GDPR 2018Our approach is to conform with 2018 EU General Data Protection Regulation as soon as possible. Please return to this page for GDPR implementation updates. Until 25 May there are left:
How Vibetrace is getting ready for GDPR:Under GDPR anticipation, which comes into force on 25th May 2018, we consider the following:
We willadd personal data processing agreement to our Terms & Conditions.
We willallow download of all collected personal information for one user.This feature is already added. See details.
We willallow users not be tracked on your website. See details
We willallow to collect personal data after having explicit user agreement.Our email collectors have a required checkbox.
We willrespect all rules both as a Data Controller and a Data Processor.
- We will add the possibility to delete personal data through the admin dashboard and also through API.This is the last step we need to do.
In addition, to extra protect our customers and personal data they control, we will add more feature to strengthen compliance with GDPR rules.
What is GDPR:GDPR is an abreviation of General Data Protection Regulation, which refers to the right of personal data for EU citizens. This regulation allows EU citizens the right to request access, change and/or removal of any personal date from a company. GDPR defines 3 roles:
- Data Subject (internet users), owners of personal information
- Data Controller (companies that controls this data). Online stores, websites. Examples are Vibetrace’s clients or vibetrace.com website
- Data Processor (data processors that deliver a service to Data Controllers). This is Vibetrace
For internet users (Data Subject)Internet Users represent your online store visitors, clients, employees
What is VibetraceVibetrace is a marketing automation software that helps online retailers sell more and easier. To do this, we provide businsesses with email marketing, onsite/email/push retargeting, product recommendations, push notifications or landing pages services. All Vibetrace services show potentials customers the most relevant products to entince them into buying. Our services include:
- Product catalogue analysis for each customer
- Purchase history analysis
- Onsite behaviour tracking and analysis
What data are we collectingWhen an user visits a store using Vibetrace, the following data is collected:
- Visited pages
- Media content given by Vibetrace
- Content clicks and interactions
- Purchased products from orders
- Email address, if shop wants this thing
- Firstname, Lastname and email address when they become clients
- Data is kept up to 12 months, depending on visit frequency and duration.
What users can doFor any information shared with Vibetrace by a Data Controller (store/website), users are able to:
- 1. Obtain a copy of the information
- 2. Bring changes to this data
- 3. Request data removal
- 4. Choose not to be tracked any more
How does Vibetrace Marketing Automation Software works:We take GDPR seriously, the same way we’ve respected and protected personal information for our users.
Measures already implemented:
- All data is saved and processed in a safe environment, behind private networks and secure cloud from Amazon, Google and Azure.
- Personal information are kept separetely and passwords are encrypted.
- There is a high probability that data processing is outside EU. Suppliers we are using to keep and process our data are also in line with the data protection regulation.
- We run routine tests to detect vulnerabilities on our platform.
- Our employees only have access to these personal data to perform their job tasks.
What you need to do as an online business/ecommerce store:You will need to gain explicit tracking permission from your users. We recommend to check rules that apply to you from a specialised legal office.
When receiving a delete request, you will need to remove all personal data from your own system and from Vibetrace to remove the change of reimporting users into Vibetrace. Complete removal of personal data could take up to 30 days based on platform technical details.
You will need to keep all removal/update requests for at least 60 days, in cases like returning to an older backup so we know to remove this data again. In such situations you will be contacted by one of our representatives.
You need to agree that you read, understand and implemented these things, before starting to track users.
For any questions, please contact us or send an email to [email protected]