Advent calendars are now available in any form. Whether sweet or savoury, filled with beauty products or teas, or even as an online version.
Online advent calendars are very often used for advertising purposes or to retain employees of companies. There are countless options for the concrete design or filling. Only web-based or also as app? Are there profits or only nice sayings? Where is the online calendar integrated and advertised? Should the users be tracked? Is there a secure SSL certificate? The questions already show: When using these calendars there are a lot of data protection points to consider.
Stepp 01: Integrate your data protection officer right from the start. If you want to integrate iFrames, social plug-ins or similar, it is certainly advisable to conclude a contract on joint responsibility in accordance with Art. 26 DSGVO.
Stepp 02: Clarify whether the online service provider meets all GDPR requirements - from data storage and processing of personal data for its own purposes to the integration of third-party providers such as Google Analytics.
Stepp 03: Check whether you, as the person responsible for your data, can also be given decision-making authority. Then the online service provider may no longer freely decide on the purposes and means of data processing and is then not to be regarded as an order processor according to Art. 28 DSGVO. If necessary, tracking and analysis tools will only be integrated at your request.
Stepp 04: To be happy that one makes others happy and that Christmas is getting a little closer every day...