GDPR
As the leading performance marketing platform, RedTrack.io is committed to providing its customers with full transparency and control over their users’ personal data, empowering them in their GDPR compliance journey.
On May 25, 2018, The European Union enforces a new data privacy law, the General Data Protection Regulation (GDPR). A primary aim of the GDPR is to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach it.
Any company that collects or processes personal data of persons in the EU falls under the scope of the GDPR, even if the company has no physical presence in the European Union.
This means that most businesses with a global or online presence, including RedTrack.io customers are affected.
RedTrack Technologies Ltd ("RedTrack Technologies", "us", or "we") acts as controller of your personal data when you provide it to RedTrack.io (see Privacy Policy for details) or the processor of the personal data you collect using RedTrack.io product and services.
| Data Controller | Data Processor | 
|---|---|
| "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data | "Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. | 
| When we process RedTrack.io user data RedTrack.op is a Data Controller. RedTrack.io clients are data controllers in respect to their user data. | RedTrack.io is a data processor for the personal data collected by RedTrack.io users. | 
How does RedTrack.io Prepare for the GDPR?Collection of Personal Data
We enable our users at the account level to opt in for real-time IP obfuscation and unique Device ID blanking for all EU countries.
IP obfuscation (replacing the last octet of the IP with a 0) currently exists within the platform for German IPs, and will be expanded to include all EU countries.
Data Collection and Retention Policies:With data minimization principles in mind, we’ve made the following changes:
a) IP addresses for EU countries are stored obfuscated.
b) All log-level reporting will have a 12-month rolling retention period.
c) Note: these retention window changes will only impact the Conversion Report and Click Logs. All Stats Report queries may still be available beyond these retention windows,
d) Data Deletion Process: The measures that are required by articles 17, 30 and art. 32 para. 4 GDPR include:
Physical Access ControlOur physical data centers are secure. Security measures include having security officers onsite, monitoring and alarm systems, video/CCTV monitors and much more. No person, not even a member of RedTrack.io, has self-determined access to the servers.
Data Access, Usage and Transmission ControlsTools in place to protect unauthorized access, usage or transmission of data. The data cannot be changed or deleted by unauthorized persons during transmission.
Separation RuleTo keep data private and secure we ensure that any information collected for different purposes is separate during processing. This extends to test systems and production systems as well.
PseudonymizationAny data is hashed as early as possible. The processing of personal data happens in a way that the data can no longer be assigned to a specific data subject without additional information being provided.
Availability Control and Rapid RecoverabilityFrequent backups protect all stored data against loss. creates continuous backups, which are also transferred to a remote site. With this, we can restore data if lost.
Incident Response ManagementIf data is lost we inform those affected immediately.
End User Customer DataIf any End User Customer Data collected through your use of the Service is deemed Personal Data (as such term is defined under the EU General Data Protection Regulation 2016/679 ("GDPR" and "Personal Data" respectively) and is subject to the GDPR, then the terms and conditions set forth in the RedTrack Data Processing Agreement available at https://redtrack.io/gdpr.pdf shall apply to the use and processing of such Personal Data and shall be incorporated by reference into, and made an integral part of Terms of Use.
Privacy by DesignRedTrack.io has implemented appropriate technical and organizational measures into our software development life cycle for ensuring that personal data is processed strictly in accordance with our customers’ instructions and configurations.
a) Personal Data is collected only when assurance of user consent is obtained
b) No selling or re-brokering of personal data
c) Opt-out/opt-in options
d) Honoring do-not-track privacy choices
Updated DocumentationWe updated our Terms and Conditions and Privacy Policy, and User Agreement.
While the content on this page is to help you understand the GDPR when working with third parties, the information contained should not be construed as legal advice. You should consult with your own legal counsel with respect to interpreting your unique obligations under the GDPR and the use of a company’s products and services to process personal data.
For more on our GDPR compliance, get in contact with our privacy team — privacy@redtrack.io.