• Resolved jonasbwer

    (@jonasbwer)



    Hey there,

    with the in europe upcoming GDPR i’d like to know, how this plugin handles this issue.
    Is there any other personal data saved (For instance IPs, User-agent etc.) or even transfered to an other system?

    Best regards
    Jonas

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author heatmap

    (@heatmap)

    Hey Jonas,

    We’re wrapping up our work on GDPR, and we will send an email to all our customers in the next few days (before the 25th of course).

    A quick answer here though:
    – in the content of GDPR, heatmap is a Processor for your site(s)’ visitors, and a Controller for you and other heatmap users you add to your account
    – as a data processor, we will set up a data processing agreement (within our terms and conditions) to confirm that you allow heatmap to collect data, while heatmap commits to its processor responsibilities (security, privacy, etc). Some of those are already listed in our privacy policy (https://heatmap.me/privacy)
    – in terms of data collection, all stored data is anonymized and aggregated by design, and as been so since we started heatmap. This means that if as a Controller you receive a request for collected data or a request under the right to be forgotten from one of your visitors, no identifiable data will have to be extracted/deleted from our servers since, by design, we cannot identify anyone. The only exception would be if you include PII in the URLs of your pages (which is a bad idea), and in this case, we’d be happy to delete the URLs for you or fully close your account
    – our servers obviously see your visitors’ IP & user-agent but we do not store or use them in the processing. Again, our privacy policy lists what we collect (What information we collect)
    – we also do our best effort to identify a site’s geo localization and store data in Europe when we think it should

    As a Controller, you would want to:
    – list somewhere that you use heatmap as an analytics product on your site(s)
    – link to our privacy policy (https://heatmap.me/privacy). We support DNT and our own opt-out cookie that applies to all sites using heatmap
    – make sure you do not expose personally identifiable information in the URLs whenever possible, and let us know whether you need to delete tracked URLs from our database.
    – if you use our conversion heatmap, heatmap may be setting a cookie on your domain (you control its name), which does not override DNT or the opt-out cookie. This cookie only stores a unique id that is not shared with other customers using heatmap (no cross-site tracking)

    Please let us know if you have further questions here. We will be fully compliant before the 25th, and again, we will send an update in the next few days to all our customers.

    Thanks for this detailed response.

    Regards
    Jonas

    Plugin Author heatmap

    (@heatmap)

    Just a follow up here, like many companies this week, we updated our Privacy Policy and Terms to reflect the changes we made for our and your GDPR compliance. We also sent an email to all of our customers.

    Some links:
    https://heatmap.me/terms (and more specifically https://heatmap.me/terms#dpa)
    https://heatmap.me/privacy (with the Opt-Out option we’ve had for many years, full information about what we track and how we protect data, and some specifics about GDPR)

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.