GDPR stands for General Data Protection Regulation. It is a regulation in EU law on data protection and privacy for all individuals within the EU and also addresses the export of personal data outside the EU.
The goal of this regulation is to give control to citizens and residents over their personal data. It also aims to simplify the regulations for international business by unifying the regulation within the EU.
GDPR will take effect on May 25, 2018. It will replace the 1995 EU Data Protection law.
At Findify, we have a firm commitment to complying with all aspects of the GDPR regulations. Below are the actions we’ve taken to do so:
- Mapping of our security and privacy measures
- Datastore mapping
- Added a Data Processing Addendum (DPA)
- Notifications of customers about changes and the DPA
As a data processor, we are giving you the tools to support data subject rights:
- Right of access and data portability
- Right to be forgotten
- Right to restrict processing
browsers. As a data controller, you are required to obtain consent from your visitors in order to comply with the European laws on data protection.
This page provides some advice on how to obtain consent and what to do in case the end-consumer does not consent.
Findify builds products with privacy and security central in its design.
This page summaries the security measures that Findify puts in place to protect customer data, covering:
- Compliance and Certification
- Business Continuity
- Data Security and Privacy
- Application Security
- Corporate Security
I want to use Findify but I do not want Findify to process any personal data. Can I still use the service?
Findify products rely on user data to feed our machine learning algorithms. That is to say, our algorithms need this data to learn. In addition, our 1:1 real-time personalization requires us to anonymously identify where a request is coming from. This gives us the ability to return products relevant to a specific person. Without the data that we collect, we would no longer be able to do this.
However, in the case where you do not wish to allow Findify to process personal data, our service will fallback to the non-personalized version.
You can accomplish that by setting the cookie findify_optout to the value 1. Our analytics library will then detect that you did not consent to the analytics tracking and will not send your personal data to our service.
For more information on how to set up the cookie, please visit this section.
We store the data we collect in the cloud services provider Amazon Web Services (AWS). Our servers are located in the United States.
No. Privacy Shield is a certification program that applies to US-based companies. Because Findify is an EU-based company, we are not part of the Privacy Shield. However, our sub-processors such as AWS and others (See Subprocessors section) are in fact part of the Privacy Shield.
Yes, the Data Processing Addendum is part of our Terms and Conditions. Moreover, Findify’s Data Processing Addendum is available to all of our customers to review upon request. To obtain a copy of our DPA, please contact us at [email protected].
Findify stores personal data for a period of 2 years. However at any point in time, if a data subject wishes to remove personal data from our system, they can do so by submitting a request to us. More details about this in the section “Can a data subject access the data you collect about them?”.
Data subjects have the right to access their personal data by submitting what is known as a personal information access request. To request access to the data Findify has collected on a specific data subject, on behalf of that subject, please follow the instructions explained in this section.
Yes. To request the removal of personal data of a specific data subject from our system, on behalf of that subject, please follow the instructions explained in this section.
When an email request for data removal has been submitted, the following happens:
- Findify will clear the uniq_id and visit_id from all the data collected, making it impossible to identify back a consumer.
- This process will take up to 30 days as we would need to remove the personal data from our long-term storage.
Once a request is submitted, we will remove all personal data that we’ve collected on that data subject from our system.
Yes. Findify works with the following set of subprocessors:
Data Processing Addendum
Findify has updated its DPA to ensure compliance with all GDPR-specific requirements. The DPA enables Findify's customers to comply with the GDPR.
List of subprocessors
The list of sub-processors can be found here.
Updated 7 months ago