A page stating your terms of service isn’t required, but it’s a good idea. It prevents abuses, solidifies your ownership of site content, and limits your liability.

A privacy policy on the other hand is required by law if you collect personal data from your website visitors. This is especially important since the introduction of The General Data Protection Regulation (GDPR).

Because Bandzoogle is a do-it-yourself platform, it is your responsibility to add and maintain all documentation on your website.

How to add a ‘terms of service’ or ‘privacy policy’ page to your website:

  1. From the ‘Edit Content’ tab, click ‘Pages’
  2. Select ‘Site wide settings’ below the list of pages
  3. Select ‘Terms’
  4. Enter your terms of service or privacy policy text
  5. Click ‘Save’

This will display a ‘Terms’ link at the bottom of each page on your website. Visitors can click that link to view the text you added.

Note: We cannot provide legal advice or sample content. Because this is your website you will need to add the content that makes the most sense for your business. You can, however, take a look at some ideas below to move toward GDPR compliance.

GDPR at Bandzoogle

The General Data Protection Regulation (GDPR), is a regulation in EU law on data protection and privacy. It went into effect on May 25, 2018. The GDPR regulates how individuals and organizations may collect, use, and retain personal data, and addresses the export of personal data outside the EU. This article outlines some of the steps that Bandzoogle has taken to comply with these regulations, and provides clarification.

Does the GDPR affect me? What is personal data?

GDPR applies to companies based in the EU as well as any organizations that process the personal data of EU citizens. We've been following these new regulations closely and we'll continue to add helpful tools.

Personal data is any information that is about a specific person. This can include names, civic addresses, e-mail addresses, or birthdates. It can also location and biometric data.

The rights included in GDPR are:

  • The right of access
  • The right to rectification
  • The right to erasure (right to be forgotten)
  • The right to data portability
  • The right to object

What has Bandzoogle done?

Since this regulation was passed, we have

  • Updated our ‘Terms’ and 'Privacy' policies
  • Begun anonymizing IP addresses
  • Reviewed our products and services to determine what (if any) changes need to be made
  • Assigned a DPO officer
  • Made sure that when users can unsubscribe from your fan lists, their data is deleted
  • Added tools on all sign up forms that allow you to specify your intentions for the data
  • Added a source field for your mailing list contacts. If a user has been added to your list via an import or upload tool, you should refresh consent
  • Added a message to the mailing list confirmation message that outline how their data will be used. You can also add a message to your ‘Mailing List Signup Form’ feature to note what type of communications you will send members

You can manage your profile through the Account Details settings, and your billing details from the Plan and Billing section. In future updates we'll be adding more tools to help ensure a strong "people first" ethic of data privacy.

How does Bandzoogle protect data of members and fans?

  • Our payment gateways for members and customers are PCI compliant at the highest level
  • We serve all pages over HTTPS/SSL secure protocol
  • Bandzoogle has implemented the right to be forgotten for our members
  • We use a hashing called Bcrypt to protect your password, so it can't be viewed by anyone

We collect and store member and fan data. The Bandzoogle member is responsible for that data and manages it. The Bandzoogle member has the option to compose and post their own privacy policy.

When responding to a signup form at Bandzoogle, fans may provide personal information or data. Please note that Bandzoogle is not responsible for the content of that form, so if a fan has any questions about a form on a Bandzoogle member's website, they should contact the Bandzoogle member directly.

Best practices for your Bandzoogle website

We can't provide legal advice, but here are a few things you can implement on your website to move toward compliance:

  • Review your website to see what kind of personal data you collect. Do you have a mailing list signup form on your site? Have you used our mailing list feature in the past, and exported your list of contacts to another provider?
  • Create a privacy policy. You can include things like what information you collect, who you share it with, why you collect that information, and anything else required by the GDPR. You can add this to the ‘Terms’ section of your account, or display it within a ‘Text’ feature on any page.