On May 25, 2018, a new data privacy law called the General Data Protection Regulation(GDPR) will come into force, impacting how businesses collect and process data from individuals in the EU. In preparation for the GDPR, MetaLocator has updated its policies, practices and tools in accordance with these new regulations. The provisions of the GDPR apply to any entity that processes personal data of individuals in the European Union (EU), including tracking their online activities, regardless of whether the entity has a physical presence in the EU.
Our top priority is ensuring that our end-users and customers can use MetaLocator in a GDPR-compliant manner and the data they collect with MetaLocator is processed securely. Ultimately, your business is responsible for its own compliance. Each individual organization needs to evaluate its data practices against the new regulations and ensure compliance.
The following changes to our software, policies and practices are in effect since May 25, 2018:
New Controls & Features
- Any user of our software can make a data inquiry via this form. Upon legitimate request, we will delete, transfer, stop processing or edit contact information for any user in our systems.
- Customers can enable automatic truncation of phone numbers received in our Send to Phone features. See "Anonymize User Phone Number?" setting under the Contact Form settings.
- The forms that collect contact information, including the Lead Form, Send to Phone and the Send To Email form now offer an opt-in control. See the new "Show Privacy Notice" option under the Contact Form settings.
- Opt-out preferences established by your Web site can be passed into MetaLocator via the _opt_out URL parameter. This allows MetaLocator to disable analytics tracking silently based on a preference set by the visitor elsewhere on your Website.
- End users can now opt-out of tracking entirely by MetaLocator. The form presented here places a cookie on the end users' computer which disables our analytics and tracking systems for that user.
- Customers can enable an opt-in control as shown below. This disables our Analytics system and user tracking until the user clicks continue. This option can be found under Analytics Settings, then Request Consent Before Tracking?
New Policies & Practices
- As part of our preparation for the GDPR, we also have provided public documentation on the cookies we use.
- Many of our internal security and privacy-related procedures have been updated. Feel free to contact us for written copies of those documents.
Existing Privacy-Related Policies & Practices
Privacy is not a new issue and has been important to our company since day one. The following items have always been a part of MetaLocator's core offering:
- We respect the DoNotTrack header.
- Powerful change, delete, export and search capability to manage personal data via the control panel.
- We anonymize all IP addresses before storage
- Our analytics package can export all data regarding a particular user
- Security and Privacy By Design is central to our operating philosophy and documented practice.
- All Lead data is encrypted at rest and optionally *all* data is encrypted at rest for some Enterprise customers. Contact information, including the name, custom fields and message sent through our lead form is encrypted in transit and at rest for all customers.
- We reject and prohibit MetaLocator's use for tracking "highly sensitive" data including government issued ID numbers, credit card data and similar content.
- Our standard Data Retention Period for analytics log data is 3 years. Aggregate statistics are retained indefinitely. Analytics log data is anonymized by removing the last 3 digits of the visitor IP address.
Our new GDPR policies go into effect on May 25th, 2018. By using MetaLocator on or after that date, you'll be agreeing to the changes. For any additional information regarding MetaLocator & GDPR, simply reply to this email.