Complying with data protection laws

As Aiir is used by radio stations all over the world, there is no one-size-fits-all approach to data protection, and you will need to check what is required in your local area.

Generally, the requirements will include pages on your website hosting your company's privacy policy and explaining any cookies used.

You may also want to set out the terms in which someone uses your website or app to protect your organisation as much as the data protection rules protect users.

These policies are legal documents, so Aiir cannot draft them for you. Find out more...

This page is intended as a guide covering some best practices, but you should seek your own legal advice for more information on the specific requirements that apply to you.

🍪 Cookies

Cookies are small data files stored on your device that remember preferences or settings based on how you use a website, such as when you log in or add something to a shopping basket.

By default, websites created using Aiir's CMS use very few cookies. We have published a list of each one and what it does, which you could incorporate into a page explaining which cookies are being used on your own site.

Whenever you add third-party services like advertising or analytics tracking - or even embedding a video or social media post - to your website, you may be adding additional cookies. It is important that any cookie explainer covers all cookies used by your website, not just those originally part of Aiir.

Some Aiir sites use a cookies banner to inform visitors that cookies are present. This feature was created as an optional courtesy to users and was never designed to comply with any specific legal requirements, so additional integrations may be required.

Some jurisdictions require explicit consent from site visitors indicating they accept the use of cookies on your website or require the ability to manage each one individually.

Consent management platforms are specialised products which can be integrated into Aiir or other content management systems. Find out more...

🙎🏻 Personal data

In the case of some laws like GDPR in Europe, Aiir is deemed to be a "data processor", meaning our responsibilities lie directly with stations, our customers, in terms of legal responsibilities for storing listener data.

Each station is directly responsible for its own legal requirements and ensuring the way in which Aiir's products are used complies with local regulations.

Data Control

Users' personal data can be managed through the Data Control area within the Admin section of Aiir. This is the hub for managing listener data. It is only accessible to Aiir users, who are assigned as Data Controllers by an organisation owner.

Forget Me

Within Data Control is a section where you can perform Forget Me administration, a requirement of GDPR where you must delete all identifiable information about them you hold on request. These requests can come in two ways:

  1. When logged in to your website's listener club, the account management area contains a new option for processing 'Forget Me' requests. Actioning this will add a request to the site's Data Control area. You will be required to manually complete the deletion process as there may be unexpected relationship issues with the deletion of data and other activity on your website (for example, competition entries). We have left the control in your hands to ensure that no automatic process creates complications at a later stage.
  2. Via a contact form, email, phone, or any other valid form of communication with your organisation. Your nominated Data Controller will need to go to the Forget Me section and start the process by entering identifying information supplied by the person requesting to be forgotten.

We recommend linking to the listener-facing ‘Forget Me’ page somewhere easily discoverable and relevant on your site, such as the listener club homepage. This ensures listeners are aware you offer this option and theoretically reduces the time spent on administration of incoming requests via other methods such as email, telephone, or post.

Listener Club

The listener club signup form does not enforce a consent check, which is GDPR compliant as long as your introductory text for signup clearly states that you will receive marketing emails (and, ideally, discuss the frequency) as part of being a listener club member.

You are responsible for writing this copy and ensuring it meets your local requirements. It can be entered in the Listener Club area, under the Settings tab, in the Sign Up Top Content panel.

Studio Inbox

The amount of time we store SMS messages received can be configured to reflect your own storage requirements.

The visibility of full phone numbers on incoming messages can also be toggled on or off.

SMS log reports can only be accessed by Data Controller users from within Data Control.

🔧 Aiir's access to your listeners' data

Unless we have a specific technical reason for accessing your listener's data held within our databases, it should not be visible to Aiir staff.

Our team does not have the ability to access listener club databases or the personal data attributes of form data submissions.

If you contact us with a support enquiry and your enquiry requires us to access this data, we will direct you to a form you can submit that grants our team a temporary permit to have this access. The permit automatically expires after a short period of time.

An exception to this is for our engineering team, which has access to our database servers. However, access is strictly only available to staff who absolutely require it and is only used for system admin purposes.

Still need help? Contact Us Contact Us