Rebrandly URL shortener is GDPR Compliant

July 16 16:57 2019 Print This Article

In May 2018 General Data Protection Regulation (GDPR) laws were introduced in Europe, changing the way companies all over the globe must treat, process and store consumer data. GDPR strengthens previous versions of data protection laws and provides individuals with more control over their data. Under GDPR, brands and companies have had to make significant changes to their policies, and Rebrandly is no exception. We take security and privacy seriously and are fully GDPR compliant. 

What is Personal Data?
GDPR classifies personal data as information that’s related to an identified or identifiable natural person. This includes names, identification numbers, location data, online identifiers or special characteristics that can express the physical, genetic, mental, cultural or social identity of a natural person. 

Examples of personal data include telephone numbers, credit card numbers, account data, appearance, address, number plates, customer IDs and more.

What is the difference between a Data Controller and a Data Processor?
“A controller is the entity that determines the purposes, conditions, and means of the processing of personal data, while the processor is an entity which processes the personal data on behalf of the controller.” 

Based on this definition, Rebrandly is both a Data Processor and a Data Controller. 

Rebrandly as a Data Controller
We store our customers’ data, such as billing data, payment methods, and other types of personal data solely for the purposes of providing the link management solution. In this scenario, we are considered to be a data controller and have taken measures to ensure our GDPR compliance. Please visit our Terms & Conditions and Privacy Policy for more information. 

Rebrandly as a Data Processor
In order to provide customers with click stats, we analyze data from the users who click on your links. In this scenario, Rebrandly is considered the data processor on behalf of our customers, who are individual data controllers.

To produce click metrics we analyze a variety of sources of data, none of them considered personal data under GDPR- save for the IP address. While an IP address can be considered personal data, we never store it when producing statistics or reports. As such, no personal data whatsoever is stored and Rebrandly click metrics are not subject to GDPR laws. Even cases of IPv6, we the data is still anonymous and we remain compliant. 

We discourage customers from creating or using URLs that contain any type of personal information. In the case that customers wish to pass personal data through the URL in any way (such as by including it in the domain name, the URL slug or in forwarding parameters) it’s the customer’s responsibility to notify us as well as their own customers. If you think your specific needs may cause your use case to fall under GDPR, please contact our support team on Rebrandly.Support/Contact.

This article was originally posted here:

view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment


No Comments Yet!

You can be the one to start a conversation.

Add a Comment