It’s very important to note that you as JetCRM/website/server owner are the data controller that process the information you store. We can offer various features that will help your CRM to comply with the GDPR law, but it’s your responsibility how you comply with GDPR, we recommend that you review your data privacy and security practices.
Every business and company is different and that may affect what you need to do to comply with GDPR. We encourage you to work with legal and other professional counsel to determine precisely how the GDPR might apply to you and your business.
Enable GDPR in JetCRM
To enable GDPR and GDPR features in JetCRM, you will need to navigate to Setup->GDPR and click Enable GDPR button. All the options by default will be turned off, you can adjust the GDPR config to fit your requirements.
Individual rights
Learn more about individual rights
The right to be informed
Click here to learn more about the right to be informed
JetCRM GDPR options give you the ability to provide a privacy policy and terms and conditions, to enable terms and conditions click on Right to be informed tab and enable Terms & Conditions, you may want to include the privacy policy link into your terms too.
- Enable Terms & Conditions for registration and customers portal – Before register, a user must agree to your terms and conditions before the data is collected.
- Enable Terms & Conditions for a web to lead forms – If you use a web to lead forms, you can enable terms and conditions checkbox at the bottom, in this case before JetCRM collect the data the data subject must agree to the terms.
- Enable Terms & Conditions for ticket form – If you use ticket forms embedded on your website, you can enable terms and conditions checkbox at the bottom, in this case before JetCRM collect the data the data subject must agree to the terms.
- Show Terms & Conditions in customers area footer – Additional option to show terms and condition in the footer for all customers area users (logged in and not logged in)
The right of access/right to rectification
Click here to learn more about the right of access
Click here to learn more about the right of rectification
The customers area gives the customer contacts ability to log in and view their personal information. Also, the customers area provide with access to update their personal information like first name, last name, email address, phone etc…
Below you can read for more additional options.
Contacts
- Allow primary contact to view/edit billing & shipping details – the billing and shipping for customers are stored in separate fields, you can allow the primary contact to update those fields. Note that updating billing and shipping details from customers area won’t affect already created invoices, estimates and credit notes.
- Allow contacts to delete own files uploaded from customers area – In case contact uploaded a file eq to his profile, tasks or project file, you can allow those files to be removed too.
Leads
- Enable public form for leads – The leads you add in the system will have unique URL to view their information you store for them and they will be able to update the information when they access the URL, after you enable this option the lead public URL can be found in the GDPR lead tab. Lead public form url merge field will be available in email templates too.
- Show lead custom fields on the public form – This option is used if you have custom fields for leads and you want the custom fields to be shown in the public form.
- Show lead attachments on the public form and allow attachments to removed by the lead –If you uploaded files for the lead in the Attachments tab, those files will be visible in the public form also the lead will be able to remove any files.
The right to erasure (known as the ‘right to be forgotten’)
Click here to learn more about the right to erasure
Contacts and leads can request their data to be removed from JetCRM, click on Right to be forgotten tab to check all the available options.
Contacts
In order contacts to request their data to be removed, you will need to show GDPR link in customers area, to achieve this you can click on the General tab and set Show GDPR link in customers area navigation to Yes
After contact login to customers area, the contact can click on the GDPR link and check various options.
Leads
Leads can request data removal via the public lead form which needs to be enabled from The right of access/right to rectification tab
Removal request
If you receive a request for data removal, you can use JetCRM default delete functionalities eq for leads, customers, contacts and delete the data after the request is received. Additionally, you can track all requests in The right to be forgotten tab then click on Removal Requests. You can change the status to the removal request to Pending, Removed, Refused, this is used for your own purposes to know the steps taken for this removal request.
After contact/lead request data removal, all administrators will receive an email that there is active removal request, after you enable the removal request, you can check the available email templates in Setup->Email Templates.
The right to data portability
Learn more about right to data portability
In Setup->GDPR->The right to data portability you can choose various options to be exported when contact or lead use the export feature. JetCRM will export the data in human readable JSON format.
Contacts can export data via the customers area and leads can export data via the public form, note that no attachments will be included in the export.
The right to restrict processing
Click here to learn more about the right to restrict processing
There is no specific option for this right in JetCRM, but JetCRM already compatible with this right and this can be achieved in various ways.
In JetCRM you can do the following:
- Set the customer/contact to inactive so you can have an indicator that this customer has restricted data processing, also when a customer is set to inactive eq staff member can’t create invoice under this customer.
- Create custom field select eq with a name: Data processing restricted with 2 option Yes and No, this will help you to know that this customer/contact data is restricted for processing.
- Disable all email notification for the contact, navigate to the customer contacts tab and open the contact, at the bottom you will be able to disable the email notifications.
Inform your staff members the steps you performed to restrict the data and how they can know if the data is restricted to processing.
Consent
Click here to learn more about consent
If you are collecting the consent for marketing purposes, you will need to get consent from the user from a separate opt-in form, the consent can’t be included in terms and conditions policy.
The consent forms that JetCRM offers, will give simple and easy way to the users to give and withdraw consent at the same time without the need to contact you, very important part from GDPR concept for consent is that the consent checkboxes can’t be pre-checked which JetCRM comply with this.
Keep in mind that you cannot mix multiple consents in one, you must separate them and the user must give consent for all of them separately.
In the Consent tab, you can add an unlimited number of consent purposes.
JetCRM will store information about when the consent is given, IP address and the consent purpose, also if consent is manually added from the admin area, the staff name will be stored and the staff will be able to add additional information how the consent is given from the contact.
Consent URL
Each contact and each lead will have unique consent URL, where they can give you consent or withdraw the consent anytime they want.
For contacts, the consent public URL is located in the customer profile under the contacts tab, for each contact you can click on the View Consent URL.
For leads, the consent public URL is located in the lead modal under the GDPR tab.
After consent is enabled you will be able to include the consent url for leads and contacts in email templates, a new merge field will be available in Setup->Email Templates.
Custom Fields GDPR compliance
Custom fields in JetCRM give you the ability to create your own personalized fields for your own purpose to store and collect more data, as GDPR comes in into force, you may want to re-think how you will use the custom fields data you store and how you will manage the custom fields in JetCRM.
Our recommendation is to add only custom fields you really need and make them visible to customers area too, so in this case, contacts will be able to see the data you store about them and also update the data.
Keep in mind that when you contact will export data, only custom fields that are checked to be visible on customers area will be included in the JSON format, as for leads in Setup->GDPR->The right of access/right to rectification you may want to Show lead custom fields in public form and also enable custom fields to be exported in Right to data portability.