GDPR, data and privacy
Can I use SupporterBase in the UK and Europe?
The short answer is yes! To learn more about how SupporterBase enables compliance with key GDPR requirements, you can review the below GDPR sub-sections.
Please note the information offered below is not legal advice. We are providing general information about SupporterBase and how it addresses elements of GDPR applicable to the product. If you have further questions or would like to discuss ways to ensure SupporterBase fits your organization’s specific privacy and data policy requirements, please get in touch: email@example.com.
What are the data implications of integrating with NationBuilder
All SupporterBase customers must also be NationBuilder customers (given the nature of the integration), and SupporterBase automatically syncs changes in NationBuilder including all profile updates or removals.
You can learn more about how NationBuilder complies with GDPR here: https://nationbuilder.com/gdpr_faqs.
How is consent achieved?
All public supporter group pages live on a central website within the organization’s connected NationBuilder account. This means that all of NationBuilder’s existing features for requesting and tracking consent are available for organizations to use on their supporter group signup forms and event pages.
By default, SupporterBase only extracts a specific subset of supporter data from your organization’s connected NationBuilder account. This subset includes all profiles who have at least one of the tags explicitly associated with a supporter group, as well as the profiles of all admins, leaders and other users with password access to your SupporterBase.
As such, your organization is able to structure your data processes to ensure that you only apply the relevant supporter group tags to individuals who have explicitly opted-in to joining a supporter group. This can be done by creating supporter group signup pages that request explicit consent and apply the group’s tags to supporters once that consent is provided. (Please note that, if the optional “Autocomplete search” feature is enabled, then SupporterBase will sync all people data from your organization’s NationBuilder account).
Furthermore, when syncing supporter data from NationBuilder, SupporterBase honors all existing consent preferences across the full range of NationBuilder’s opt-in and opt-out fields for each supporter. For example, supporters will not be contactable through SupporterBase if they have the “do not contact” option selected under their profile in NationBuilder. Similarly:
- they will not be emailable through SupporterBase unless the “receive emails” option is selected for their profile;
- they will not be contactable via SMS within SupporterBase unless the “receive texts” option is selected for their profile; and
- they will not be callable through SupporterBase if the “do not call” option is selected for their profile
- lastly, no additional personal information is stored in SupporterBase outside of the data saved under the supporter’s corresponding profile in the organization’s nation.
How is event and RSVP data handled?
All event and RSVP data is synced with the organization’s NationBuilder account (their “nation”), which means any deletions of events and/or RSVPs in their nation will automatically trigger the removal of that same event and RSVP data from the organization’s SupporterBase.
Can supporter data be removed from SupporterBase on request?
- If a supporter wants to be removed from SupporterBase but remain in the nation, this can be achieved. They will remain in the nation but have exclusion tags added, so that they will no longer appear in the SupporterBase group and will therefore no longer be contactable by group leaders.
- If a profile is deleted or permanently deleted in NationBuilder (e.g. in response to an erasure request) then that profile will automatically be removed from the organization’s SupporterBase. This includes removal and anonymization of all associated activity history for that profile (e.g. past email and SMS exchanges handled through SupporterBase), similar to how NationBuilder handles anonymization of donation records when a profile is removed.
- As a result of the above, any supporters removed from NationBuilder will automatically cease to appear in all groups, events and RSVP lists within SupporterBase. Furthermore, if a supporter has been permanently deleted in NationBuilder then it will no longer be possible to add that same supporter to SupporterBase at any point in the future (similar to how NationBuilder will block attempts to reintroduce the person’s data to the nation).
Who has access to supporter data via SupporterBase?
Admins and leaders.
Supporter group leaders can only see the names of supporters within their particular group, and cannot view their contact details. SupporterBase enables direct email and phone communication between group leaders and supporters without showing contact details. Group leaders cannot see any details of supporters in groups where they are not a leader or recruiter.
Similar to the processes outlined in the section related to supporter data, all admins, leaders and other users with password access to an organization’s SupporterBase must have an associated profile in the organization’s NationBuilder account.
Can group leaders see the phone numbers or email addresses of their group leaders in SupporterBase?
No, supporter data is always kept private. One of the key principles behind SupporterBase is to allow volunteer leaders to connect with their group members while maintaining the security of all supporter data.
In some sections of the app (e.g. printable RSVP lists for events), masked/partial versions of supporter email addresses and mobile numbers are shown (e.g. firstname.lastname@example.org and 048**64). This is done solely for the purpose of enabling leaders to confirm that supporter details are up-to-date, while ensuring that the full emails and phone numbers are hidden from leaders.
If your organization has a particular need for group leaders to be able to see the email addresses and/or phone numbers of their local supporters within each individual profile then we can discuss your needs and enable that option on a case-by-case basis. However, this is strictly an opt-in configuration, and the default behavior of SupporterBase will always be to prevent leaders from ever seeing full supporter details other than first name, last name, approved tags, level of engagement and recent activity (e.g. their latest contacts and RSVPs).