At BackerKit, we’ve always taken our customers’ privacy seriously giving them control of their data. With the forthcoming changes to the EU privacy law going into effect on May 25th, 2018, we’ve made some adjustments to our existing Privacy Policy to include provisions laid out via the GDPR (General Data Protection Regulation). We’ve spent a lot of time and effort educating our team and compiling the following information to help our customers understand the changes being made.

How do Backers provide consent to use BackerKit?

As a Project Creator on BackerKit, you are a data controller and BackerKit is acting as your data processor for your users. In this respect, you’ll want to take the following steps:

  • Ensure your Terms of Service and/or Privacy Policy are up to date.
  • Perform your own research, modeling, vendor audit, and strategy steps at your company to ensure you understand GDPR as it applies to your business.
  • Be thinking about how you’ll handle Consent for your backers.

 

BackerKit allows backers to opt-in to two services. Both of these services are disabled by default and backers can optionally check either of these boxes when completing their survey.

  • BackerKit accounts – Backers can choose to create a password and have an account that manages all of their BackerKit projects in one place.
  • Marketing list – Backers have the option of being added to the BackerKit Marketing list. Backers who have opted in here will be added to a list where they receive emails and other marketing materials related to Staff Favorite projects on crowdfunding platforms as well as projects on BackerKit.

What kind of Data does BackerKit Collect?

As a Data processor, Backerkit collects information about a project and their backers when the Creator imports their project into BackerKit. This includes various data from these external platforms including backers’ email addresses and usernames. BackerKit collects additional personal identifying information that Backers provide themselves via our various survey tools (See Privacy Policy for a robust list).

As a Data Controller, BackerKit collects personal identifying information from Project Creators, Backers with a Backer Account, and visitors to our public site.

Why do we collect personal identifying data?

The Data Controller (the Project Creator) is responsible for outlying why they collect any personal identifying information including email, shipping address, and any personal information that ask within the survey.

As a Data Controller, BackerKit uses several tools to help improve the product. Including tools to help illuminate parts of the website that are are confusing or underused, allowing our product team to improve the customer experience. These tools also help surface errors and allow BackerKit to gain insights into how our users are using the app. These tools also help our Customer Success and Backer Support teams provide support and guidance to creators and backers.

Who has access to this data?

All admins attached to a given project can access all information that backers input.

  • Admins can only see the last 4 digits of stored credit cards.
  • BackerKit’s support and success team has access to this information in order to provide accurate support to backers and Project Creators.

 

Our sub-processors have access to a restricted set of information in order to render the service provided (see Privacy policy for a list of our sub-processors).

  • We’ve conducted an extensive audit to make sure to limit the data we send to sub-processors to only include data necessary to utilize the service.

How will we handle GDPR requests for data deletion?

We are adding a “delete backer per GDPR request” feature to permanently pseudonymise any personal identifying information. This means that you will not be able to access or recover any personal identifying information for this backer.

  • As a Data Processor, you need to make sure to also comply with the request on any other sub-processors that you use.

 

If the backer has an account with BackerKit (our Backer Account provides backers with access to all projects using BackerKit), they can send a request to [email protected]  and we will delete all data associated with all of their projects.

What happens in the event of a data breach?

If there is a data breach that is likely to result in a high risk to the rights and freedoms of individuals, we will notify all parties involved as well as any supervisory authorities within 72 hours. We have also put procedures in place to effectively detect, report and investigate these personal data breaches.

How long does BackerKit keep data?

BackerKit does not automatically expire any data that we process as a controller. This is because Project Creators may need this information for many years. If you are a project creator and need all your data to be removed for a project, please contact [email protected].

We have various expirations for data on our sub-processors once the data there is no longer needed.

To learn more about GDPR, checkout https://www.gdpreu.org/