Hover Lead & GDPR

Hover Lead and the General Data Protection Regulation (GDPR)

Hover Lead helps its customers that are active in the EU to act in compliance with data protection law. If your business is based in the European Union (EU), or you process the personal data of EU citizens, then the General Data Protection Regulation (GDPR) likely applies to you. Please note that this is not legal advice and not GDPR training. We are suggesting some steps through Hover Lead that we think may be able to help you work on our platform in a GDPR compliant way. If you're not sure about your GDPR status, consult your lawyers.

In order to generate and save leads in compliance with GDPR there are several steps you must take. When a user submits their contact details and in that way agrees to be contacted, you need to have a lawful basis for the processing of their personal data. We offer a 'consent' based form.

Some important points:

We don’t offer legal advice:

Enabling GDPR forms on your signup forms helps ensure that your use of Hover Lead in this respect is in line with GDPR. These forms alone do not make you compliant. This is one step in the process, but helps make this part of your offering compliant.

Hover Lead offers tools and information as a resource, but we don’t offer legal advice. We recommend you contact your legal counsel, and your Data Protection Officer, to find out how the GDPR and other EU legislation affects you.

You should also review our Terms of Use and our Privacy Policy, which include important information about how Hover Lead treats EU data, and what you should do if you are keeping EU data in your Hover Lead account.

Privacy Policy:

Data subjects must be informed if data is being collected, what data is being collected, how, where, and for what purpose. This information varies from one list to another and contains lots of details. To keep things simple and easy in your form, use your privacy policy to fully disclose to leads your data collection and storage practices, and then link to that privacy policy from the form when you request consent. A layered way of presenting information can be considered, where appropriate, to avoid excessive disturbance of user experience or product design.

Consent:

Data subjects actually need to agree specifically to the data processing which you'll be undertaking. For example, if you'll be using their email address to contact them, they need to agree to that. You need to obtain freely given, specific, informed, and unambiguous consent. You must clearly explain how you plan to use their personal data. Note that in order to be GDPR compliant, there are many restrictions on how you use that data; for example, you may not use it for any other purpose other than the purpose to which the data subjects consented. You need their specific consent for the use of the data for automated decision making. If you sell or disclose the details to others, you must make this very clear, and get specific consent for this. We’ve adapted Hover Lead signup forms to help you collect data in a way that supports your GDPR compliance. Our optional GDPR forms include for example checkboxes for opt-in consent, and editable sections that explain to leads how and why you are using their data.

Lead Forms Consent based Generator Guide:

1. Edit the language of the GDPR Form to meet your marketing needs. Make sure to review it carefully and be explicit on the purposes for which you're collecting the personal data. We recommend that, at the very minimum, the following components are included in the form:
   1. The name and identity of the entity collecting the information: GDPR requires the organization collecting the personal data (that’s you) to identify themselves. This can be done through the link to your Privacy Policy, make sure to make it mandatory for leads to enter the link before submitting their information.
   2. The purpose of each of the processing operations for which consent is sought: this field uses checkboxes to get consent for each marketing activity you conduct. Hover Lead will provide a few common marketing activities to choose from, and you can add your own. Remember that each marketing activity must be clearly communicated and requires separate consent. Describe the purpose for which you are collecting the information on your form, such as: providing marketing and product updates, receiving coupons or discounts, etc.
   3. What kind and categories of data will be collected and used: make sure you only collect data you need, this is part of the 'data minimization' principle in GDPR.
   4. The possibility to withdraw consent: let your leads know they can change their mind at any time with the Unsubscribe link. It must be as easy to withdraw consent as it was to give it.
   5. For the consent to be valid, it must be opt-in, by an affirmative act. In other words, boxes may not be pre-checked. Your lead must make a clear affirmative act, such as ticking an optional box stating "I consent".
2. Segment your lead list according to the processing purposes for which the consent was given. Name your list accordingly so you can easily find it later.
3. When you're done, all GDPR fields will be included in compatible published forms. New leads that use your signup form will be able to give their consent to the marketing purpose you detailed.