General Data Protection Regulation Compliance
The General Data Protection Regulation (also known as the GDPR) governs the way how personal data is collected and processed online and offline. It contains specific guidelines designed to strengthen personal data protection and bring more transparency to personal data collection, storage and processing. The GDPR comes into effect on May 25, 2018.
Who does the GDPR affect?
All businesses established in the European Economic Area (EEA) and Switzerland must comply with the GDPR when it comes to handling data of EEA citizens. Companies from countries outside the EEA that collect data of EEA citizens must also comply. There are steps that companies themselves can take to become compliant, but compliance with the GDPR significantly depends on how your web analytics system operates.
How does Zeustrak comply with the GDPR?
We are fully committed to make Zeustrak compliant with the GDPR prior to the effective date. Here is a list of steps we are performing to achieve the GDPR compliance:
All data processed by Zeustrak has always been anonymous and depersonalized. In Zeustrak reports, you can only see technical and non-sensitive data that cannot in any way be exploited to establish a user's identity. In addition, we take further steps to exclude even the slightest risk of matching any data to an individual. We have started automatically masking any data that can be deemed confidential.
Data protection by design and default
Zeustrak data security team had implemented appropriate technical and organisational measures designed to implement data protection principles in an effective manner. In addition, the necessary safeguards are integrated into the processing in order to meet the requirements of the GDPR. These measures are implemented both at the time of the determination of the means of processing and at the time of the processing itself.
Data collection notice for visitor consent
We offer all our users a ready-to-use solution to ask for a site visitor consent to data collection with Zeustrak, and to defer the loading of the code for tracking on site pages. Without the visitor's consent, the code will not load. We provide the sample text for such a notice. Then data is transferred to Zeustrak servers via secure HTTPS channels.
Full IP address of site visitors will not be processed or stored on Zeustrak servers. IP addresses and user agent info will never be shown in statisctics or any kind of reports. We use IPs only to aggregate analytics data but never personal.
Data Processing Agreement
We are constantly and countinuously working to make sure that all internal procedures of data collection, storage and processing are communicated fully and transparently.
Simple and clear acceptance of Data Processing Agreement
We are going to ask all our users to accept Data Processing Agreement to make sure they understand how to process traffic coming from EEA in particular and world-wide traffic in general.
Have any questions?
If you have any questions about the GDPR or the Data Processing Agreement, we are here to help. Click this link to contact us directly.