We are constantly evaluating our privacy guidelines and updating our platform to be compliant with every certification required by an Ad-Tech platform.
The General Data Protection Regulation (GDPR) is an important piece of legislation that came into effect on 25th May 2018. It has been designed to strengthen and unify data protection laws for all EU citizens.
According to Article 4 of GDPR, personal data includes various digital identifiers. Other than the typical name, photos, email, the following information is also personal and hence needs to be protected:
- IP addresses
- Online identifiers
- A user’s location data
- Biometric data (fingerprints and retina scans)
- Behavioral and demographic profiling data
TOMs or Technical and organizational measures are prescribed measures to ensure the security of the processing of personal data. These may include deletion policies, a record of processing activities, and more.
- There is no access, usage, or transmission of data without authorization.
- For complete data privacy and security, all information is separate during processing whether it be test systems or production systems.
- All data is pseudonymized so no personal data can be assigned to a specific data subject without additional information being provided.
- We make frequent backups and transfer them to remote sites to protect all stored data against loss.
GDPR compliance enables you to easily store and process data locally and streamline user deletion and suppression rights requests.
- Store & process customer data locally or within your preferred region.
- Issue deletion requests from a simple interface or use Trackier’s HTTP API to delete a specified user’s data.
- Get confirmation upon the deletion of data to keep your users and company updated.
- Block data collection for specific users and issue suppression requests to restrict user data from being sent anywhere.
- Enable user data collection with a single API and compile user data for access and portability requests.
- Enable a raw data integration or warehouse to organize data about a given user, so you can easily share it in a structured format if requested.
- Automatically update user profiles in omtrackr whenever new information is received.
CCPA or California Consumer Privacy Act is a California state law that introduces new data privacy rights to consumers and imposing limits on the collection and sale of personal information of California consumers by businesses. As a SaaS AdTech solution provider, we fully comply with CCPA rules. The requests of our clients with regards to provide or delete data are met with complete compliance.
CCPA only applies to California-based companies (or companies that do business in California) that have a hand in the decision-making process of how and why personal data is stored. These are the characteristics to look out for:
- Making gross revenue of over $25 mil per year
- Buying, selling, receiving, or sharing personal information from over 50,000 consumers, households, or devices per year
- Generating half or more of their revenue per year from selling personal information.
As a service provider we protect the following information under the CCPA guidelines:
- IP addresses
- Email addresses
- Account names
- Social security numbers
- Driver license numbers
- Bank account numbers
- Credit card numbers
- Records of personal property
- Biometric Information
- Browsing history
- Geolocation data
- Professional or employment-related information, and more
CCPA grants consumers of service providers a plethora of rights to preserve their privacy.
- Consumers can access their personal data being collected and stored by a Business at any given time, twice a year.
- Data should be delivered to the user in a suitable format, such as a readily accessed file or by mail.
- Businesses have to include the consumer’s rights within their privacy notice, covering the kinds of personal information they are collecting and
- Businesses have to disclose if they will sell their users’ personal information (what and to whom) for monetary gain to a third party.
- Adults must be notified of their right to opt out of any business practice that sells personal information to third parties.
- For children under 13, Businesses must acquire consent from the child’s guardian before selling the child’s personal data.
- The consumer can request a Business to delete personal information about them which they have to do within 45 days.
- No discrimination can occur, i.e. no charging of different prices or rates, denying app access in part or in whole, or providing a lower level of the app experience and quality.
This is not legal advice, rather the information here is just to facilitate your understanding of GDPR & CCPA when working with third parties. We implore you to consult your own legal counsel with respect to interpreting your unique obligations under GDPR and CCPA and the use of a company’s products and services to process personal data.