GDPR and MyFirmsApp
Many accountancy firms are sending questions or surveys around suppliers, many of these questions are the same and given the burden these can create on all businesses we have listed the common questions and answers. Therefore we don’t need to fill in hundreds of forms, and clients get the answers they need immediately.
Of course if you have a specific question, that’s not been answered feel free to contact us here [email protected].
What is our progress and timeline to achieve full GDPR compliance?
The App we provide, and the way it collects data has been built to be GDPR compliant.
As an organsiation MyFirmsApp is committed to being GDPR complaint and is using GDPR as an opportunity to review the way we collect, store, process and safeguard personal data. MyFirmsApp is already registered under the data protection act, which operates under similar guiding principles to the GDPR.
The App platform and how it collects data
Where does the data collected within a client App come from?
When a user visits the App platform the first time they are presented with a log in screen that asks them for name, email address and telephone number along with a short access code. This data is requested only once and they may amend their settings and preferences from within the App after initial registration and login by clicking on the ‘My Account’ icon.
How do we obtain appropriate consent to gather and hold this data?
Explicit consent is gained at the point of login and is required for the App to function properly and provide the service requested in a secure fashion. There is a clear privacy statement at this point and if the user declines this then they cannot login to the App and no data is stored.
- The Customer acknowledges that the template may not be suitable for its purposes and agrees that it uses the template at its own risk.
- My Firms App Limited makes no representation as to the accuracy, completeness, legality or fitness for purpose of the attached template and the Customer waives any and all rights it may have to bring any claims of any nature against My Firms App Limited in respect of use of the template.
Company and data contact or DPO details
To be compliant the system must be able to display the details of the business and where appropriate that organisations Data Protection Officer (DPO) details prior to collecting any data from the user.
Therefore MyFirmsApp built a GDPR area within the login process.
This information is collected from our customers during the App build process, and can be amended at any time by logging into your control panel here with your security login provided.
What evidence is there that consent has been obtained?
Can an individual change details or ‘opt out’?
Yes an individual user can opt out any time, they simply go into the App, click on ‘My Account’ within the App here the user can currently update their details.
Should they wish to ‘opt out’ of communications then there are various ways the user may choose to do this.
- Opt out of push messages (see below)
- Opt out of partial or all communication
The user simply visits ‘My Account’ clicks on ‘change my data preferences’ and follows this steps outlined below. This then triggers an email to our client, explaining who the user is and the preferences they would like amending. It is then the responsibility of our client to handle this request in line with their own data process procedures.
I no longer wish to receive:
Please note – that deleting the App from your device, does not remove your account details. Therefore if you wish to change your preferences you need to do that in App using the form above.
The first time a user loads a given customer App and after they have filled in the form they now must be presented with the option to consent to receiving push notifications (see example) they are given the option to
Don’t Allow or Allow by allowing they are providing explicit consent to receive push notifications
If they with to amend there choice at a later date then they can do this, within their device type (Apple or Android) and turn off push notifications.
Where is the user data held?
All user data is stored and held on Amazon Web Services (AWS) in particular in controlled data centres in Ireland. AWS provide arguably the most secure servers in the world providing data center and network architecture to meet the requirements of the most security-sensitive organisations including MyFirmsApp
You can read more about AWS GDPR capabilities and responses here.
What data is held by MyFirmsApp?
We hold the details on your behalf entered to provide the App login, push notification data is held by the relevant operating systems (Apple & Android). We also have access to data extracted from your usage of our products, this is to continuously improve the service delivered – areas such as usage tracking, error reporting etc are stored.
We provide clients access to their personal data via a secure ‘control panel’ which enables customers to control who in their business has access to this data following their own data processing policies.
We accept no responsibility for how this data is used.
Can MyFirmsApp use this data?
For example we send automated push notifications and updates on behalf of our clients, automated push messages based on user behavior.
How does MyFirmsApp delete all data held?
The user has the ability to either stop push notifications (see section above) update their preferences (see section above) and at any time our client may request we delete an individuals details or all data held.
They do this by filling in this form which will remove all personal data such as email address, name, telephone address and company name.
How to provide details of data to an individual, if requested
Simply login to your online control panel, where you can see the data held at any time.