Consent
Consent Guidance for Zykrr Customers
This document summarizes GDPR-compliant consent practices customers must follow when collecting feedback through the Zykrr platform, based on the guidelines published at gdpr-info.eu/issues/consent.
By following these practices, your use of Zykrr for collecting, storing, or processing personal data can be considered lawful and transparent under GDPR.
1. Clear Identification of the Data Controller
The data subject (participant) must be informed of:
- Who is collecting their data: Clearly mention that the controller is your brand, not Zykrr.
- What personal data is being collected: E.g., name, email, feedback text, order ID, etc.
- How it will be used: Explain the purpose of collection (e.g., customer service improvement, analytics).
- How long it will be stored: Indicate a specific retention policy (e.g., 90 days, 1 year).
Example language:
“[Brand Name] will use your feedback to improve our services. Your responses will be securely stored for 6 months and will not be shared outside our organization.”
2. Purpose Limitation
Consent must be tied to specific, clearly stated purposes.
- Avoid vague or overly broad language.
- If data is used for multiple purposes (e.g., analysis and marketing), obtain separate consents.
✅ Clearly state:
“Your feedback will be used solely for customer experience improvement and will not be used for marketing without separate consent.”
3. Right to Withdraw Consent
Participants must be informed that they have the right to withdraw consent at any time, without affecting prior lawful processing.
- The process should be visible and accessible at the time of giving consent.
4. Withdrawal Should Be as Easy as Giving Consent
Zykrr recommends customers provide a simple mechanism for consent withdrawal:
- A web form or contact address on your privacy page
- A hyperlink within the consent message leading to the withdrawal process
- Optional: A PDF form download for offline requests
✅ Add a line like:
“You can withdraw your consent at any time by visiting [brand.com/withdraw-consent] or contacting privacy@[brand].com.”
5. Special Rules for Children
If your survey targets or could reach children under 16, GDPR requires:
- Parental or guardian consent to be explicitly collected
- Clear identification that the service is not directed at minors without consent
⚠️ Zykrr recommends customers screen for age where relevant and include clear statements about age restrictions in the consent message.
Summary Checklist
| Requirement | Action |
|---|---|
| Controller identity | Mention your brand, not Zykrr |
| Type of data | Specify what personal data will be collected |
| Purpose | Be specific and explicit |
| Withdrawal | Inform participants of their right and how to execute it |
| Simplicity | Make withdrawal as easy as consent |
| Children | Collect guardian consent if minors are involved |
Important Note
Zykrr acts as a data processor, and the customer is the data controller under GDPR. It is your responsibility to ensure that the consent language and processes meet regulatory requirements relevant to your region and use case.
For legal review or template support, contact your DPO or compliance advisor. For questions about how Zykrr stores or processes the data, contact support@zykrr.com.