FAQ

All your questions that you may be asking yourself about Findify's compliance to GDPR

In short, is Findify GDPR-compliant?

Yes!

What is GDPR?

GDPR stands for General Data Protection Regulation. It is a regulation in EU law on data protection and privacy for all individuals within the EU and also addresses the export of personal data outside the EU.

The goal of this regulation is to give control to citizens and residents over their personal data. It also aims to simplify the regulations for international business by unifying the regulation within the EU.
GDPR will take effect on May 25, 2018. It will replace the 1995 EU Data Protection law.

What steps has Findify taken to comply with GDPR regulations?

At Findify, we have a firm commitment to complying with all aspects of the GDPR regulations. Below are the actions we’ve taken to do so:

  • Mapping of our security and privacy measures
  • Data store mapping
  • Updated our privacy policy with the GDPR provisions
  • Added a Data Processing Addendum (DPA)
  • Notifications of customers about changes and the DPA

Does Findify process personal data?

Yes, we store or process the type of data stated in our Privacy Policy and Data Processing Addendum. While the data does not directly identify individuals, we do use online identifiers, such as cookies. We do not process sensitive information such as gender, health, religion or political views.

I want to use Findify but I do not want Findify to process any personal data. Can I still use the service?

Findify products rely on user data to feed our machine learning algorithms. That is to say, our algorithms need this data to learn. In addition, our 1:1 real-time personalization requires us to anonymously identify where a request is coming from. This gives us the ability to return products relevant to a specific person. Without the data that we collect, we would no longer be able to do this.

However, in the case where you do not wish to allow Findify to process personal data, our service will fallback to the non-personalized version.

I do not want Findify to gather data for a specific session. How can I go around this?

You can accomplish that by setting the cookie findify_optout to the value 1. Our analytics library will then detect that you did not consent to the analytics tracking and will not send your personal data to our service.

For more information on how to setup the cookie, please visit this section.

Where does Findify store my data?

We store the data we collect in the cloud services provider Amazon Web Services (AWS). Our servers are located in the United States.

Since Findify transfers data to the US, is Findify part of Privacy Shield?

No. Privacy Shield is a certification program that applies to US based companies. Because Findify is a EU-based company, we are not part of the Privacy Shield. However, our sub-processors such as AWS and others (See Subprocessors section) are in fact part of the Privacy Shield.

Does Findify offer a Data Processing Addendum?

Yes, the Data Processing Addendum is part of our Terms and Conditions. Moreover Findify’s Data Processing Addendum is available to all of our customers to review upon request. To obtain a copy of our DPA, please contact us at [email protected].

How long does Findify store the personal data of data subjects?

Findify stores personal data for a period of 2 years. However at any point in time, if a data subject wishes to remove personal data from our system, they can do so by submitting a request to us. More details about this in the section “Can a data subject access the data you collect about them?”.

Can a data subject access the data Findify collects about them?

Data subjects have the right to access their personal data by submitting what is known as a personal information access request. To request access to the data Findify has collected on a specific data subject, on behalf of that subject, please follow the instructions explained in this section.

Can a data subject request the removal of all their personal data from the Findify system?

Yes. To request the removal of personal data of a specific data subject from our system, on behalf of that subject, please follow the instructions explained in this section.

When an email request for data removal has been submitted, the following happens:

  • Findify will clear the uniq_id and visit_id from all the data collected, making it impossible to identify back a consumer.
  • This process will take up to 30 days as we would need to remove the personal data from our long term storage.

NB: If a data subject requests that their data be removed from our system, but then in the future opts-in to analytics tracking again, we will begin collecting data on this subject again. We give our merchant a Javascript snippet that they can copy/paste to their consent banner in order for the customer to opt-out completely from the Findify analytics tracking.

Once a request is submitted, we will remove all personal data that we’ve collected on that data subject from our system.

The Small plan is free… is it free so that you can violate my privacy?

No! The Small plan is free because we would like to help you kickstart your ecommerce journey. There are no hidden intentions. We comply with GDPR with respect to our Small plans as well.

Does Findify use subprocessors to further process end-consumer data?

Yes. Findify works with the following set of subprocessors:

Third-party service vendorPurposeEntity/CountryWebsite
Amazon Web Services Inc.Cloud hostingUSA (North Virginia)https://aws.amazon.com
Functional Software, Inc. dba SentryLogging & DiagnosticsUSAhttps://sentry.io

Who can I contact with questions regarding GDPR?

We encourage you to review this FAQ page first, in addition to our Privacy Policy as it includes many commonly asked questions. However, we also understand there are circumstances where it may help to connect with us directly. For more information, please contact us at [email protected]