Everything in UXtweak is all in line with the GDPR
GDPR compliance
The General Data Protections Regulation (GDPR) is a piece of legislation that became applicable in the European Union on the 25th May 2018. Its purpose is to boost protection of private information of the citizens of the European Union as their information is being handled by companies.
In particular, the GDPR regulates how the "personal data" belonging to the citizens of the EU is collected, stored, transferred, and processed.
Personal data
GDPR defines personal data as any information relating to an identified or identifiable natural person (e.g., IP address, forms with personal data, such as user identification by email address).
To collect, store, and process the personal data of an EU user/visitor on your web, you will need to get their consent first.
Raw or anonymous mouse movements, clicks, taps, and scrolling across multiple pages are not "personal data."
Data Controller, Processor, Subject
A Data Controller represents the entity that determines the purposes, the conditions, and the means of processing personal data. The Data Processor is the entity that processes personal data on behalf of the controller.
You are the Data Controller of your end-user's personal data (assuming you are capturing any) and UXtweak is the Data Processor.
Your end-users and visitors are Data Subjects.
Data Processing Agreement (DPA)
UXtweak may process personal data on your behalf. To set terms for how we perform this processing and what our obligations are, as well as the obligations of our customers (yours), we've developed a Data Processing Agreement (DPA).
This document forms part of the contract of service between UXtweak (as the Data Processor) and you, our customers (as the Controllers). We enter into this contract free of charge with anyone who uses our service and requests it.
Overview of tools for limiting the processing of personal data and for improving the privacy of end-users
UXtweak (Data Processor) provides our customers (Data Controllers) with the following tools for limiting the processing of Personal data and for improving the privacy of end-users (Data Subjects). All tools are described at uxtweak.com/help.
UXtweak (Data Processor) provides our customers (Data Controllers) with the following tools for limiting the processing of Personal data and for improving the privacy of end-users (Data Subjects). All tools are described at uxtweak.com/help.
- Option to disable recording of data filled into form inputs on the Controller's website. Recording of form inputs is located in the particular study's setup - Sessions tab, separate for EU and non-EU end-users (Data Subjects). It is enabled by default for EU end-users.
- Option to obfuscate numbers and email addresses on the Controller's entire website, or within selected elements. It is located in the particular study's setup - Sessions tab, separate for EU and non EU end-users (Data Subjects). It is enabled by default for EU end-users.
- Option to anonymize IP addresses of end-users of the Controller's website. IP address anonymization is located in the particular study's setup - Sessions tab, separate for EU and non EU end-users (Data Subjects). It is enabled by default for EU end-users.
- Sensitive data protection API and study setup options to exclude certain pages or elements on the Controller's website from being recorded.
- Verify user consent API for getting consent from end-users (Data Subjects) via a pop up window on the Controller's website. If this option is used, the end-user can be asked for their consent with processing of their Personal Data. If they don't give consent in this pop up, they are automatically excluded from Personal Data processing.