The European General Data Protection Regulation goes into force on May 25, 2018 and will be binding on all companies based in the EU or operating within the European Union.
Given the specificity of the domain in which we operate, the protection and accuracy of data processing have always been central to 2Performant: we have been a personal data operator since 2010, and all the servers through which we deliver, receive, and process data are in Amazon Web Services, the largest hosting provider in the world.
In order to bring us in line with the new European legislation, we have spent the last few months devoting considerable time and resources to two areas:
- Auditing and reviewing internal procedures that target the personal data of users, employees, or collaborators / partners;
- Making technical changes to the 2Performant platform.
Regarding the first area, we have taken the following steps:
- Met with specialized lawyers and participated in a series of workshops dedicated to the GDPR;
- Revised data security policies;
- Revised data retention policies;
- Revised internal policies on the data flow process;
- Conducted internal audits of personal data used (matrix of personal data);
- Audited internal computer security;
- Audited placement of cookies by 2Performant;
- Updated the list of external services used by 2Performant and published it: https://2performant.com/external-services/
With regard to technical changes to the platform, we have made the following changes:
- We have anonymized the IP database of users who access affiliate and / or conferencing links;
- We have made more accessible the public link to delete 2Performant cookies: https://event.2performant.com/privacy/cookies
- We have implemented the new TOS that will take effect on May 25th: 2Performant users will receive an alert for signing the new TOS the next time they log on.
In addition to accepting the new version of the TOS (which has an updated Chapter 10 on data protection), our users need do nothing specific to continue their agreement with 2Performant, any more than is required to align with the GDPR.
Of course, both affiliates and advertisers should revise their security, data protection policies, and internal operating rules in line with the GDPR legislation that will come into force on May 25th.
We have tried to collect in one place some of the information and recommendations for affiliates and advertisers who are collaborating with the 2Performant network.
Recommendations for affiliates:
- 2Performant affiliates must be transparent with their users, both in a general way and specifically in their relationship with the 2Performant network. Affiliates must inform their users that tracking cookies will be placed on their devices to access their affiliate link in order to monetize the content / projects that the affiliates are promoting.
- Affiliates must inform users that they do not transmit any personal data to the 2Performant Affiliate Network.
- When accessing any proprietary domain that 2Performant traffic passes through, Cloudflare places a security cookie on the user’s device to mark it as Safe. Therefore, when accessing an affiliate link, it is very likely that such a security cookie will be placed.
- 2Performant also helps affiliates in cases where users do not want to have such cookies stored on their devices, and provides affiliates with a way to delete tracking cookies.
Recommendations for advertisers:
Recommendations for advertisers come in the context in which the command is running the tracking code of 2Performant:
- Every 2Performant advertiser must be transparent to its users both in general and specifically in its relationship with the 2Performant network. The Advertiser must inform users that, if they have arrived on his site through a 2Performant affiliation link, certain details about the order will be sent to the 2Performant platform.
- The Advertiser will inform users that it will not transmit any personal data to the 2Performant Affiliate Network via the tracking code.
- 2Performant assists advertisers in situations where users do not want to have such cookies stored on their devices by providing users with a way to delete tracking cookies.
The most important principle to reinforce, especially before the new regulation on personal data comes into force, is transparency.
In short, as long as you:
- Inform your visitors about the information you wish to collect and the reason why you need it;
- Act in good faith – do not use this information for any other purpose, and delete or anonymize it immediately after you no longer need it;
- Give users the option to delete all the data that you have collected from them;
… then you should be fine. 🙂
May the force of conversions with protected personal data be with you!