On May 25th, 2018, the General Data Protection Regulation (GDPR), the European Union’s (EU) new data protection framework, will come into effect. Any organization that processes personal data of EU residents, or monitors the behavior of persons within the EU in connection with goods/services offered will be affected. The GDPR is an expansion of individuals’ privacy rights through tighter limits on the processing of their personal data, which provides increased transparency into the nature, purpose, and use of this data.
Personyze’s Commitment to Data Protection and GDPR Compliance
As an omni-channel personalization provider, Personyze understands the importance individuals’ rights to data privacy. GDPR compliance, as with other data protection laws, requires commitment from both Personyze and our clients. Personyze is in compliance with the GDPR since May 25th, 2018 and our services already include the functionality necessary for our customers to comply with the GDPR’s consent requirement. As we carefully examine the relevant provisions of the GDPR and track applicable GDPR guidance issued by regulatory authorities, we are taking steps to develop tools for our clients to facilitate GDPR-compliant use of Personyze services.
Key GDPR Compliant Personalization Requirements
The GDPR will change some data collection processes and procedures in Personyze, as well as how data is documented and managed. Below is an overview of some of the key GDPR requirements which Personyze will be in compliance with.
Among other Personyze offers, as preparation for GDPR, Personyze will ensure that:
- Data management:
Clients are able to determine what data is collected by Personyze. By default, Personyze does not store personal information, including IP addresses; when clients want to store IP, we offer anonymized IP addresses (Personyze recognizes visitors based on a unique ID we assign, which is not considered personal). We do collect the IP address for location extraction, and weather forecast, after which we promptly delete it. In Personyze, when you create a data container to collect data, you can decide if this data is moved to storage (analytics server) or deleted after the visitor’s session has ended. For recommendations and personalization, we don’t need the actual IP or name of the visitor who is on the site, because we build profiles based on affinity, interest, and behavior.
- Giving the visitor control over the data:
- In Personyze, you can turn tracking off or on based on the visitor’s consent (click here to read how), which will be kept in a log.
- Your account can be set up so that a visitor can see the data Personyze has on him or her, and delete it.
- Server Access:
Personyze uses Amazon server environments to store data collected from site visitors. The data can be accessed from the Personyze interface, where there is a role-based permission system to decide who has access to data.
Notifying Visitors of Your Use of Personyze
We have a pre-made clause to be included in any of our customer’s privacy policies who wish to use it, as seen below.
Please note that the wording provided is set to be a very generic statement and might need to be tailored to fit your particular use of Personyze’s service. We also recommend that you work with your own counsel to make sure that it addresses any concerns your business and customers might have.
Please let us know of any additional questions by contacting us through support@Personyze.com.