Flocktory cares strongly for data protection and we have updated our Data Protection and Data Processing Policy to the newest requirements of the European GDPR.

Besides updating our Data Protection Appendix (Appendix II) to our General Terms & Conditions we would like to inform you about the measures we take to protect your data, how and where we handle your data and how you can contact us if you have questions about your data.

Client’s Role in GDPR Compliance

As a Flocktory client, you are a Data Controller and Flocktory is acting as your Data Processor for your users’ data. From May 25th, 2018 we strongly recommend to ensure the following:

• Ensure your Terms of Service and/or Privacy Policy are up to date.
• Be thinking about how you’ll handle consent. You should configure your campaigns and integration to not trigger or work with users’ data without proper consent.
• By continuing using Flocktory Services you agree to our terms & conditions and our data protection policy. This shall be sufficient to comply to the new rules – you do not need to sign anything additional. If you wish to have a counter-signed copy of our terms and conditions and/or data protection appendix, please contact your account manager.
• Perform your own research, modeling, vendor audit, and strategy steps at your company to ensure you understand GDPR as it applies to your business.
• Watch for updates from Flocktory related to product functionality or privacy and terms changes.

What data we collect and for what purpose

Flocktory collects and processes data of website visitors and their usage of the website with the purpose of:

• Fulfilling its contractual obligations with its clients for services that improve the user experience on the client website, for example by providing personalized content, displaying personalized marketing messages (onsite, email, push), collect user feedback or provide our clients with insights about general behavior (depersonalized).
• Managing our client relationships
• Improve our own website experience and services
• Electronic direct marketing
• Analysis and profiling of data subjects

Data that Flocktory collects may include:

• First name and last name
• Contact information (email address);
• Geographic location (country, region, city)
• Data about social media accounts
• Data about purchases
• Data about visited pages
• Data about membership / registration status
• Online identifiers (cookies, device, browser information)

Under no circumstances Flocktory will collect or process special categories of personal data as described in Art. 9 GDPR.

For more information about the usage of cookies on our website, please visit our Cookie Policy.

Where and for how long do we store your data

Flocktory stores and processes all collected data in AWS Cloud on servers inside the European Union (server locations Ireland & Germany).

Some of our services might require the transfer of personal data to third parties. If the third party is located outside of the European Union then Flocktory assures that security measures and contractual agreements accepted by the EU and the privacy-shield framework exist to protect your data according to the required standards.

Flocktory will keep your data up to 5 years after your last interaction with us or the client that we are processing data for unless otherwise agreed by our data processing agreements.

Who is responsible for the data processing

FLOCKTORY SPAIN S.L.

Plaza De Carlos Trías Bertrán, 4, 28020 – Madrid

Data Protection Officer: Kilian Byszio

Contact: dataprivacy@flocktory.com

Security Measures

In order to securely store and process the data collected by Flocktory uses a range of state of the art security measures to protect access to our servers and the data. These measures include among others:

• Full Database encryption
• Access protection with Firewall, WAF Filters, private networks
• Usage of strong passwords for all users
• Automatic sign-outs
• Full logging of activities
• Encrypted data transfer
• Data privacy agreements with all employees

We regularly review our security measures, the type and purpose of stored data and will review and amend measures and rectify or delete data to comply with applicable legislation.

Your rights as individual subject to data processing

Flocktory fully supports the rights established by the new legislation to increase control over data collection and processing. If your data is being processed by us then you have the following rights:

• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling.

You can find more information about your rights in GDPR Chapter 3.

To exercise your rights it is sufficient to send your request to dataprivacy@flocktory.com and we will comply with your request.

Our sub-processors

Flocktory is working with sub-processors for providing parts of our services. All suppliers have compliant data processing and data protection policies and are recognised as fulfilling the GDPR requirements of the European Union. Flocktory ensures that only a set of minimum required information is passed to the sub-processors to fulfil the desired task.

• AWS — all personal data is hosted here
• Sendgrid – contact information and user name
• MailChimp – contact information and user name
• Optimizely – for conducting A/B tests
• Microsoft – information about our corporate clients is stored in Microsoft Dynamics and some of our reports are created using Microsoft products
• Google – our corporate communication is managed with Gmail