We are constantly evaluating our privacy guidelines and updating our platform to be compliant with every certification required by an Ad-Tech platform.
Trackier and GDPR
The General Data Protection Regulation (GDPR) is an important piece of legislation that came into effect on 25th May 2018. It has been designed to strengthen and unify data protection laws for all EU citizens.
What data needs to be protected under GDPR?
According to Article 4 of GDPR, personal data includes various digital identifiers. Other than the typical name, photos, email, the following information is also personal and hence needs to be protected:
A user’s location data
Biometric data (fingerprints and retina scans)
Behavioral and demographic profiling data
TOMs under GDPR
TOMs or Technical and organizational measures are prescribed measures to ensure the security of the processing of personal data. These may include deletion policies, a record of processing activities, and more.
There is no access, usage, or transmission of data without authorization.
For complete data privacy and security, all information is separate during processing whether it be test systems or production systems.
All data is pseudonymized so no personal data can be assigned to a specific data subject without additional information being provided.
We make frequent backups and transfer them to remote sites to protect all stored data against loss.
How can you use GDPR to your advantage?
GDPR compliance enables you to easily store and process data locally and streamline user deletion and suppression rights requests.
Store & process customer data locally or within your preferred region.
Issue deletion requests from a simple interface or use Trackier’s HTTP API to delete a specified user’s data.
Get confirmation upon the deletion of data to keep your users and company updated.
Block data collection for specific users and issue suppression requests to restrict user data from being sent anywhere.
Enable user data collection with a single API and compile user data for access and portability requests.
Enable a raw data integration or warehouse to organize data about a given user, so you can easily share it in a structured format if requested.
Automatically update user profiles in Trackier whenever new information is received.
Trackier and CCPA
CCPA or California Consumer Privacy Act is a California state law that introduces new data privacy rights to consumers and imposing limits on the collection and sale of personal information of California consumers by businesses. As a SaaS AdTech solution provider, we fully comply with CCPA rules. The requests of our clients with regards to provide or delete data are met with complete compliance.
Are you covered under CCPA?
CCPA only applies to California-based companies (or companies that do business in California) that have a hand in the decision-making process of how and why personal data is stored. These are the characteristics to look out for:
Making gross revenue of over $25 mil per year
Buying, selling, receiving, or sharing personal information from over 50,000 consumers, households, or devices per year
Generating half or more of their revenue per year from selling personal information.
What information needs to be protected under CCPA?
As a service provider we protect the following information under the CCPA guidelines:
Social security numbers
Driver license numbers
Bank account numbers
Credit card numbers
Records of personal property
Professional or employment-related information, and more
Rights under CCPA
CCPA grants consumers of service providers a plethora of rights to preserve their privacy.
Consumers can access their personal data being collected and stored by a Business at any given time, twice a year.
Data should be delivered to the user in a suitable format, such as a readily accessed file or by mail.
Businesses have to include the consumer’s rights within their privacy notice, covering the kinds of personal information they are collecting and
Businesses have to disclose if they will sell their users’ personal information (what and to whom) for monetary gain to a third party.
Adults must be notified of their right to opt out of any business practice that sells personal information to third parties.
For children under 13, Businesses must acquire consent from the child’s guardian before selling the child’s personal data.
The consumer can request a Business to delete personal information about them which they have to do within 45 days.
No discrimination can occur, i.e. no charging of different prices or rates, denying app access in part or in whole, or providing a lower level of the app experience and quality.
This is not legal advice, rather the information here is just to facilitate your understanding of GDPR & CCPA when working with third parties. We implore you to consult your own legal counsel with respect to interpreting your unique obligations under GDPR and CCPA and the use of a company’s products and services to process personal data. For more information on our GDPR and CCPA compliance, get in touch with our team at email@example.com.
What is the difference between a data processor and a data controller?
According to Article 4 of the EU GDPR, different roles are identified as indicated below:
Controller (Trackier’s Clients)
“means the natural or legal person, public authority, agency or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data”
Processor (Trackier )
“means a natural or legal person, public authority, agency or another body which processes personal data on behalf of the controller”
Our Commitment toward GDPR
We are fully committed to upholding the privacy and rights of our customers and their customers. The essence of the GDPR is in direct alignment with our core values of customer trust and data privacy. With that in mind, we are actively working toward defining our roadmap for GDPR to overhaul our systems and processes in accordance with the standards. We are committed to achieving GDPR compliance well before the May 25, 2018 deadline.
With data minimization principles in mind, we’ve made the following changes: IP addresses and the Device IDs will have a default 90-days rolling retention. All log-level reporting will have a 6-month rolling retention period.
Note: these retention window changes will only impact the Conversion Report and Click Logs. All Stats Report queries will still be available beyond these retention windows, though Affiliate Sub Id’s p1-p10 or Source stats queries are available for 18 months.
A Deletion Policy, a Record of
All these are required by articles 17, 30 and art. 32 para. 4 GDPR. This includes, for example, measures like:
Physical access control – Our physical data centres are secure. Security measures include having security officers on-site, monitoring and alarm systems, video/CCTV monitors and much more. No person, not even a member of Trackier, has self-determined access to the servers. Data access, usage and transmission controls – Tools in place to protect unauthorized access, usage or transmission of data. Separation rule – To keep data private and secure we ensure that any information collected for different purposes is separate during processing. This extends to test systems and production systems as well. Pseudonymization – any data is hashed as early as possible. The processing of personal data happens in a way that the data can no longer be assigned to a specific data subject without additional information being provided. Availability control and rapid recoverability – frequent backups protect all stored data against loss. Trackier creates continuous backups, which are also transferred to a remote site. With this, Trackier can restore data if lost. Incident response management – if data is lost we inform those affected immediately.
Below Are Six Steps you can take to Prepare your Team and your Company for the GDPR Deadline.
Get management buy-in and create awareness. Make sure all necessary stakeholders are involved in ensuring your organization is ready and knowledgeable about its GDPR obligations.
Run a Data Audit
You need to figure out what personal data you already hold in the databases- how you collect, use, and store personal data. Update your external notices to end-users and partners on how you will use their data.
Develop the Consent Management
You need to explain your users very clearly why you are collecting their information, how it will be used and ideally, how long you’ll keep their data for. If you’re sharing their details with sponsors and exhibitors, then you need to name those organizations.
Get to Know Your User’s Rights
Don’t forget that GDPR is all about giving individuals more control over the use of their personal information. Check all the rights here.
Prepare for a Data Breach
This is really key because it is essentially what can get your organization into a lot of trouble if it’s not complying with GDPR. GDPR requires all organisations to report data breaches to the ICO or other such authority if it’s likely to result in a risk to the rights and freedom of individuals
Keep the Data Safe.
GDPR definitely puts security more in front of mind when it comes to your event data. You’ll need to show that you’re doing your best to protect the personal information of individuals to minimize the chances of it getting into the wrong hands.
What Is CCPA?
The California Consumer Privacy Act (CCPA) is a state law that has been operational since January 1, 2020. The intention of CCPA is to provide individuals (in this case California residents) with increased control over their data and privacy while imposing increased obligations on businesses.
The CCPA is applicable to any for-profit organization that meets certain conditions and does business in California. “Doing business in California” should be interpreted broadly to include anyone who collects or sells personal information of California residents. This regulation applies to many of Trackier’s customers.
Tap every user attribution in real-time with Trackier