As a general rule, if you process any personal data of EU residents, even just collecting or storing their names and email addresses, the GDPR may apply to you. While Marvelous is unable to provide legal advice, we encourage you to take the necessary steps to determine whether or not you need GDPR compliance.
We suggest you:
Familiarize yourself with the requirements of the GDPR. We have found the work of attorney Autumn Witt Boyd extremely helpful and encourage you to check out her GDPR training.
Seek legal advice regarding the GDPR requirements and how they affect your business, specifically your Terms of Use and Privacy Policy.
Review your sub-processors to make sure they are compliant with GDPR (a sub-processor is a third-party data processor such as Mailchimp, MINDBODY Online, or ConvertKit).
Review your email sign-up process with your email service provider. You need explicit consent to email users that sign-up either on your website or Marvelous site. The easiest way to get consent is to use a double opt-in or include a consent checkbox that the user must click in order to opt-in to receive emails. Please refer to ConvertKit's and Mailchimp's articles on their tools and processes for GDPR compliance.
Depending on your location and the location of your customers, there may be additional requirements specific to such jurisdictions. It is important to consult your own business and legal advisors.
What can you do on your Marvelous site?
For all teachers, in addition to the above suggestions, we suggest adding an applicable consent statement in the product description of each of your Marvelous products with links to your Terms of Use and Privacy Policy which are both hosted on your website (and are different than Marvelous's Terms of Use and Privacy Policy).
Here's an example of a consent statement (make sure you link to your Terms of Use and Privacy Policy): "By enrolling in this product, you agree to the terms of use and privacy policy."
How is Marvelous handling compliance with EU GDPR?
We take your privacy and the privacy of your students seriously and have taken steps to be fully compliant with the GDPR.
The steps we've taken are:
Retained outside legal counsel to ensure that we comply with the GDPR
Published revisions to our Privacy Policy which include disclosures required by GDPR.
Reviewed our sub-processors to make sure they are compliant with data protection policies and procedures that comply with the GDPR to the best of our ability.
Assigned a privacy officer and created a process whereby our users can request access to or deletion of their personal data.
Please read our updated Privacy Policy if you'd like to learn more about our disclosures and handling of data.
We will strive to continue to adapt our policies and tools as the interpretation of these laws becomes more clear over time.
Contact Us π§‘
For any questions reach out to us in our live chat or send us an email at team@heymarvelous.com π