Privacy and Data Collection Policy
1. Basic Data Collection for Business Users
Policy Statement: To ensure compliance with data protection regulations, all business users must provide explicit consent for data collection before proceeding to the registration page.
Process:
- Registration Consent: During the registration process, business users will be prompted to consent to data collection. If consent is not provided, the registration process cannot be completed, and access to the platform will be denied.
- Consent Agreement: The following consent statement will be presented: "By proceeding with registration, you agree to our collection and use of your data as outlined in our Privacy Policy."
2. Customer Consent for Data Collection and Communication
Policy Statement: All businesses must obtain explicit consent from new customers for data collection and communication purposes.
Process:
- Initial Interaction: During the first interaction with the customer, office staff must ask for consent to collect and process their data. The following script should be used: "Alright, is it ok if we save your information in our system here to assist you to our best ability?"
- Documenting Consent: The customer's response must be documented in the CRM system. A checkbox or note indicating the customer's consent status will be recorded, including a timestamp.
If Consent is Denied:
- Do Not Call Marker: If the customer denies consent for calls, they will be marked as "do not call" in the CRM system. This will disable the call button for the customer and prevent any phone-based communication.
- Denial of Service: If the customer denies consent for data collection entirely, inform them that app-based services cannot be provided without their consent. Staff should document this denial in the system.
3. Do Not Call System
Policy Statement: To comply with calling regulations and respect customer preferences, a "do not call" system will be implemented.
Process:
- Marking Do Not Call: Customers can request to be marked as "do not call" at any time. This preference will be updated in the CRM system.
- Disabling Call Button: The call button will be automatically disabled for customers marked as "do not call." A tooltip will appear on hover, explaining the reason for the disabled button (e.g., "Call disabled: Customer is marked as 'do not call'").
- Visual Indicators: Clear visual indicators will be displayed on customer profiles to show their "do not call" status.
4. Data Protection and Privacy Policies
Policy Statement: The company is committed to protecting customer data and complying with all relevant data protection regulations.
Policies:
- Privacy Policy: A comprehensive privacy policy will be provided to all customers, detailing how their data will be collected, used, and shared. This policy will be accessible on the company’s website and through customer communications.
- Data Processing Agreement (DPA): For compliance with regulations such as GDPR, a DPA will be in place, clarifying roles, responsibilities, and compliance measures related to data processing.
- Opt-In/Out Options: Customers will have clear options to opt-in or opt-out of communications and data processing. Confirmation messages will be sent to customers when their preferences are updated.
5. Compliance and Review
Policy Statement: Regular audits and reviews will be conducted to ensure ongoing compliance with data protection regulations and customer preferences.
Processes:
- Regular Audits: Internal audits will be conducted regularly to ensure compliance with data protection regulations.
- Audit Logs: Audit logs will be maintained to track changes to customer communication preferences and consent statuses.
6. Customer Communication
Policy Statement: The company aims to maintain transparency and build trust with customers regarding their data and communication preferences.
Processes:
- Transparency: Follow-up emails or messages will confirm the consent given and provide links to the privacy policy.
- Opt-Out Information: Information on how customers can withdraw their consent or update their communication preferences will be clearly provided.
7. Technical Integration
Policy Statement: The company will ensure that the technical infrastructure supports compliance and efficient management of customer data and preferences.
Processes:
- CRM Integration: Consent tracking and "do not call" markers will be integrated into the CRM system.
- Automated Checks: Backend logic will automatically disable the call button for any customer marked as "do not call" and flag customers who have not given consent.
- Real-Time Updates: Ensure real-time updates to customer preferences and statuses to maintain consistency and compliance.