At Makerble we take GDPR compliance seriously. We are your data processor and you are the data controller.
The General Data Protection Regulation requires that you get consent from the people whose data you store.
When you store a person’s information on Makerble, they are stored as a Contact.
One of the fields within the Contact form is called Consent and it allows you to record whether you have obtained that person’s consent. Heres how it works in practice:
If you ask people to sign a paper consent form, you can upload that signed form to their Contact record on Makerble
Using the Date of Consent field on Makerble, you can record the date that consent was granted
Using the Who Consent was Granted by field on Makerble, you can record whether it was the person themselves, a parent, guardian or someone else who gave that consent.
You can easily add additional consent fields to your Contact forms.
2. restricted access to SENSITIVE PERSONAL data
The GDPR requires that organisations restrict access to people’s Personal Data.
On Makerble, you can customise the level of privacy that exists for every beneficiary, client, service user and person you work with.
You can choose restrict access to people’s personal data in the following ways by making it visible to:
Only specific individuals
Colleagues that work on the programme or service the client uses
3. DATA STORAGE
When you use Makerble, your data is stored on servers housed in secure data centres located in London, England.
The data is stored in AWS S3 buckets.
Your data is not sold.
4. DATA RIGHTS
Under the GDPR, people have rights related to the data you store about them. Among those rights are the right to request that you delete all data you store about them, show them the data you store about and move the data that you store about them to another organisation.
Makerble gives you the tools to comply with these regulations.
Deletion: in the event that one of your beneficiaries requests that you delete the data you store about them, you can easily do this on Makerble by pressing the Delete Contact button.
Access: in the event that one of your beneficiaries requests that you give them access to the data you store about them, you can print their beneficiary record from the Contact profile page.
Portability: in the event that one of your beneficiaries requests that you move the data you have about them to another organisation, you can give that organisation access to the Contact profile of that beneficiary.
5. legal basis
Under the GDPR you must record the legal basis for which you are processing someone’s personal data.
On Makerble we support you to do this by enabling you to select the legal basis on which you are storing information about the beneficiaries you work with. In many cases it will be Consent or Legitimate Interest.
There are six possible legal bases on which you can process someone’s personal data.
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
For additional guidance on how to adhere with the General Data Protection Regulations, contact our Data Protection Officer by email: firstname.lastname@example.org. Additional resources are available from The Information Commissioner’s Office: https://ico.org.uk/