GDPR stands for General Data Protection Regulation. It is a regulation in EU law on data protection and privacy for all individuals within the EU and also addresses the export of personal data outside the EU.
The goal of this regulation is to give control to citizens and residents over their personal data. It also aims to simplify the regulations for international business by unifying the regulation within the EU.
GDPR will take effect on May 25, 2018. It will replace the 1995 EU Data Protection law.
At Findify, we have a firm commitment to complying with all aspects of the GDPR regulations. Below are the actions we’ve taken to do so:
- Mapping of our security and privacy measures
- Data store mapping
- Added a Data Processing Addendum (DPA)
- Notifications of customers about changes and the DPA
Findify products rely on user data to feed our machine learning algorithms. That is to say, our algorithms need this data to learn. In addition, our 1:1 real-time personalization requires us to anonymously identify where a request is coming from. This gives us the ability to return products relevant to a specific person. Without the data that we collect, we would no longer be able to do this.
However, in the case where you do not wish to allow Findify to process personal data, our service will fallback to the non-personalized version.
You can accomplish that by setting the cookie findify_optout to the value 1. Our analytics library will then detect that you did not consent to the analytics tracking and will not send your personal data to our service.
For more information on how to setup the cookie, please visit this section.
We store the data we collect in the cloud services provider Amazon Web Services (AWS). Our servers are located in the United States.
No. Privacy Shield is a certification program that applies to US based companies. Because Findify is a EU-based company, we are not part of the Privacy Shield. However, our sub-processors such as AWS and others (See Subprocessors section) are in fact part of the Privacy Shield.
Yes, the Data Processing Addendum is part of our Terms and Conditions. Moreover Findify’s Data Processing Addendum is available to all of our customers to review upon request. To obtain a copy of our DPA, please contact us at firstname.lastname@example.org.
Findify stores personal data for a period of 2 years. However at any point in time, if a data subject wishes to remove personal data from our system, they can do so by submitting a request to us. More details about this in the section “Can a data subject access the data you collect about them?”.
Data subjects have the right to access their personal data by submitting what is known as a personal information access request. To request access to the data Findify has collected on a specific data subject, on behalf of that subject, please follow the instructions explained in this section.
Yes. To request the removal of personal data of a specific data subject from our system, on behalf of that subject, please follow the instructions explained in this section.
When an email request for data removal has been submitted, the following happens:
- Findify will clear the uniq_id and visit_id from all the data collected, making it impossible to identify back a consumer.
- This process will take up to 30 days as we would need to remove the personal data from our long term storage.
Once a request is submitted, we will remove all personal data that we’ve collected on that data subject from our system.
No! The Small plan is free because we would like to help you kickstart your ecommerce journey. There are no hidden intentions. We comply with GDPR with respect to our Small plans as well.
Yes. Findify works with the following set of subprocessors: