Privacy FAQ

This article covers topics related to GDPR, CCPA and privacy compliance

Michael Fatica avatar
Written by Michael Fatica
Updated over a week ago

On May 25, 2018, a new data privacy law called the General Data Protection Regulation(GDPR) came into force, impacting how businesses collect and process data from individuals in the EU. In preparation for the GDPR, MetaLocator updated its policies, practices and tools in accordance with these new regulations.  The provisions of the GDPR apply to any entity that processes personal data of individuals in the European Union (EU), including tracking their online activities, regardless of whether the entity has a physical presence in the EU.

The US followed suit by introducing state-level legislation in many ways modelled by the GDPR, including the CCPA, PCDPA and more.

MetaLocator is

  • GDPR Compliant

  • CCPA Compliant

  • VCDPA Compliant

  • COPPA Compliant

  • PCI-DSS Compliant

Our top priority is ensuring that our end-users and customers can use MetaLocator in a privacy-regulation-compliant manner and the data they collect with MetaLocator is processed securely.  Ultimately, your business is responsible for its own compliance. Each individual organization needs to evaluate its data practices against the new regulations and ensure compliance.

Privacy Controls & Features

  • Any user of our software can make a data inquiry via this form.  Upon legitimate request, we will delete, transfer, stop processing or edit contact information for any user in our systems.

  • Customers can enable automatic truncation of phone numbers received in our Send to Phone features.  See "Anonymize User Phone Number?" setting under the Contact Form settings.

  • The forms that collect contact information, including the Lead Form, Send to Phone and the Send To Email form now offer an opt-in control.  See the new "Show Privacy Notice" option under the Contact Form settings.

  • Opt-out preferences established by your Web site can be passed into MetaLocator via the _opt_out URL parameter.  This allows MetaLocator to disable analytics tracking silently based on a preference set by the visitor elsewhere on your Website.  

  • Opt-out preferences established by your Web site can be passed into MetaLocator via the ml___setOptOutState( opt_out ) javascript call. ml___setOptOutState( opt_out ) allows the host page to manage the opt_out state of the MetaLocator analytics platform. opt_out = 1 disables tracking, 0 enables it.

  • End users can now opt-out of tracking entirely by MetaLocator.  The form presented here places a cookie on the end users' computer which disables our analytics and tracking systems for that user.

  • Customers can enable an opt-in control as shown below.  This disables our Analytics system and user tracking until the user clicks continue.  This option can be found under Analytics Settings, then Request Consent Before Tracking?

Also, be sure to update the following language constants to reflect your actual cookie policy.

LOCATOR_REQUIRE_CONSENT="This website uses cookies to help improve, promote and protect it.  By continuing to use the site, you agree to the <a href='' target='_blank'>cookie policy.</a>"
LOCATOR_REQUIRE_CONSENT_TITLE="This website uses cookies."

Cookie requirements vary.  Our default text is a sample for illustration purposes only. You should not assume it satisfies your particular legal requirements.  MetaLocator can't provide you legal advice, including on the content of your confirmation text or your privacy or cookie policy.  Update the LOCATOR_REQUIRE_CONSENT language constant to reflect your desired confirmation text and include a link to your actual privacy/cookie policy.

Policies & Practices

  • MetaLocator is defined as a "processor" under the GDPR and accordingly most of our customers are "controllers".  Under the GPDR, EU-based controllers must have an agreement with their processors.  As a MetaLocator user, you likely already agreed to the Terms of Use when you signed up, or you have established a custom contract with us.  The MetaLocator terms of use have been expanded for our EU customers to further define our role as a data processor.  The full text of that addendum is available here.

  • As part of our preparation for the GDPR, we also have provided public documentation on the cookies we use.

  • Similarly, we have also updated our privacy policy to clarify our role as a processor and our procedures with respect to personally identifiable information.

  • Many of our internal security and privacy-related procedures have been updated.  Feel free to contact us for written copies of those documents.

Existing Privacy-Related Policies & Practices

Privacy is not a new issue and has been important to our company since day one.  The following items have always been a part of MetaLocator's core offering:

  • We respect the DoNotTrack header.

  • Powerful change, delete, export and search capability to manage personal data via the control panel.

  • We anonymize all IP addresses before storage

  • Our analytics package can export all data regarding a particular user

  • Security and Privacy By Design is central to our operating philosophy and documented practice.  

  • All Customer data is encrypted at rest and in transit as part of our SOC2 Compliance.

  • We reject and prohibit MetaLocator's use for tracking "highly sensitive" data including government issued ID numbers, credit card data and similar content. 

  • Our standard Data Retention Period for analytics log data is 3 years.  Aggregate statistics are retained indefinitely.   Analytics log data is anonymized by removing the last 3 digits of the visitor IP address.

Data Retention Periods

See this article on our data retention periods

Did this answer your question?