As the leading performance marketing platform, Tracknow LTD is dedicated to providing its customers with complete transparency and control over their users’ personal data, assisting them in their GDPR compliance journey.
What is the GDPR and How it Affects Tracknow LTD Customers
On May 25, 2018, the European Union implemented a new data privacy law, the General Data Protection Regulation (GDPR). The main goal of the GDPR is to standardize data privacy laws across Europe, ensuring the protection and empowerment of all EU citizens' data privacy and transforming the approach of organizations in the region.
Any company that collects or processes personal data of individuals in the EU is subject to GDPR, regardless of whether the company has a physical presence in the European Union. This means that most businesses with global or online operations, including Tracknow LTD customers, are impacted.
GDPR Compliance as a Shared Responsibility Between Data Controllers and Data Processors
Data Controller: This term refers to any natural or legal person, public authority, agency, or other entity that determines the purposes and methods of processing personal data. Tracknow LTD clients act as data controllers.
Data Processor: This term refers to any natural or legal person, public authority, agency, or other entity that processes personal data on behalf of the controller. Tracknow LTD serves as a data processor.
Our Commitment to You on Behalf of Your Data Processor
Tracknow LTD has implemented comprehensive measures to align with GDPR requirements and to help our customers meet their compliance obligations.
Data Collection and Retention Policies
With the principle of data minimization in mind, we’ve made the following changes:
- IP addresses and Device IDs will have a 12-month rolling retention.
- All log-level reporting will have a 12-month rolling retention period.
- Conversion Report and Click Logs are affected by these retention windows. Stats Report queries remain available beyond these windows, with Affiliate Sub 1-8 or Source stats queries available for 18 months.
Data Deletion Process
We adhere to the requirements set out in Articles 17, 30, and 32(4) of the GDPR, ensuring that customers can request deletion of personal data. This includes affiliates, advertisers, employees, and end-users. When deleting data, only the PII columns are removed, maintaining the accuracy of aggregate data.
Physical Access Control
Our data centers are highly secure, with security officers onsite, monitoring and alarm systems, video/CCTV monitors, and more. No individual, including Tracknow LTD staff, has self-determined access to the servers.
Data Access, Usage, and Transmission Controls
We use tools to prevent unauthorized access, usage, or transmission of data. Data cannot be altered or deleted by unauthorized persons during transmission.
Separation Rule
We ensure data privacy and security by keeping data collected for different purposes separate during processing, extending this principle to test and production systems.
Pseudonymization
Data is hashed as early as possible. The processing of personal data is conducted in a way that prevents it from being linked to a specific data subject without additional information.
Availability Control and Rapid Recoverability
We regularly back up all stored data to protect against loss. Continuous backups are created and transferred to a remote site, allowing for data restoration if needed.
Incident Response Management
In the event of data loss or a security incident, affected parties are promptly informed in accordance with GDPR requirements.
Deleting Affiliate, Advertiser, and Account Employee Personal Data
Customers have the option to permanently delete personal data stored regarding their affiliates, advertisers, or employees. Aggregate reporting data remains intact while PII is deleted.
Privacy by Design
Tracknow LTD integrates appropriate technical and organizational measures into our software development life cycle, ensuring that personal data is processed strictly according to our customers’ instructions and configurations.
- Personal Data is only collected with assured user consent.
- We do not sell or re-broker personal data.
- We provide opt-out/opt-in options.
- We respect do-not-track privacy preferences.
Data Subject Rights
Tracknow LTD assists its customers in fulfilling their obligations to respond to data subject requests, including the rights of access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making, in accordance with GDPR requirements.
International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA), Tracknow LTD ensures appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or other legally recognized transfer mechanisms.
Subprocessors
Tracknow LTD may engage carefully selected subprocessors to support the provision of services. All subprocessors are subject to strict contractual obligations ensuring the same level of data protection as outlined in this Agreement. A current list of subprocessors is available upon request.
Legal Basis for Processing
Tracknow LTD processes personal data under the legal bases of performance of a contract (providing services), compliance with legal obligations, and legitimate interests (such as fraud prevention and service improvement), always ensuring such interests do not override the rights of individuals.
Contact Information
For more information on our GDPR compliance, contact our privacy team at [email protected]. If applicable, you may also contact Tracknow LTD’s Data Protection Officer at [email protected].
