GDPR refers to the General Data Protection Regulation of the European Union that was initiated in May 2018. The objective of the regulation is to support the security and protection of personal data for the residents of the European Union member states. GDPR not only applies to the business units in the European Union but also those out of it. According to GDPR, any business unit or institution that collects or managesthe personal data of individuals residing in the European Union has to comply with their regulatory policies.
Vanuston is committed to maintainingthe privacy and security of EU residents. According to our commitment, we will be complying with GDPR. Vanuston is also bound to help our customers comply with GDPR. To support this initiative, we have provided our customers with access to several applications. Vanuston will help its customers in executing an updated Data Processing Agreement. We will also provide tools to address the specific requests from the customers related to data deletion, data correction, or exporting the data.
The commitment of Vanuston for privacy and security
As a Vanuston customer, if your business supplies goods or services to the residents of the European Union, or is involved in data collection or processing, you will be considered as a data controller under GDPR. As a data controller, you must be working with GDPR compliant data processors. It is an important requirement of GDPR. Business units or partners that process on behalf of the data controller are referred to as data processors. Vanuston is considered a data processor as we assist our customers in collecting and processing end-user information through the platform. However, as an independent platform, we will need certain business information about our customers before they can utilize our services. Hence, we are also referred to as a data controller. Vanuston is ready for GDPR both as a data controller and as a data processor.
Personal data protection by Vanuston
- Vanuston processes the personal data of the users as per the terms mentioned in the Data Processing Agreement.
- Our customers have to setup the necessary safeguards to facilitate transfers of personal data out of European Economic Area (EEA). We are committed to protecting any data that originated in the EEA in line with the regulations of GDPR.
- Vanuston processes personal information in a way that the personal data can no longer be linked to a specific user without the provision of additional details.
- Vanuston uses best-in-class encryption standards to secure data in transit, backups, and at rest.
- Personal data is processed by Vanuston as per specific instructions from its customers who are also referred to as data controllers.
- All our customers will be promptly informed of any breach of information along with all the details.
Enabling GDPR compliance of our customers
Customers of Vanuston who collect data of European Union residents are considered as data controllers. Vanuston provides a plethora of services that will help our customers to comply with their user’s rights as per GDPR compliance guidelines. Some of our key product capabilities that will guide you in this process are provided below:
- Our customers can accommodate their user’s requests related to the deletion of the data using our proprietary tools. Customers can create a deletion request using the REST API. All the data related to the user ID including user profile and events, campaign and conversion data will be deleted using this request. Along with this facility, any data received in the future by Vanuston for this ID will not be stored in our system.
- Our customers can restrict the processing of user profile data for the users who would like to exercise their right to object or the right to restrict processing. The restriction request can be created using REST API. Data processing will be stopped for all users who chose this option. Any incoming data will not be stored in the system. In addition, no campaigns will be sent to such users and new segments cannot be created.
- Vanuston understands the user’s right to access their information and view the data at their convenience. All data pertaining to a specific user ID can be accessed using the portability request with REST API.
- According to the GDPR, users have the right to correct their data if it is inaccurate or incomplete. Our customers can modify user profile data using REST API.
- Our customers can check the status of any open requests using the API.
- Our customers can also delete any of the open requests if they are in the pending status using the API request.
In this statement, we have detailed the rights of the end-users and how Vanuston can help the customers with their requests. Vanuston is committed to maintaining the privacy and security of its end users and complying with the regulatory requirement of GDPR. We will also guide our customers to comply with the GDPR regulatory guidelines.