On May 25th, 2018 the European Union's General Data Protection Regulation (GDPR) came into effect. In this article we will explain what are the changes it brings with regards to our services.
Automatic Account Deletion
The EU GDPR requires us to automatically and irreversibly delete inactive user accounts. If you have not logged in to our site in the past 18 (eighteen) calendar months, we will be legally obliged to delete your account. We will start this process on 3rd June 2018. The deletion is automatic and IRREVERSIBLE. We are legally forbidden from being able to restore your user information.
If you want to prevent your account from being deleted you simply need to log into our site. You DO NOT have to make any purchase. All accounts which have EITHER logged in the last 18 months OR have one or more active subscriptions are exempt from the automatic account deletion. From then on, you just need to log in AT LEAST once every 18 months.
Unfortunately we cannot exempt you from the account deletion policy even if you ask us to. The law does not give us that option.
GDPR and your account at Sigsiu.NET GmbH
The GDPR is legislation designed to promote a privacy first approach to handling your personal data with more transparency and a way to reasonably exercise your data rights. While it only covers citizens of any member state to the European Union we consider it better to provide the same level of treatment to everyone. Not only it's more sane for us (since we can't know what is your nationality, to begin with) but also because we care deeply about your privacy and security.
Per the GDPR you now have to give your explicit consent to us processing your personal information. That's a fancy way of saying that you let us give your invoicing information to the tax authorities and our accountants and auditors, as well as let our staff (who are technically subcontractors) to provide you support. Starting May 28th you will need to indicate your consent if you subscribed before 24th May 2018 or do not have an active subscription with us. You can withdraw your consent at any time but we won't be able to provide any of our services to you until you give your consent again. Managing your consent (revoking your consent) is possible after that. Read the "Exercising your Data Rights" section below for more information.
The GDPR mandates data minimization. That's a complicated way of saying that we must delete your information when we have no reasonable business use for that. This means that we will delete your data profile 18 months after your last subscription expires or you last logged into our site, whichever comes later. This is a legal requirement. We will send you an email to the email address we have on file for you a month before we delete your user account as a courtesy and to prevent any issues. You DO NOT have to buy a subscription or otherwise pay us to keep your data with us. You can very simply log into your user account with us at least once every 18 months. Please note that emails will NOT be sent to the first batch of users who have not logged in the past 18 months, to be deleted on June 3rd, 2018.
Since profile deletion is permanent and irreversible we are going to be ramping up the deletion period over time. We will start with an 30 month cutoff period (instead of 18 months) until September. Then we will reduce it to 24 months. On January 2019 we will reduce it again to 18 months. If you want your user account to not be deleted just log into our site. If your account is deleted it's because we are legally required to do so and no, we cannot reinstate your account because we no longer have your data and we are not allowed by the law to do it anyway.
If you have questions about our handling of your personal information please do read the privacy statementy. All the information the European Union requires us to make available to you is in there.
Exercising your Data Rights
Starting May 28th, 2018 you are able to exercise your Data Rights using our self-service Personal Data Options page. You can get to that self-service page in the following ways:
- Click on this link: Personal Data Options
- Click on the Personal Data Options link you can find at the footer of every page of our site after logging in.
- Log in. Then click on My Profile link from the "My Club" dropdown menu. Click on the Edit Profile link at the top right of that page. On the edit page scroll down until you find the Personal Data Options header. Click the "Manage your personal data options" link next to it.
Kindly note that you must be logged in for the link to work. We DO NOT keep personal information for any natural persons who do not have a user account on our site. As a result, all your personal information is linked to your user account. For obvious security and privacy reasons you need to log into our site to verify that you are in control of the user account you are trying to manage Personal Data Options for. If you cannot log into your account use the "Forgot my username" and "Forgot my password" links on our site.
The following data rights are available from that page:
- Revoke or give again your consent to processing personal information. Kindly remember that without your consent we cannot let you use our site since there are no services we can render without being able to collect your IP address in a log for security purposes (download service) or use your personal information to reply to your requests (support, contact us etc). Should you revoke your consent you will only be able to use the logged out (public) version of our site until you give your consent again.
- Export your profile with us (data portability right). The exported data is in XML format using the same database keys the Open Source software we use on our site (Joomla and our extensions) use. Therefore you could possibly use it to transfer your data to another site using the same software and / or transform it to another suitable format for your purposes.
- Delete your profile with us (right to be forgotten). THIS IS IRREVERSIBLE. If you have a subscription it's terminated without a refund and you waive all your rights against us. Use with EXTREME caution.
We do not allow users to delete their user profile with us within the first 180 days after they have bought their latest subscription since
- it may not have been reported to the tax authorities / VIES / VAT Mini One Stop Shop services (legal requirement) and
- that's the maximum time period after a purchase when a client can file a payment dispute or chargeback request (meaning that we need to keep a record of the client's information to use as proof of service provisioning in these cases).
Legal requirements trump GDPR provisions in these cases. Of course after 180 days from your last purchase you can delete your user account without refund if you so wish.
If you still have questions, please go through Frequently asked Questions - GDPR.