GDPR Compliance

All your Findify GDPR questions answered.

In short, is Findify GDPR-compliant?

Yes!

What is GDPR?

GDPR stands for General Data Protection Regulation. It is a regulation in EU law on data protection and privacy for all individuals within the EU and also addresses the export of personal data outside the EU.

The goal of this regulation is to give control to citizens and residents over their personal data. It also aims to simplify the regulations for international business by unifying the regulation within the EU.
GDPR will take effect on May 25, 2018. It will replace the 1995 EU Data Protection law.

What steps has Findify taken to comply with GDPR regulations?

At Findify, we have a firm commitment to complying with all aspects of the GDPR regulations. Below are the actions we’ve taken to do so:

  • Mapping of our security and privacy measures
  • Datastore mapping
  • Updated our privacy policy with the GDPR provisions
  • Added a Data Processing Addendum (DPA)
  • Notifications of customers about changes and the DPA

1. Supporting Data Subject Rights

As a data processor, we are giving you the tools to support data subject rights:

  • Right of access and data portability
  • Right to be forgotten
  • Right to restrict processing

2. Obtaining Consent

Findify uses cookies to provision its services to you by setting a cookie in your visitor’s
browsers. As a data controller, you are required to obtain consent from your visitors in order to comply with the European laws on data protection.

This page provides some advice on how to obtain consent and what to do in case the end-consumer does not consent.

3. Privacy by Design

Findify builds products with privacy and security central in its design.

This page summaries the security measures that Findify puts in place to protect customer data, covering:

  • Compliance and Certification
  • Infrastructure
  • Business Continuity
  • Data Security and Privacy
  • Application Security
  • Corporate Security

GDRP FAQ

Does Findify process personal data?

Yes, we store or process the type of data stated in our Privacy Policy and Data Processing Addendum. While the data does not directly identify individuals, we do use online identifiers, such as cookies. We do not process sensitive information such as gender, health, religion or political views.

I want to use Findify but I do not want Findify to process any personal data. Can I still use the service?

Findify products rely on user data to feed our machine learning algorithms. That is to say, our algorithms need this data to learn. In addition, our 1:1 real-time personalization requires us to anonymously identify where a request is coming from. This gives us the ability to return products relevant to a specific person. Without the data that we collect, we would no longer be able to do this.

However, in the case where you do not wish to allow Findify to process personal data, our service will fallback to the non-personalized version.

I do not want Findify to gather data for a specific session. How can I go around this?

You can accomplish that by setting the cookie findify_optout to the value 1. Our analytics library will then detect that you did not consent to the analytics tracking and will not send your personal data to our service.

For more information on how to set up the cookie, please visit this section.

Where does Findify store my data?

We store the data we collect in the cloud services provider Amazon Web Services (AWS). Our servers are located in the United States.

Since Findify transfers data to the US, is Findify part of Privacy Shield?

No. Privacy Shield is a certification program that applies to US-based companies. Because Findify is an EU-based company, we are not part of the Privacy Shield. However, our sub-processors such as AWS and others (See Subprocessors section) are in fact part of the Privacy Shield.

Does Findify offer a Data Processing Addendum?

Yes, the Data Processing Addendum is part of our Terms and Conditions. Moreover, Findify’s Data Processing Addendum is available to all of our customers to review upon request. To obtain a copy of our DPA, please contact us at [email protected].

How long does Findify store the personal data of data subjects?

Findify stores personal data for a period of 2 years. However at any point in time, if a data subject wishes to remove personal data from our system, they can do so by submitting a request to us. More details about this in the section “Can a data subject access the data you collect about them?”.

Can a data subject access the data Findify collects about them?

Data subjects have the right to access their personal data by submitting what is known as a personal information access request. To request access to the data Findify has collected on a specific data subject, on behalf of that subject, please follow the instructions explained in this section.

Can a data subject request the removal of all their personal data from the Findify system?

Yes. To request the removal of personal data of a specific data subject from our system, on behalf of that subject, please follow the instructions explained in this section.

When an email request for data removal has been submitted, the following happens:

  • Findify will clear the uniq_id and visit_id from all the data collected, making it impossible to identify back a consumer.
  • This process will take up to 30 days as we would need to remove the personal data from our long-term storage.

NB: If a data subject requests that their data be removed from our system, but then in the future opts-in to analytics tracking again, we will begin collecting data on this subject again. We give our merchant a Javascript snippet that they can copy/paste to their consent banner in order for the customer to opt-out completely from the Findify analytics tracking.

Once a request is submitted, we will remove all personal data that we’ve collected on that data subject from our system.

Does Findify use subprocessors to further process end-consumer data?

Yes. Findify works with the following set of subprocessors:

Third-party service vendor

Purpose

Entity/Country

Website

Amazon Web Services Inc.

Cloud hosting

USA (North Virginia)

https://aws.amazon.com

Functional Software, Inc. dba Sentry

Logging & Diagnostics

USA

https://sentry.io

Who can I contact with questions regarding GDPR?

We encourage you to review this FAQ page first, in addition to our Privacy Policy as it includes many commonly asked questions. However, we also understand there are circumstances where it may help to connect with us directly. For more information, please contact us at [email protected]

Additional Resources

Data Processing Addendum
Findify has updated its DPA to ensure compliance with all GDPR-specific requirements. The DPA enables Findify's customers to comply with the GDPR.

List of subprocessors
The list of sub-processors can be found here.

Privacy Policy
We updated our privacy policy.