The Web service allows a simple way to obtain consent to the processing of personal and sensitive data in accordance with Directive GDPR. It is integrated in the ABRA gene information system, where the consents are also directly written through the Web API.
The service consists of two parts
- Extension of ABRA Gen – a user extension that complements the standard agenda ABRA Gen and allows communication with the Web Part.
- Web application – An application running on a Web server that provides a graphical interface for communication with the customer.
What the service does for you
- Effective and automated consent to the processing of personal data over the Web.
- Reduction of the costs of administration of consents due to their automatic writing to the system ABRA Gen.
- Reduced communication costs (especially postal costs) through e-mail communication.
- Fast processing of consents when implementing GDPR rules and automating the acquisition of further consents.
- The solution is available as a service, without the necessity of its own HW and SW, with the guarantee of the manufacturer ERP.
- The ability to operate on your own domain for a higher level of security.
- Simple billing According to the received approvals per month.
- 9900 Service activation,-(the first 100 consents included)
- Each additional processed consent is 9 Kč.
- Charged monthly, but at least 290,-
- The implementation price is individual
Model Example: If the company gains 3000 consents, it will pay 9900 CZK + 2900 * 9 CZK i.e. Total 36 000 CZK
The ABRA Gen API (https://www.abra.eu/api-abra-gen) must be instaled and configured to operate the Consent collection service for processing personal data. Installation and configuration can be part of your implementation.
How the service Works
- The ABRA gene sends the selected persons from the address Book an e-mail asking for consent to the processing of personal and sensitive data.
- The e-mail includes information about the reasons for obtaining consent and a link to the Web application for giving consent.
- The Web page displays text describing the reasons for obtaining consent, a list of the data registered in the system and a button for granting consent.
- The texts of e-mails and texts on the consent Web site can be fully user-configurable from the environment ABRA Gen, including language versions.
- Manual upload option or full automation consultant (via scripting).
- The service is implementačně customizable and at the ABRA Gen level provides Skriptingu support.
- The service is operated on servers ABRA, where the user of the service can select the domain of the third order eg. https://vasefirma.souhlasy.online
Examples of Use
- Obtaining initial consent – when introducing processes in accordance with GDPR, it is possible to generate “allowances” and send e-mails to existing persons. The person’s consent will either confirm or the generated permit expires and the data will not be processed.
- General consent – Any request for consent can be submitted. Requests can be made automatically or manually.
- Consent confirmation during registration/order via the Web – if the person fills out the form on the website, or creates an order in the E-shop and at the same time “ticks” that they agree to the processing of personal data, the system ABRA gene will be generated to generate the permit for a temporary period and The person will receive an email with a link to reconcile the processing of personal data. This link is modified to allow automatic reconciliation.
Communication and Operation
The application is operated on an HTTPS protocol and communicates with the information system via an equally secure API. The application itself does not store any sensitive or personal data. Therefore, security and data protection is a data processor. HTTPS Web services are provided by the operator, i.e. ABRA Software. HTTPS on the API side is provided by the customer. For added security, it is recommended that the firewall only allow access to the API from the Web application’s IP address.
E-mail communication takes place outside the Web application. E-mails are sent directly to the system ABRA Gen. The security of e-mail communication is within the competence of the customer.
Links and access to information
The Web application does not provide user authentication, respectively. E-mail recipients. Validation is determined by the unique URL that is included in the email. The content of the email and the content of the page with consent is generated by the ABRA gene system directly in the customer installation. After sending the consent or its expiration, the URL of the consent is reset and it is not possible to return to the previously used link.