How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • Go back-and-forth until satisfied
    Rate the answer you receive.
Ask Nicola-mod Your Own Question
Nicola-mod
Nicola-mod, Moderator
Category: Law
Satisfied Customers: 51
Experience:  Moderator
73944119
Type Your Law Question Here...
Nicola-mod is online now

I am developing an application that contains users that will

Customer Question

hello
JA: Hello. How can I help?
Customer: I am developing an application that contains users that will have customers. Customers data will be collected and stored on the applications database. How will this work in relation to GDPR?
JA: Where are you? It matters because laws vary by location.
Customer: UK
JA: What steps have you taken so far?
Customer: There will be a privacy policy documenting the use of the data on the site, plus guidance on how anyone with their data on the application database can request to remove the data if they wish
JA: Is there anything else the Lawyer should know before I connect you? Rest assured that they'll be able to help you.
Customer: Its worth noting that the users gathering the information will likely get the information in person or over the phone, so the customers wont have the ability to select a checkbox for consent. However, the application will never use their information to contact them in any way. It is entirely at the discretion of the business owners and account users of the application
Submitted: 14 days ago.
Category: Law
Expert:  JimLawyer replied 14 days ago.

Hello, this is Jim and welcome to JustAnswer. I will be the lawyer working with you today.
Sorry to hear of the issue. I will set out my written answer shortly.

Expert:  JimLawyer replied 14 days ago.

You will need a privacy policy which complies with GDPR first of all. You can use the ICO's template which can be located here:

https://ico.org.uk/for-organisations/make-your-own-privacy-notice/
In your application you could state in the privacy policy that by using the app, the customers are giving their consent for their data to be used and stored under GDPR. And they can withdraw this consent if they request to do so.

However, you mention a situation whereby the customers cannot "opt in" by ticking a checkbox. Consent requires a positive "opt in", meaning you can't use a default consent such as a pre-ticked checkbox. You need proof of their acceptance of the privacy policy too - which would be difficult if the users gather information in person or by telephone. You could add in a term that a new user registration is an acceptance of the privacy policy. A better solution would be to have a facility for the new user to consent by using a contact form, or a marketing sign-up form. Or a registration form.

There are a few options as you can see however I would strongly suggest you ask the ICO (Information Commissioners's Office) for their view and what they would suggest just to be sure.

You can reach the ICO on 0303(###) ###-#### They also have a "live chat" facility on their site - you can visit it here: https://ico.org.uk/make-a-complaint/

Expert:  JimLawyer replied 14 days ago.

I hope this helps and answers the question - my goal is to ensure you are happy with the answer and have the information you need. If you have any follow up questions then please let me know. I will reply as soon as I can to help with any further queries.

Many thanks,
Jim

Expert:  JimLawyer replied 14 days ago.

Please let me know if the answer helped or if you need me to cover anything else?. I am happy to clarify the answer or if you have any follow up questions. If so, I’d be grateful if you would let me know. I am free most days, including weekends, so feel free to ask me anything you are unsure of.

Best wishes,

Jim

Customer: replied 14 days ago.
Hi Jim, thanks for the reply, but this does not answer my question unfortunately. As a web developer that writes applications with user accounts and GDPR compliance, I am aware that a checkbox is the key to the consent along with a number of terms surrounding wording and positioning of the checkbox. The issue here is that the site will behave as a SaaS (Software as a Service). There will be business owners and employees using the software to handle the processing of quotes and invoices. The data stored will be very top level (Name, Email, Phone Number and Address) with the potential addition of vehicle data. All of this information will be taken by an employer/employee of the company as an account holder of the software I will be providing and the information will be gathered in person or over the phone. Can you offer any further details surrounding this precise circumstance at all? With regards ***** ***** connecting vehicles, I did find this: https://edpb.europa.eu/sites/default/files/consultation/edpb_guidelines_202001_connectedvehicles.pdf but the terminology used here is a little difficult for me to follow in relation to my specific use case
Expert:  JimLawyer replied 14 days ago.

Thanks and apologies if the answer didn't help. I am not at all computer-savvy and what you are talking about is rather alien to me. I would expect the ICO to be able to give you the information you need but as far as my help is concerned, I cannot assist further - perhaps another legal expert with knowledge of software would be able to help further - either way the site rules are that I need to opt out if I cannot help further. I will do so now - the question will be available for others and hopefully they will pick up the question shortly.
Thanks

Expert:  Nicola-mod replied 14 days ago.
Hello,
It seems the professional has left this conversation. This happens occasionally, and it's usually because the professional thinks that someone else might be a better match for your question. I've been working hard to find continuing a new professional to assist you with your question, but sometimes finding the right professional can take a little longer than expected.
I wonder whether you're OK with to wait for an answer. If you are, please let me know and I will continue my search. If not, feel free to let me know and I will cancel this question for you.
Thank you!
Nicola
Customer: replied 14 days ago.
Sure, happy to wait if someone can get an answer to me. All good if not. In the meantime I have taken Jims advice and emailed ICO, but some insight from a qualified Solicitor with good knowledge of GDPR legislation would be a huge help. Thanks Nicola
Expert:  TetyanaP-admin replied 12 days ago.
Hello,
I apologise as we have not yet been able to find a Professional to assist you. Do you wish for me to continue to search for someone to assist you or would you like for us to close your question at this time?
Thank you for your patience,
Tetyana-moderator