officer combined its efforts with the legal team to assess all current security and protections standards, the results stated that the current measures taken where in compliance with GDPR’s requirements. Security audits will continue to be carried out by this team. DISCLAIMER: This information doesn’t constitute legal advice by Franklin Covey regarding GDPR’s implementation and legal courses of action to be taken by businesses or individuals in favor or against of these regulations. This article is merely to inform Franklin Covey’s process of compliance and efforts to protect its user’s privacy.|
DISCLAIMER: This information doesn’t constitute legal advice by Franklin Covey regarding GDPR’s implementation and legal courses of action to be taken by businesses or individuals in favor or against of these regulations. This article is merely to inform Franklin Covey’s process of compliance and efforts to protect its user’s privacy.