Real Forest & GDPR

Real Forest and the General Data Protection Regulation (GDPR)

Real Forest helps its customers that are active in the EU to act in compliance with data protection law. If your business is based in the European Union (EU), or you process the personal data of EU citizens, then the General Data Protection Regulation (GDPR) likely applies to you. Please note that this is not legal advice and not GDPR training. We are suggesting some steps through Real Forest that we think may be able to help you work on our platform in a GDPR compliant way. If you're not sure about your GDPR status, consult your lawyers.
In order to reserve real estate unit online in compliance with GDPR there are several steps you must take. When a user submits their contact details and, in that way, agrees to be contacted, you need to have a lawful basis for the processing of their personal data. We offer a 'consent' based form.

Some important points:

We don’t offer legal advice:
Enabling GDPR forms on your signup forms helps ensure that your use of Real Forest in this respect is in line with GDPR. These forms alone do not make you compliant. This is one step in the process, but helps make this part of your offering compliant. Real Forest offers tools and information as a resource, but we don’t offer legal advice. We recommend you contact your legal counsel, and your Data Protection Officer, to find out how the GDPR and other EU legislation affects you.
You should also review our Terms of Use and our Privacy Policy , which include important information about how Real Forest treats EU data, and what you should do if you are keeping EU data in your Real Forest account. Privacy Policy:
Data subjects must be informed if data is being collected, what data is being collected, how, where, and for what purpose. This information varies from one list to another and contains lots of details. To keep things simple and easy, use your privacy policy to fully disclose to leads your data collection and storage practices, and then link to that privacy policy from the real estate project page when you request consent. A layered way of presenting information can be considered, where appropriate, to avoid excessive disturbance of user experience or product design.
Consent: Data subjects actually need to agree specifically to the data processing which you'll be undertaking. For example, if you'll be using their email address to contact them, they need to agree to that. You need to obtain freely given, specific, informed, and unambiguous consent. You must clearly explain how you plan to use their personal data. Note that in order to be GDPR compliant, there are many restrictions on how you use that data; for example, you may not use it for any other purpose other than the purpose to which the data subjects consented. You need their specific consent for the use of the data for automated decision making. If you sell or disclose the details to others, you must make this very clear, and get specific consent for this. We’ve adapted Real Forest signup forms to help you collect data in a way that supports your GDPR compliance.
Real Estate Project Page’s Consent based Generator Guide:

1. Edit the language of the GDPR real estate project to meet your marketing needs. Make sure to review it carefully and be explicit on the purposes for which you're collecting the personal data. We recommend that, at the very minimum, the following components are included in the project’s page:
   
   1. The name and identity of the entity collecting the information: GDPR requires the organization collecting the personal data (that’s you) to identify themselves. This can be done through the link to your Privacy Policy, or by downloading a file.
   2. The purpose of each of the processing operations for which consent is sought: this field uses checkboxes to get consent for each marketing activity you conduct.
   3. What kind and categories of data will be collected and used: when using the sales interface, make sure you only collect data you need, this is part of the 'data minimization' principle in GDPR.
   4. The possibility to withdraw consent: If you contacting your leads, let your leads know they can change their mind at any time with the Unsubscribe link. It must be as easy to withdraw consent as it was to give it.
   5. Do not use pre-checked consent checkboxes. Your lead must make a clear affirmative act, such as ticking an optional box stating "I consent".
2. Segment your lead list according to the processing purposes for which the consent was given. Name your list accordingly so you can easily find it later.
3. When you're done, all GDPR fields will be included in compatible published projects. New leads that use your sales interface will be able to give their consent to the marketing purpose you detailed.