GDPR Compliance
Last updated: December 15, 2024
Our Commitment to GDPR
TrackFlow LTD is committed to compliance with the General Data Protection Regulation (GDPR). This page outlines how we ensure GDPR compliance and support our customers in meeting their own GDPR obligations.
Roles and Responsibilities
You (the Customer) are the Data Controller
You determine the purposes and means of processing personal data of your customers. You are responsible for obtaining appropriate consent and providing privacy notices.
TrackFlow is the Data Processor
We process personal data on your behalf to provide our attribution tracking services. We act only on your documented instructions.
Legal Basis for Processing
TrackFlow processes personal data based on:
- Contractual necessity: Processing required to provide our services
- Legitimate interests: Service improvement, security, and fraud prevention
- Legal obligation: Compliance with applicable laws
- Consent: Where required and obtained by you from your customers
Data Subject Rights
Under GDPR, data subjects have the following rights. TrackFlow provides tools to help you fulfill these requests:
Right of Access
Data subjects can request a copy of their personal data
Right to Rectification
Data subjects can request correction of inaccurate data
Right to Erasure
Data subjects can request deletion of their data
Right to Restriction
Data subjects can request limitation of processing
Right to Portability
Data subjects can request their data in a portable format
Right to Object
Data subjects can object to certain processing activities
Security Measures
Article 32 of GDPR requires appropriate security measures. TrackFlow implements:
- Encryption of personal data in transit and at rest
- Pseudonymization where appropriate
- Regular testing and assessment of security measures
- Incident response and breach notification procedures
- Access controls and authentication
- Regular backups and disaster recovery
International Data Transfers
When personal data is transferred outside the European Economic Area (EEA), TrackFlow ensures compliance through:
- EU Standard Contractual Clauses (SCCs) with sub-processors
- Adequacy decisions where applicable
- Supplementary measures where required
- Transfer Impact Assessments
Data Breach Notification
In the event of a personal data breach, TrackFlow will notify you without undue delay (and within 72 hours where feasible) after becoming aware of the breach. We will provide all information necessary for you to fulfill your notification obligations to supervisory authorities and affected data subjects.
Data Protection Officer
TrackFlow has appointed a Data Protection Officer who can be contacted for any GDPR-related inquiries:
Data Protection Officer
TrackFlow LTD
Email: dpo@trackflow.io
Your GDPR Checklist
As a TrackFlow customer, ensure you:
- Have a lawful basis for collecting and processing customer data
- Provide clear privacy notices to your customers
- Obtain consent where required (e.g., for cookies and marketing)
- Have processes to handle data subject requests
- Sign our Data Processing Agreement (DPA)
- Document your data processing activities
- Implement appropriate security measures on your end