GDPR and MyFirmsApp

Many accountancy firms are sending questions or surveys around suppliers, many of these questions are the same and given the burden these can create on all businesses we have listed the common questions and answers. Therefore we don’t need to fill in hundreds of forms, and clients get the answers they need immediately.

Of course if you have a specific question, that’s not been answered feel free to contact us here [email protected].

What is our progress and timeline to achieve full GDPR compliance?

The App we provide, and the way it collects data has been built to be GDPR compliant.

As an organsiation MyFirmsApp is committed to being GDPR complaint and is using GDPR as an opportunity to review the way we collect, store, process and safeguard personal data. MyFirmsApp is already registered under the data protection act, which operates under similar guiding principles to the GDPR.

The App platform and how it collects data

Where does the data collected within a client App come from?

When a user visits the App platform the first time they are presented with a log in screen that asks them for name, email address and telephone number along with a short access code. This data is requested only once and they may amend their settings and preferences from within the App after initial registration and login by clicking on the ‘My Account’ icon.

How do we obtain appropriate consent to gather and hold this data?

Explicit consent is gained at the point of login and is required for the App to function properly and provide the service requested in a secure fashion. There is a clear privacy statement at this point and if the user declines this then they cannot login to the App and no data is stored.

Whose Privacy Policy is being displayed?

MyFirmsApp provide all clients with a template privacy policy at the point of building new Apps that has been written following legal guidance and council. It is used in conjunction with our disclaimer (see below) and clients are encouraged to seek their own legal advice or upload their own privacy policy which you can do at the point of having your App built or any time subsequently via your control panel.

Privacy Policy Template Disclaimer

The template Privacy Policy provided by My Firms App Limited for its Customer use in accordance with the following conditions:

  1. The Customer acknowledges that the template may not be suitable for its purposes and agrees that it uses the template at its own risk.
  2. The Customer has been advised to seek its own legal advice in regard to its obligations under the relevant data protection laws and with regard to preparing a suitable privacy policy which fits its specific requirements.
  3. My Firms App Limited makes no representation as to the accuracy, completeness, legality or fitness for purpose of the attached template and the Customer waives any and all rights it may have to bring any claims of any nature against My Firms App Limited in respect of use of the template.

Company and data contact or DPO details

To be compliant the system must be able to display the details of the business and where appropriate that organisations Data Protection Officer (DPO) details prior to collecting any data from the user.

Therefore MyFirmsApp built a GDPR area within the login process.

If a user reads the Privacy Policy and then clicks to find your contact details it will open a display area within the App with our customers contact information and where appropriate DPO details.

This information is collected from our customers during the App build process, and can be amended at any time by logging into your control panel here with your security login provided.

What evidence is there that consent has been obtained? 

The only way to enter the App is to enter user details, accept the T&C and privacy policy and enter. Therefore evidence of ‘explicit consent’ is gained at the point of login.

Can an individual change details or ‘opt out’?

Yes an individual user can opt out any time, they simply go into the App, click on ‘My Account’ within the App here the user can currently update their details.

Should they wish to ‘opt out’ of communications then there are various ways the user may choose to do this.

  1. Opt out of push messages (see below)
  2. Opt out of partial or all communication

The user simply visits ‘My Account’ clicks on ‘change my data preferences’ and follows this steps outlined below. This then triggers an email to our client, explaining who the user is and the preferences they would like amending. It is then the responsibility of our client to handle this request in line with their own data process procedures.

I no longer wish to receive:
Email communication
Phone calls
Push Notifications
Any correspondence

If you wish to discuss any of the above feel free to contact us you can view our full Privacy Policy Here – and details of our data protection contact here.

Please note – that deleting the App from your device, does not remove your account details. Therefore if you wish to change your preferences you need to do that in App using the form above.

Push notifications

The first time a user loads a given customer App and after they have filled in the form they now must be presented with the option to consent to receiving push notifications (see example) they are given the option to

Don’t Allow or Allow by allowing they are providing explicit consent to receive push notifications

If they with to amend there choice at a later date then they can do this, within their device type (Apple or Android) and turn off push notifications.

Where is the user data held?

All user data is stored and held on Amazon Web Services (AWS) in particular in controlled data centres in Ireland.  AWS provide arguably the most secure servers in the world providing data center and network architecture to meet the requirements of the most security-sensitive organisations including MyFirmsApp

You can read more about AWS GDPR capabilities and responses here.

What data is held by MyFirmsApp?

We hold the details on your behalf entered to provide the App login, push notification data is held by the relevant operating systems (Apple & Android). We also have access to data extracted from your usage of our products, this is to continuously improve the service delivered – areas such as usage tracking, error reporting etc are stored.

We provide clients access to their personal data via a secure ‘control panel’ which enables customers to control who in their business has access to this data following their own data processing policies.

We accept no responsibility for how this data is used.

Can MyFirmsApp use this data?

Yes built into the Terms and Conditions and the Privacy Policy we have the right to use this data for a variety of functions outlined in the terms and conditions.

For example we send automated push notifications and updates on behalf of our clients, automated push messages based on user behavior.

How does MyFirmsApp delete all data held?

The user has the ability to either stop push notifications (see section above) update their preferences (see section above) and at any time our client may request we delete an individuals details or all data held.

They do this by filling in this form which will remove all personal data such as email address, name, telephone address and company name.

How to provide details of data to an individual, if requested

Simply login to your online control panel, where you can see the data held at any time.