GroupBy is GDPR Ready
The General Data Protection Regulation (GDPR) is a European Union regulation that regulates the collection and processing of personal information (“PI”) (a) of European residents or (b) in the context of an establishment in the European Union. The GDPR became effective on May 25, 2018, and obligates organizations globally to protect this information.
This FAQ provides answers to questions from our customers about the steps GroupBy has taken with respect to the GroupBy platform to address the GDPR.
GroupBy determines the purposes and means of handling PI processed by GroupBy in connection with GroupBy's website available at https://groupbyinc.com/. Accordingly, under the GDPR (to the extent applicable), GroupBy acts as a controller (as defined in the GDPR) with respect to that PI. Please see GroupBy's privacy policy, available at https://groupbyinc.com/compliance/privacy-policy for more details on how we handle that class of PI.
What Personal Information ("PI") Data Does GroupBy Collect
In accordance with GDPR, GroupBy only collects PI required to provide services for our platform. GroupBy believes in the importance of privacy, and end-user privacy should be protected. To that end, the only PI GroupBy collects from end-users of our customers' websites is end-user IP addresses using cookies placed on an end-user device, and only with consent provided by the end-user via customer’s website privacy controls. The GroupBy platform never collects, accepts, processes or stores names or email addresses from end-users of our customers' websites.
Data Security
GroupBy employs a wide range of security controls to protect customer data:
Where Is Data Stored (Locality)
For North American customers, data is stored in data centers in the U.S., with the primary data center located in Idaho. For European customers or subsidiaries, data is stored in a data center in Belgium.
Data Access
Customers can only access data associated with their specific account via user accounts and passwords managed by the customer in combination with a randomly generated security key. All data is encrypted at rest and in transit by default using AES256.
Data Deletion and Date Retention
GroupBy permanently deletes all customer data within 180 days of the end of a contract, or at an earlier date upon customer request. Data is never retained beyond 180 days except to the extent permitted by applicable law.
Third-Party Audits and Certifications
GroupBy completes annual audits for their Subscription Service for the following standards:
The GroupBy Subscription Service operates on the Google Cloud Platform ("GCP").
Where can I obtain more information about Data Privacy at GroupBy?
Any questions or general comments can be directed to data.privacy@groupbyinc.com
Mailing address:
GroupBy Inc.
250 The Esplanade, Suite 500
Toronto, Ontario M5A 4J5
Canada
ATTN: Privacy Officer