On May 25, 2018, a new data privacy law called the General Data Protection Regulation(GDPR) will come into force, impacting how businesses collect and process data from individuals in the EU. In preparation for the GDPR, MetaLocator has updated its policies, practices and tools in accordance with these new regulations.  The provisions of the GDPR apply to any entity that processes personal data of individuals in the European Union (EU), including tracking their online activities, regardless of whether the entity has a physical presence in the EU.

Our top priority is ensuring that our end-users and customers can use MetaLocator in a GDPR-compliant manner and the data they collect with MetaLocator is processed securely.  Ultimately, your business is responsible for its own compliance. Each individual organization needs to evaluate its data practices against the new regulations and ensure compliance.

The following changes to our software, policies and practices are in effect since May 25, 2018:

New Controls & Features

  • Any user of our software can make a data inquiry via this form.  Upon legitimate request, we will delete, transfer, stop processing or edit contact information for any user in our systems.

  • Customers can enable automatic truncation of phone numbers received in our Send to Phone features.  See "Anonymize User Phone Number?" setting under the Contact Form settings.

  • The forms that collect contact information, including the Lead Form, Send to Phone and the Send To Email form now offer an opt-in control.  See the new "Show Privacy Notice" option under the Contact Form settings.

  • Opt-out preferences established by your Web site can be passed into MetaLocator via the _opt_out URL parameter.  This allows MetaLocator to disable analytics tracking silently based on a preference set by the visitor elsewhere on your Website.  

  • End users can now opt-out of tracking entirely by MetaLocator.  The form presented here places a cookie on the end users' computer which disables our analytics and tracking systems for that user.

  • Customers can enable an opt-in control as shown below.  This disables our Analytics system and user tracking until the user clicks continue.  This option can be found under Analytics Settings, then Request Consent Before Tracking?

Also, be sure to update the following language constants to reflect your actual cookie policy.

LOCATOR_REQUIRE_CONSENT="This website uses cookies to help improve, promote and protect it.  By continuing to use the site, you agree to the <a href='https://www.metalocator.com/gdpr-cookie-information/' target='_blank'>cookie policy.</a>"
LOCATOR_REQUIRE_CONSENT_TITLE="This website uses cookies."

Cookie requirements vary.  Our default text is a sample for illustration purposes only. You should not assume it satisfies your particular legal requirements.  MetaLocator can't provide you legal advice, including on the content of your confirmation text or your privacy or cookie policy.  Update the LOCATOR_REQUIRE_CONSENT language constant to reflect your desired confirmation text and include a link to your actual privacy/cookie policy.

New Policies & Practices

  • MetaLocator is defined as a "processor" under the GDPR and accordingly most of our customers are "controllers".  Under the GPDR, EU-based controllers must have an agreement with their processors.  As a MetaLocator user, you likely already agreed to the Terms of Use when you signed up, or you have established a custom contract with us.  The MetaLocator terms of use have been expanded for our EU customers to further define our role as a data processor.  The full text of that addendum is available here.

  • As part of our preparation for the GDPR, we also have provided public documentation on the cookies we use.

  • Similarly, we have also updated our privacy policy to clarify our role as a processor and our procedures with respect to personally identifiable information.

  • Many of our internal security and privacy-related procedures have been updated.  Feel free to contact us for written copies of those documents.

Existing Privacy-Related Policies & Practices

Privacy is not a new issue and has been important to our company since day one.  The following items have always been a part of MetaLocator's core offering:

  • We respect the DoNotTrack header.

  • Powerful change, delete, export and search capability to manage personal data via the control panel.

  • We anonymize all IP addresses before storage

  • Our analytics package can export all data regarding a particular user

  • Security and Privacy By Design is central to our operating philosophy and documented practice.  

  • All Lead data is encrypted at rest and optionally *all* data is encrypted at rest for some Enterprise customers.  Contact information, including the name, custom fields and message sent through our lead form is encrypted in transit and at rest for all customers.

  • We reject and prohibit MetaLocator's use for tracking "highly sensitive" data including government issued ID numbers, credit card data and similar content. 

  • Our standard Data Retention Period for analytics log data is 3 years.  Aggregate statistics are retained indefinitely.   Analytics log data is anonymized by removing the last 3 digits of the visitor IP address.

Our new GDPR policies go into effect on May 25th, 2018.  By using MetaLocator on or after that date, you'll be agreeing to the changes.  For any additional information regarding MetaLocator & GDPR, simply reply to this email.

Did this answer your question?