Forumbee GDPR and CCPA Compliance

updated 1 yr ago

The EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are privacy laws that set standards for how companies around the world use and protect the data of individuals. At Forumbee, we are committed to data privacy and have prepared to ensure we fulfill our obligations under both the GDPR and the CCPA, maintaining transparency about how we process data.

Platform Features

The following features enable our clients to meet their GDPR and CCPA obligations:

Customize your Terms and Privacy Policy

You can edit the Terms and Privacy Policies for your community or link to the policies on your main website. Ensure your privacy policy clearly outlines information collection practices, consumer rights under both GDPR and CCPA, and how users can exercise these rights. See How to Customize Community Policies for instructions.

Require Consent (GDPR)

When relying on consent as your legal basis for processing, the GDPR says the consent you obtain must be freely given, specific, informed, and unambiguous. You also must clearly explain how you plan to use their personal data. Our member signup process to help you stay compliant with this law. You can enable a checkbox for opt-in consent and edit the message to explain how and why you are using data. See How to Collect Member Consent.

Notice at Collection (CCPA)

Provide clear notice to members at the point where you collect personal information, informing them what data is collected, for what purposes, and whether it's shared with third parties. Update your privacy policy with this information.

Right to Know (CCPA & GDPR)

Implement processes to handle requests from users to access the specific pieces of personal information you hold about them. Include instructions on how to submit these requests in your privacy policy.

Data Portability (GDPR)

To comply with community member's request for a copy of their data, you can obtain an archive of a member's data in the Administration console. Go to Admin > Users, locate the user and expand their details. Under Data Privacy select Export User Data.

Right to Delete (CCPA & GDPR)

To comply with community member's request to be deleted/forgotten, you can fully delete the member and all of their data. This function can be accessed directly from the Administration console. See this article for steps to delete a user.

Right to Opt-Out of Sale (CCPA)

Include a prominent "Do Not Sell My Personal Information" link on your site and implement processes to honor opt-out requests from users.

Data Processing Agreement (DPA)

Our data processing agreement shares our privacy commitments and sets out the terms for Forumbee and our clients to meet GDPR requirements. This is available for clients to sign upon request.