Jump to content

Unlucky

Clients
  • Posts

    1,811
  • Joined

  • Last visited

 Content Type 

Profiles

Downloads

IPS4 Providers

Release Notes

IPS4 Guides

IPS4 Developer Documentation

Invision Community Blog

Forums

Store

Posts posted by Unlucky

  1. This is the key part really:

    [12:10 PM] Ian: So we do need to inform them on the form that if they do not complete their registration at that point in time, their email will be stored in order to send them a one time reminder to their email address? Or something along those lines to ensure we are GDPR compliant?
    [12:10 PM] ico_harryp: Correct, as well as iden tifying a lawful basis for this.
  2. Hi,

    We have just been sent the transcript - this should make things easier to read:

     

    Hi, Please find attached a transcript of your online conversation with us. Regards, Information Commissioners Office

    [11:39 AM] Ian has joined the room
    [11:39 AM] ico_harryp has joined the room
    [11:39 AM] ico_harryp has joined the room
    [11:39 AM] ico_harryp: Good morning. How can I help you today?
    [11:39 AM] Ian: Hello
    [11:40 AM] ico_harryp has joined the room
    [11:40 AM] Ian: We use a software product calling Invision community software. The latest release has a feature called Post Before Registe
    [11:41 AM] Ian: Basically a guest visitor can visit the site, see a topic of interest and post a reply. However the form requires they enter an email address.
    [11:41 AM] Ian: There is no explicit consent box on the form
    [11:42 AM] Ian: Once they fill the form out they are taken to the register page for the website
    [11:42 AM] Ian: They can either choose to register or decline
    [11:43 AM] Ian: If th ey decline after a period of time they receive 1 email from the software which is auto generated with the subject heading " Did you forget to submit your post?".
    [11:43 AM] ico_harryp has joined the room
    [11:45 AM] Ian: The content of the email reminds them "Your post hasn't been submitted yet" and they have a choice to finish submitting which involves taking them back to the site to complete their registration
    [11:45 AM] Ian: The email also states "If you do not take any action, we will delete your email address and not contact you again. There is no need to unsubscribe."
    [11:46 AM] Ian: Is this process GDPR compliant or not?
    [11:48 AM] ico_harryp: Ultimately, I am unable to specifically confirm whether something is compliant over livechat as this will depend greatly on the context and be for you as the data controller to justify. You do not need an individuals consent simply to obtain their email address. However, you would need to consider whether you had any reason for holding it. Would this simply be to allow them to use the software product?
    [11:50 AM] Ian: The software only hold the email address for a period of hours (not weeks etc) in order to send out that 1 reminder email. If that person ignores and deletes the email then the software automatically removes their email from the system again after a set number of hours
    [11:52 AM] ico_harryp: You would need to consider your justification for this. However, if the processing of their email address would not be necessary for you to be able to offer the service that you give to individuals then it may be difficult to justify why this needed to be obtained. But, ultimately, you would need to consider if you could satisfy a lawful basis for this. There is information about the various lawful bases for processing here: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/
    [11:53 AM] ico_harryp has joined the room
    [11:54 AM] ico_harryp has joined the room
    [11:56 AM] Ian: OK so yes if they wanted to ask a question on the website they must complete their registration in order to ask their question. If they fill out the registration form immediately then part of it is agreeing to the privacy and website terms and conditions. If for whatever reason they do not complete their registration at that point in time, they are sent a single reminder email that in order for their question to be added to the website, they need to complete registration. If they decide they don't want the question added to the website, and they ignore the reminder email, then the system deletes it, so there is no record stored.
    [11:58 AM] ico_harryp: Are individuals made aware of what this email will be used for?
    [12:02 PM] Ian: It does not mention on the form anywhere that they will receive the single reminder email. However when they fill out the form and click the submit button they are immediately taken to the registration page with the following text explaining they need to register before their question is visible
    [12:02 PM] ico_harryp has joined the room
    [12:02 PM] Ian: Just need a few more details…
    Thanks for your submission! Before your content can be seen by other members, we need to create an account for you.
    [12:03 PM] ico_harryp: The General Data Protection Regulation also places an obligation on organisations to inform individuals as to how their personal data w ill be used. This obligation is explained here: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed/

    This would need to factor in to your considerations as to whether this software would be appropriate to use.
    [12:03 PM] Ian: if they fill out the registration, their question appears on the website. As mentioned above, if they decide not to join at that point, then they get the reminder email
    [12:04 PM] Ian: OK so we need to explain if they do not complete their registration at that point in time, they will get the reminder email?
    [12:05 PM] ico_harryp has joined the room
    [12:07 PM] ico_harryp: You would need to have a lawful basis for collecting this information in the first instance - https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/

    You would then need to make sure people are appropriately informed as above.
    [12:10 PM] Ian: So we do need to inform them on the form that if they do not complete their registration at that point in time, their email will be stored in order to send them a one time reminder to their email address? Or something along those lines to ensure we are GDPR compliant?
    [12:10 PM] ico_harryp: Correct, as well as iden tifying a lawful basis for this.
    [12:11 PM] Ian: Ok thank you for your help
    [12:12 PM] ico_harryp: You're welcome. Is there anything else I can help you with?
    [12:12 PM] ico_harryp has joined the room
    [12:12 PM] ico_harryp has joined the room
    [12:12 PM] Ian: No that is all thanks
    [12:13 PM] ico_harryp: Thank you for using our live chat service. Have a good day.
    [12:13 PM] ico_harryp has left the room
    [12:13 PM] Ian has left the room
  3. Hu

    We have spoken to the Information Commissioners Office this morning and are posting the details of the conversation here to help everyone.

    We have a larger version if this one is difficult to read - let us know.

     

    conversation-small.thumb.jpg.91744ed657268b63a71d3c50d340b5c6.jpg

  4. Matt if you speak directly to the Information Commissioners Office here: https://ico.org.uk/global/contact-us/live-chat/ or the telephone number is: 0303 123 1113 

    They will confirm explicit consent is required to collect personal data which includes an email address.

    I should have added that the email address is stored longer because the system sends out a follow up email with subject heading - "Did you forget to submit your post?". "

    So someone can receive that email without even filling in any registration details other than adding their email to their post which they do before hitting the registration page

    ico-2.thumb.jpg.c486229b9841fd5780ae3dbdfd94e354.jpg

  5. 9 hours ago, Black Tiger said:

    Therefore I will never enable posting before registering. I don't want issues so before anything happens they have to agree to my full AVG policy. AVG is the Dutch short for GPDR.

    Hi, Where is the setting to disable post before registering?

    Thanks

  6. Thanks for getting back to me Andy.

    I know this is not your plugin directly now having looked into it, but without the visitor giving (and there being a record of ) Implicit Consent then this is against the GDPR law here in Europe.

    Maybe you as IPS Staff can move this post if possible please to a better forum but I need to highlight the risk to everyone.

    Problem is if they don't complete their registration and agree to the terms and conditions, the IPS system still automatically sends out 1 unsolicited reminder email from what I can see with the subject heading " Did you forget to submit your post?".

    Invision can verify this is the fact by contacting the Information Commissioners Office here: https://ico.org.uk/global/contact-us/live-chat/ or the telephone number is: 0303 123 1113

    If we can turn off this reminder email from being sent, we might / should be ok - Is this possible to do?

    All the current system needs is one websites competitor to go through the process of asking a question and not completing the registration form and then complaining to the ICO that they have received unsolicited email.

    A lot of companies have already been fined for sending out unsolicited emails which this reminder is without someone having provided implicit consent IE:

    (Ignore numbers) Leave.EU Group Limited has been fined £15,000 for sending almost 300,000 unsolicited communications on a single day for which they did not have consent. 

    Taken from:

    https://ico.org.uk/action-weve-taken/enforcement/

    Thanks for you time reading this, we just want to make sure nobody falls foul of the GDPR

     

     

  7. If this is to be available for guests we need to add some GDPR compliance due to the collection of the email address.

    GDPR requires a tickbox along with text along the lines of " I consent to having The XXX company collect my details via this form"

    Is this possible to add please? or is there another workaround?

    Thanks

  8. On 9/18/2017 at 3:21 AM, Mike John said:

    f your only going to maintain 1 currency, I would recommend modify the existing USD currency rather then adding a new one or removing the USD one. That way you've got the default currency already set. The member rewards use the default currency, which in this case would likely be the USD one still. So it sounds like your donating in GBP and not falling within a range of a reward using USD.

    We have decided to give this another go on the site and have renewed our license and reinstalled the product

    We have done as you have suggested above and edited the default us currency to GBP using TAG entry 826 which is the iso 4217 code for pounds sterling

    When we do a test donation paypal reports error  -  This recipient does not accept payments denominated in USD. Please contact the seller and ask him to update his payment receiving preferences to accept this currency.

    What else do we need to edit?

  9. 2 minutes ago, newbie LAC said:

    On that page (league view) you have a widget called Tables for which you setup Yes for Current league (When you on league page will be displayed teams from viewing league)

    Yes for Current league was switched on. If I switch it off the league table disappears.

    The page is fine apart from getting their banner photo as per that image in a prominent position above their table.

    It would be handy to be able to get a solution or they will request we remove their league from the site which would be a shame as it is a big one.

     

  10. 10 minutes ago, newbie LAC said:

    This is a widget

    Hi, OK that's the page that was created when I created a new league table and lives here:

    https://www.walkingfootball.com/football/league/49-walking-football-northern-premier-league-60-2019/

    So I assume that widget is automatically created when I add all the details for the league table.

    That  would be where we need it then, in the widget if that is possible, thanks

    I guess we could do it also by having the " About league " section above the league table

    that way we could add the image and description so it stands out above the table?

  11. I have another question.

    I have added someones league but they are not happy as my website logo takes precedence and have asked if they can have a cover photo or something more prominent to display their league banner logo.

    This obviously will need to be league specific so is there anyway I can add a cover photo which appears above their league table?

    Thanks again

    2 minutes ago, newbie LAC said:

    Hello,

    I can't reproduce on dev board.

    If you give me acp/ftp access I'll look into that.

    I have used the custom css which is perfect to fix this so don't worry about that one

×
×
  • Create New...