The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. It was adopted on 27 April 2016 and becomes enforceable from 25 May 2018. What’s important is that GDPR applies to your business as long as you provide services to EU citizens, even if you don’t run the business inside of EU territory. Ptengine is committed to be fully compliant with GDPR when it’s enforced.
As the Ptengine product team we are very proud to serve global customers and deeply appreciate our customers’ trust in us. We’ve always treated privacy, data security and integrity as our top priority and consider GDPR as a great opportunity to have a thorough review to our services and processes, and make further improvements as necessary. This article is for explaining how Ptengine internally collects, stores and shares data, as well as the specific actions we take to get fully compliant with GDPR. It also covers the actions needed for our customers to become GDPR compliant, with regard to using Pteingine for web analytics.
How does Ptengine collect, store and share data?
- Browser information
- Operating system information
- Mobile device information (not including device’s unique ID)
- IP address (see notes in the next section on changes related to this)
- Pages accessed
- Time of visit
- Referring site
- ID of web page element clicked by mouse
- Mouse scroll position
- Duration of stay on pages
The purpose of the data collection is for analyzing trends based on groups of visitors but not for identifying any individual visitor. Our collection code never collects information on web pages which can potentially contain personal identifiable information.
Our backend servers store such data and later use it for rendering charts, tables and maps for visualizing the data to our customers, inside of Ptengine product. Our data store is carefully secured and never exposed directly to the internet. Data from different customers are strictly isolated.
Ptengine never shares data with individuals and companies other than the specific customer on whose website Ptengine collected the visitor information.
What actions are we taking to be GDPR compliant?
While reviewing GDPR requirements we’ve identified areas we should improve. Here is a list of major actions we took (some are still ongoing):
- Thoroughly review our internal data flow and data storage, and maintain an up-to-date documentation.
- Implement IP address anonymization. Full IP address won’t be stored anymore after May 25, 2018.
- Fully delete account information and collected website visitor data upon account deletion.
- Implement retention control for service log files and database backups.
What do our customers need to do?
If you have any question, please don’t hesitate to contact us at firstname.lastname@example.org.