Specify GDPR Status, Privacy Policy Options, and Terms of Service for Users

The EFT Privacy Policy and web portal Terms of Service agreement can be used to identify or specify whether a user has consented to use of their personal data. This information can help you stay in compliance with GDPR and other privacy regulations. From the Site's Web tab, you can configure the agreements, which affect all users on the Site, all web-based portals upon new account registration, anonymous pickup or drop-off, and upon first login. For Site-specific settings, refer to Terms of Service Agreement, Privacy Policy, and GDPR settings.

If consent to use or store personal data is required for use of the service, then you should document WHY the user's consent is required. GDPR Article 7.4 mandates that "utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract."

Globalscape does not provide the text for your Privacy Policy or Terms of Service agreement. It is up to your organization to create that.

If the Privacy Policy or Terms of Service options are disabled on the Web tab, these options are still available on the user account's General tab, because the administrator can change them based on agreement or consent from the user, instead of in the browser.

The agreements can be "implicit" or "explicit" agreement:

  • implicit means agreement is implied or understood, e.g., when the user creates an account and provides personal data that is optional for use of the service. (To use EFT, the only required data is an email address and a username/password.)

  • explicit means agreement is clearly stated, such as in a written agreement that the user account owner has accepted

To specify the user account's options

  1. In the administration interface, connect to EFT and click the Server tab.

  2. On the Server tab, click the user account that you want to configure.

  3. In the right pane, click the General tab.

  4. Under Account Details, the GDPR, Privacy, and Terms of Service options appear.

    • User is EU data subject according to GDPR - Click Unknown, Yes, or No.

    • For User consent to Privacy Policy - Click  Unknown, Granted (implicit), Granted (explicit), Denied, or Rescinded.

    • For User agreement to Terms of Service - Click Unknown, Agreed (implicit), Agreed (explicit), or Disagreed, or Withdrawn.

  5. Click Account Details to provide name, company, email, and so on.

  6. Go to the Site > Security tab to specify policies for each field in the User Account Details Template.

  7. By default, each of the fields have the same policies: Is personal data, Is modifiable, Is enabled, and Is visible to user. If you want to change any of those options for any field, select the field in the drop-down, and then clear or select the applicable check box. The attributes in the template apply to all users in all Settings Templates on the Site.

  8. Refer to Terms of Service Agreement and Privacy Policy for more configuration, including specifying the actual agreements.

Related Topics