Rebrandly is GDPR Compliant

GDPR_Compliant.jpg

In May 2018 General Data Protection Regulation (GDPR) laws were introduced in Europe, changing the way companies all over the globe must treat, process and store consumer data. GDPR strengthens previous versions of data protection laws and provides individuals with more control over their data. Under GDPR, brands and companies have had to make significant changes to their policies, and Rebrandly is no exception. We take security and privacy seriously and are fully GDPR compliant. 

What is Personal Data?
GDPR classifies personal data as information that's related to an identified or identifiable natural person. This includes names, identification numbers, location data, online identifiers or special characteristics that can express the physical, genetic, mental, cultural or social identity of a natural person. 

Examples of personal data include telephone numbers, credit card numbers, account data, appearance, address, number plates, customer IDs and more.

What is the difference between a Data Controller and a Data Processor?
"A controller is the entity that determines the purposes, conditions, and means of the processing of personal data, while the processor is an entity which processes the personal data on behalf of the controller." 

Based on this definition, Rebrandly is both a Data Processor and a Data Controller. 

Rebrandly as a Data Controller
We store our customers' data, such as billing data, payment methods, and other types of personal data solely for the purposes of providing the link management solution. In this scenario, we are considered to be a data controller and have taken measures to ensure our GDPR compliance. Please visit our Terms & Conditions and Privacy Policy for more information. 

Rebrandly as a Data Processor
In order to provide customers with click stats, we analyze data from the users who click on your links. In this scenario, Rebrandly is considered the data processor on behalf of our customers, who are individual data controllers.

To produce click metrics we analyze a variety of sources of data, none of them considered personal data under GDPR- save for the IP address. While an IP address can be considered personal data, we anonymize it by truncating the last class of digits prior to any reporting or storing. As such, no personal data is stored and Rebrandly click metrics are not subject to GDPR laws. Even cases of IPv6, we anonymize the data and remain compliant. 

Note that some customers may wish to pass personal data through their links in the form of forwarding parameters. In this case, it's the customer's responsibility to notify us as well as their own customers that links contain personal data. If you think your specific needs may cause your use case to fall under GDPR, please contact our support team on Rebrandly.Support/Contact

This Article is About:

  • GDPR
  • GDPR Compliance
  • Data Processors
  • Data Controllers

 

 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.