Re: Dada Mail 11 Released

From: "Mary Ann Kelley maryann@PROTECTED [Dada Mail Developers]" <dadadev@PROTECTED>

In-Reply-To: (no subject)

Date: May 21st 2018

Thanks for all your work on this, Justin.

For those who are not requesting fresh consent and instead relying on legitimate interests as the legal basis for contact, upgrading will not affect our ability to mail to addresses already in the list under the version, right? I’m envisioning that everything with the current subscribers will remain the same, but new subscribers will have all of the new info paired with their subscription in the database. Please let me know if I’m understanding that correctly.

Also, what will happen with our existing subscription forms from the time we update dada until we revise the custom forms on our websites with what I assume will be new custom HTML forms? Will they still process subscriptions in the same way they always have, or do we need to remove them before we upgrade? What I envision is upgrading, then modifying the custom forms I’m using based on whatever custom HTML is used in the new version for recording the items related to GDPR compliance.

From the changelog:

"And just like consents, there's currently no mechanism to have subscribers to agree to a new privacy policy if you have updated it, so be thoughtful when you author your mailing list's privacy policy.”

I’m assuming that this is just a warning to list owners that users will not be agreeing to the new policy (and that the policy they previously agreed to is the one that will still be on record), not that they will be removed or not included in mailings if the policy changes. Please correct me if I’m wrong.

Under GDPR, if we are using consent as the legal basis of processing data (not all of us are) we are required to obtain consent for mailing, but a change in privacy policy doesn’t require new consent - just a notification with the opportunity to opt out/unsubscribe. The consent is for what we are mailing them and the privacy policy is for how we are handling the data. There is a relationship between the two, but privacy policies don’t require consent, just notification. I am assuming that you know this and that is how it is going to work, but I want to be absolutely sure I am understanding the new version correctly before upgrading.

With that in mind:

Does anything happen for existing users if we update the privacy policy? Or does it just record the revised policy for new subscribers so we can always see which version they agreed to? (This would be the ideal behavior and all that is required under GDPR.)

Thank you for removing the subscription form on the default screen!!

One thing that I hope you will consider is adding an internal profile field that is only visible to the list owner and not the subscriber. Since you are dropping of all profile data when subscribers are invited to give new consent, there might be information that the list owner wants to port with that profile that doesn’t contain personal data held on the legal basis of consent.

I realize that profile data is mostly used for, well, profiling, and that generally any personal data that is in there should be erased until consent is given to have it there - BUT consent is not the only legal basis for holding data, and there may be other legal grounds (contract or required by law come to mind) that apply. This is where an internal admin field would be helpful.

For example, I have a “source” field in the profile that I use for internal notes where needed that do not contain personal data but may nonetheless be important (I use it for coded notes about admin actions I’ve taken with a date for my own reference). It has been a source of confusion that subscribers could see this field, and I have noted “For internal use only, please do not change” but having that available where subscribers don’t have access to it would be helpful. That way their profile data that contains personal data could be wiped when fresh consent is requested, but internal notes could remain.

I wouldn’t necessarily want those notes to disappear since they might contain data I am holding under a different legal basis than consent.

Warm regards,

Mary Ann

On May 21, 2018, at 11:00 AM, Justin J justin@PROTECTED [Dada Mail Developers] <dadadev@PROTECTED> wrote:

From: justin@PROTECTED

Hello everyone,

I released Dada Mail v11 yesterday night, which has all the changes to help make it more compliant with the GDPR. This is basically the changelog:

http://dadamailproject.com/d/gdpr_guide.pod.html

If this issue affects you, do upgrade as soon as you can. Reports of issues found with this new version are greatly appreciated,

https://github.com/justingit/dada-mail/issues

‹ Dada Mail 11 Released

Index

Re: Dada Mail 11 Released ›

Email Address

You're OK with using your email address as your primary contact for this email discussion list; messages will be sent on your behalf

Unsubscribe at Anytime | Privacy Policy

This mailing list is a public mailing list - anyone may join or leave, at any time.
This mailing list is a group discussion list (unmoderated)
Start a new thread, email: dadadev@dadamailproject.com

This is the developer discussion mailing list for Dada Mail.

If you are just looking for support Dada Mail, consult the message boards at:

https://forum.dadamailproject.com

Documentation for Dada Mail:

https://dadamailproject.com/d

Specifically, see the Error FAQ:

https://dadamailproject.com/d/FAQ-errors.pod.html

To post to this list, send a message to:

mailto:dadadev@dadamailproject.com

All subscribers of this list may post to the list itself.

Topics that are welcome:

Constructive critiques on the program (I like, "x", but, "y" needs some work - here's an idea on how to make this better...)
Bug/Error reports
Bug fixes
Request For Comments on any changes to the program
Help customizing Dada Mail for your own needs
Patches
Language Translations
Support Documentation/Doc editing, FAQ's, etc.
Discussion of any changes that you would like to be committed to the next version of Dada Mail -

Dada Mail is on Github:

https://github.com/justingit/dada-mail/

If you would like to fork, branch, send over PRs, open up issues, etc.

Privacy Policy:

This Privacy Policy is for this mailing list, and this mailing list only.

Email addresses collection through this mailing list are used explicitly to work within this email discussion list.

We only collect email addresses through our Closed-Loop Opt-In system.

We don't use your email address for any other purpose.

We won't be sharing your email address with any other entity.

Unsubscription can be done at any time. Please contact us at: justin@dadamailproject.com for any help regarding your subscription, including removal from the mailing list.

All mailing list messages sent from us will include a subscription removal link, which will allow you to remove yourself from this mailing list automatically, and permanently.

All consent to use your email address for any other purpose stated at the time of the mailing list subscription will also be revoked upon mailing list removal.