- There are two concepts at work here: the Personal Data Controller (PDC) and Personal Data Processor (PDP). The first one is the landing page owner. He has to have consent on a so-called “data processing agreement” with data processors – subjects that will process these data. In the context of landing pages, the processor will be the Landingi company for example, but also every other company creating marketing software that works somehow with a created landing page (e.g MailChimp, Zapier, Intercom, etc.). It also concerns every other company that has personal data that we then share.
- You have to put a checkbox on the landing page that will be visible next to a text informing that every person handing over personal data has to agree on processing them. You can also place a text informing that you have a data processing agreement with MailChimp, for example, for the purpose of sending newsletters. You don’t have to mention the specific tool, but you have to list the specific tool category; “email automation software” for example.
- In the document there should be listed information about what data is processed and how it’s being stored.
- There are two categories of personal data – common and vulnerable. Common can be categorized by name, surname, a Social Security Number, email address, etc. Among vulnerable are: information on criminal record, health state, genetic data. Regulations on common data are placed in Article 6 of the GDPR, whereas information about vulnerable data is gathered under Article 9. You have to inform landing page users of the legal basis under which data is gathered with your landing page.