When do I need to use double opt-in?
Posted: Mon Feb 17, 2025 9:32 am
Double opt-in is a procedure where you verify the identity of the data subject by sending a confirmation link, for example, by email. It is commonly used in emailing. It will not be mandatory according to GDPR, but we would definitely recommend it. Among other things, this prevents emails that would only spoil the quality of your database.
How long can I process the data?
In principle, as long as the subject allows you. The processing time should be proportionate to the purpose. Granting consent to sending a newsletter for 100 years is not proportionate. A period of up to 5 years is often recommended. However, you can always ask the user for an extension or new consent before the consent period expires.
How do I handle a business card?
Consent is considered to be any expression of free will – including overseas chinese in uk data handing over a business card at a business meeting. Remember, however, that the business card administrator is the company that employs you. If you receive a business card from a business partner, you can use it in a meeting about your services or give it to anyone in the internal team. However, they cannot send another business offer to the email on the business card.
In the case of AITOM, we can discuss the website with you, but under no circumstances can we send you an offer from our partner e-shop to your work email.
Can I forward the contact to my supplier?
The recommendation will continue to work. Let's say you know an excellent plumber and you have his business card, which he gave you during the last job. You can give this business card to your neighbor who is also looking for a reliable craftsman even without his explicit consent. You are acting in his interest. It can be assumed that this is a work contact and he will appreciate new jobs. However, you cannot give out a private phone number.
Can I use references?
Generally, you must have consent to publish a reference, as the reference contains personal data. In the case of Facebook, Facebook is the data controller and Facebook is responsible for consent.
Another solution is to anonymize the data. For example, instead of signing Tereza Malkusová, AITOM, you sign the reference Tereza from Prague. If the reference does not have a photo or other identifying information, you will not have to deal with the reference.
Do I have to delete all databases?
No, if you have obtained the contact in accordance with GDPR (for example, the user has previously given you consent or they are your customers), then simply inform the user of the new terms. However, if you have not obtained the contact in accordance with GDPR, then you must first request permission again.
How long can I process the data?
In principle, as long as the subject allows you. The processing time should be proportionate to the purpose. Granting consent to sending a newsletter for 100 years is not proportionate. A period of up to 5 years is often recommended. However, you can always ask the user for an extension or new consent before the consent period expires.
How do I handle a business card?
Consent is considered to be any expression of free will – including overseas chinese in uk data handing over a business card at a business meeting. Remember, however, that the business card administrator is the company that employs you. If you receive a business card from a business partner, you can use it in a meeting about your services or give it to anyone in the internal team. However, they cannot send another business offer to the email on the business card.
In the case of AITOM, we can discuss the website with you, but under no circumstances can we send you an offer from our partner e-shop to your work email.
Can I forward the contact to my supplier?
The recommendation will continue to work. Let's say you know an excellent plumber and you have his business card, which he gave you during the last job. You can give this business card to your neighbor who is also looking for a reliable craftsman even without his explicit consent. You are acting in his interest. It can be assumed that this is a work contact and he will appreciate new jobs. However, you cannot give out a private phone number.
Can I use references?
Generally, you must have consent to publish a reference, as the reference contains personal data. In the case of Facebook, Facebook is the data controller and Facebook is responsible for consent.
Another solution is to anonymize the data. For example, instead of signing Tereza Malkusová, AITOM, you sign the reference Tereza from Prague. If the reference does not have a photo or other identifying information, you will not have to deal with the reference.
Do I have to delete all databases?
No, if you have obtained the contact in accordance with GDPR (for example, the user has previously given you consent or they are your customers), then simply inform the user of the new terms. However, if you have not obtained the contact in accordance with GDPR, then you must first request permission again.