Welcome to GroupBy Inc
First to market with new
eCommerce Product Discovery Platform
Powered by Google Cloud Retail AI

GDPR COMPLIANCE

GroupBy is GDPR Ready

The General Data Protection Regulation (GDPR) is a European Union regulation that regulates the collection and processing of personal information (“PI”) (a) of European residents or (b) in the context of an establishment in the European Union. The GDPR became effective on May 25, 2018, and obligates organizations globally to protect this information.

This FAQ provides answers to questions from our customers about the steps GroupBy has taken with respect to the GroupBy platform to address the GDPR.

GroupBy determines the purposes and means of handling PI processed by GroupBy in connection with GroupBy's website available at https://groupbyinc.com/. Accordingly, under the GDPR (to the extent applicable), GroupBy acts as a controller (as defined in the GDPR) with respect to that PI. Please see GroupBy's privacy policy, available at https://groupbyinc.com/compliance_documents/privacy-policy/ for more details on how we handle that class of PI.

What Personal Information ("PI") Data Does GroupBy Collect

In accordance with GDPR, GroupBy only collects PI required to provide services for our platform. GroupBy believes in the importance of privacy, and end-user privacy should be protected. To that end, the only PI GroupBy collects from end-users of our customers' websites is end-user IP addresses using cookies placed on an end-user device, and only with consent provided by the end-user via customer’s website privacy controls. The GroupBy platform never collects, accepts, processes or stores names or email addresses from end-users of our customers' websites.

Data Security

GroupBy employs a wide range of security controls to protect customer data:

Where Is Data Stored (Locality)

For North American customers, data is stored in data centers in the U.S., with the primary data center located in Idaho. For European customers or subsidiaries, data is stored in a data center in Belgium.

Data Access

Customers can only access data associated with their specific account via user accounts and passwords managed by the customer in combination with a randomly generated security key. All data is encrypted at rest and in transit by default using AES256.

Data Deletion and Date Retention

GroupBy permanently deletes all customer data within 180 days of the end of a contract, or at an earlier date upon customer request. Data is never retained beyond 180 days except to the extent permitted by applicable law.

Third-Party Audits and Certifications

GroupBy completes annual audits for their Subscription Service for the following standards:

The GroupBy Subscription Service operates on the Google Cloud Platform ("GCP").

Where can I obtain more information about Data Privacy at GroupBy?

Any questions or general comments can be directed to data.privacy@groupbyinc.com

Mailing address:

GroupBy Inc.

2 Berkeley Street, Suite 210

Toronto, Ontario M5A 4J5

Canada

ATTN: Privacy Officer