In order to protect the data of our customers, Fonteva has implemented security measures with regards to form mapping. We also strive to implement the guidelines and rules set forth in GDPR.
The General Data Protection Regulation (GDPR) is a privacy and security law. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU.
When it comes to Fonteva Forms, there are restrictions on how a user can view and save data within Fonteva.
For more information on Fonteva Form data binding, see this page: Creating a Form with Enhanced Data Bindings.
Users who do not log in (unauthenticated) are not allowed to read form data from the database or make updates to the database. Why? If a person knows someone’s name and email, they can potentially view and update someone else’s contact data without confirming who they actually are.
If the user is matched to a contact and a mapped form is displayed, the form WILL NOT prepopulate with the already existing values from the database. Once values are populated and submitted, they will not update any of the Contact information. The data will be saved as a Form Response with Field Responses.
If the unauthenticated user is not matched to an existing contact, a new contact will be created. When this contact is created, Fonteva CAN capture new Contact information using the Create New Contact CSV configuration on the Store. If there is a form, those fields WILL NOT map for the new contact.
Users who do log in (thus confirming who they are), can read Contact information from the database and save to the database. With a mapped form, the form will be prepopulated with the database values and the user will be able to update/overwrite the values on their own contact record.
If an authenticated user is filling out forms for other contact besides themselves, the forms will not prepopulate. On save and submit, any new values will not overwrite existing values.