GDPR Compliance
The General Data Protection Regulation (“GDPR”) requires us, as well as our clients, to ensure an appropriate level of protection for all personal data that we collect and/or process.
On this page, discover how we ensure this level of protection and how TrackAd has organized and manages its GDPR compliance on a daily basis.
In what cases does TrackAd process personal data?
Our services rely on the collection, centralization, analysis, and comparison of data provided by our clients or collected on their behalf.
Some of this data (typically: order or lead identifiers, cookie identifiers) constitutes personal data within the meaning of Article 4.1 of the GDPR.
However, this data is only indirectly identifying, meaning that TrackAd cannot personally re-identify the individuals to whom it relates.
Additionally, like any commercial company, TrackAd collects, stores, and uses data related to its prospects, clients, and their employees or representatives for business purposes. This data may include personal data.
Is TrackAd a data processor or a data controller?
When we collect, store, and/or use personal data for the technical purposes of providing our services, TrackAd acts as a data processor on behalf of the relevant client, i.e., based on and according to that client’s instructions. The details of the processing we carry out as a data processor for our clients, as well as the respective obligations and responsibilities of TrackAd and the client, are included in our GDPR data processing contract, which will be provided to you for signature if you choose to subscribe to our services. Other data processing activities that we carry out (such as those for client management or business development purposes) are performed by TrackAd as a data controller, meaning we do so autonomously and independently from our clients, and under the sole responsibility of TrackAd.
Where can I find the details of TrackAd's commitments in each of these roles?
The commitments we make as a GDPR data processor for our clients are detailed in our GDPR data processing contract, which serves as a written commitment to our clients as required by Article 28 of the GDPR. This contract is offered only to TrackAd’s active clients and lasts as long as our service agreements. For processing done by TrackAd as an independent data controller, the protective measures in place are described, declaratively and indicatively, in our Privacy Policy, published on this site: trackad.ai/privacy-policy/.
Does TrackAd have a Data Protection Officer (DPO)?
Yes. This DPO has been officially designated with the CNIL. They can be contacted by email at gdpr@trackad.ai.
Why should I trust TrackAd's declarations?
TrackAd’s GDPR compliance, and more generally its adherence to laws and regulations concerning privacy and data protection, has been the result of significant investment by TrackAd over the years. This compliance was led by the company’s DPO, who is part of a professional firm specializing in these matters, relying on the latest guidelines and recommendations from the French supervisory authority (CNIL) and its European counterparts. The technical aspects of data security are handled by our internal teams and our hosting provider, based in the European Union and holding several globally recognized security certifications. Don’t hesitate to reach out to us for more information!