EU General Data Protection Regulation
How Clerk.io secures EU citizens though EU GDPR compliance.
Please check back regularly to be up to date on our GDPR implementation.
-- Updated May 17th 2018 --
What is the EU GDPR?
The EU General Data Protection Regulation - or GDPR - refers to the privacy rights of EU citizens.
The regulation grants EU citizens the right to request access, correction and/or deletion of any personal data held by any given company.
There are 3 key roles under the GDPR:
- Data Subjects are the owners of the data collected. In Clerk.io's case, this is the consumer shopping online.
- Data Controllers are the entities controlling the collected data. In Clerk.io's case, this is the stores collecting data about consumers.
- Data Processors are sub-contractors helping the Data Controllers deliver a service to the Data Subjects. This is Clerk.io itself.
If you want to know more, you check the official EU GDPR website.
For Data Subjects
Data Subjects are the end consumers shopping at any store (Data Controller) using Clerk.io.
What is Clerk.io
Clerk.io is a tool used by online stores to help you easier find the products they offer.
All our services help you see the products and advertisement that are relevant to you.
To give you that level of personalization we analyze the store product catalog, order history, and your individual browsing patterns only while you are at the store. That allows us, to offer you relevant recommendations and a better shopping experience.
What information is collected?
When you visit a store using Clerk.io the following information may be collected:
- The pages you visit.
- The content you see via Clerk.io.
- The clicks on content via Clerk.io.
- The products in the orders you placed (if any).
- Your email address, but only if the store explicitly enables it.
The data is stored between 1-12 months depending on your visits' frequency and length.
What can I do?
With any data shared with Clerk.io by the Data Controller you have the rights to (1) obtain a copy of your data, (2) correct your data, (3) get your data erased and (4) opt-out from being tracked.
We enable all our Data Controllers to comply with the above. Please contact the Data Controller for any inquiries.
If you have any further questions about how Clerk.io tracks you as a Data Subject please feel free to contact us at firstname.lastname@example.org.
For Data Controllers
Clerk.io only uses the data you send to us. You are in full control of what you send to us and must ensure that all the data you send comply with what you have told your customers.
Clerk.io may use personal data such as identification numbers, email addresses or other data you send to us to provide our service. Clerk.io can be used without any Personal Data but at a significant performance cost.
You may under no circumstances send any kind of Sensitive Personal Data to Clerk.io.
What we do
Clerk.io has been built from the beginning with privacy and security in mind as we do already do the following:
- All data is stored and processed in Germany.
- Any personal data is stored in isolated databases to enhance data separation between our customers.
- We ensure that any of our service providers that can get into contact with personal data keeps this data within the EU.
- We conduct routine vulnerability scans and penetration tests of our entire platform.
- We ensure and monitor that our employees only have access to Personal Data when it's needed to perform their job.
In anticipation of GDPR, Clerk.io have added the following features before May 25, 2018:
- We added a standard Data Processing Agreement.
- We have enabled the ability to remove all of a users personal information both via our API and UI.
- We have gotten a third party GDPR certification both as Data Controller and Data Processor.
What you need to do
- You may need to obtain active and explicit consent to track users on your site. We recommend checking the rules and regulations that apply to your website(s) and obtaining legal advice.
- You may be required to offer an opt-out for tracking on your website, depending on local laws or regulations. We recommend describing that you use Clerk.io, what it's for and how to opt out.
- Upon receiving a request to remove data you need to remove the data from your main data storage before removing it from Clerk.io to prevent the data to be re-imported to Clerk.io. Removing data completely takes up to 60 days due to a backup rotation.
- You must keep a record of all requests to modify or remove data for at least 30 days in the case we experience a data loss and need to restore from a backup. We will fully inform you in case this should happen.
- You need to agree that you've read, understand, and implemented any or all of the above items (as required) prior to tracking.
If you have any further questions please contact us at email@example.com.