I'm not sure the new form is GDPR compliant
Tetiana Kremnova
You did a step in the right direction by unchecking the "i have read and accept term of use" pre-checked chekbox but you did two step backwards with this "when you tap the button, all the checkboxes will be checked automatically".
According to GDPR "consent must be explicitly obtained" and checking automatically the checkboxes does not mean that the consent was given. If you want to be compliant the first checkbox should say "I have read and accept terms of use and privacy policy", the second field should be about getting communications from us.
That separation is NEEDED because you need one consent to process user's data to create the loyalty card and another one to communicate with the user.
Think about realy loyalty cards, the ones in the real world. User gives you his details to get the card but can also decide if he wants to receive emails from us.
I understand that communicating with the user is part of our proposition so if he doesn't opt in to receive communications from us you could refuse the service but AT LEAST you should remove the automatically check of checkboxes to be compliant.
Link to skool discussion: https://www.skool.com/boomerangme/im-not-sure-the-new-form-is-not-gdpr-compliant
Chris
Tetiana Kremnova Have you heard any updates?
S
Sumolingo
Chris Hopefully BM team will reply here, i'm waiting for an update too!
Tetiana Kremnova
Chris not yet. I hope they will finally get this right. I'm talking about GDPR issues since years.
Chris
Mike Nosov
Is their an update on this?
Samantha@Returnkit.co.uk
I am really concerned about this. I nearly signed someone today but this has put them off. (I’m uk based and some people seem really worried about it)
S
Sumolingo
Samantha@Returnkit.co.uk you are not the only one concerned. If you try to do business with any company that's bigger than the usual mom shop and pop you'll be discarded because of this. What Tetiana suggests not only is correct but it's also very straightforward way to be compliant: you add "privacy policy" text in the first consent bunding the processing of personal informations with terms of use and you don't automatically check the boxes. That's it.