Collection of Personal Data
Anonymization of Data
Our API determines the geographic origin of the request using an IP address lookup via the MaxMind database. If the request originated in the EU and is likely subject to the provisions of the General Data Protection Regulation (GDPR), our application anonymizes or discards any personally identifiable data in the request before processing and logging it. This includes:
- Anonymizing the IP address by zeroing out the last octet of IPv4 addresses, and/or zeroing out last 80 bits of IPv6 addresses
- Anonymizing the visitor ID and session ID via a one-way hash
- Discarding any 3rd party data that may be included in the request
This is done only to comport with the requirements of the GDPR and only processes data required to establish identification under the provisions of Article 6(1)(c) and (f) of the Regulation. At no time do we seek to collect or process any data other than to identify whether personal data may be subject to GDPR.
Consent to Store and Process
We provide a mechanism for Bound customers and their end users to override data anonymization. To do this, customers provide a flag in each API request, which indicates that the user has given consent to the storage and processing of the data contained in the request that is consistent with and complies with the GDPR. If this flag is present, we do not anonymize the request data and we rely on the Customer, who is acting as Controller for the purposes of the GDPR, to ensure the proper consent is maintained for all processing of personal data.
Requests to Purge Data
In cases where the user has previously provided consent to store/process personal information, but now wishes to purge said data, we provide a form on the Bound website to facilitate this request. The form collects the visitor's unique ID from a cookie in their browser, and immediately removes any personally identifiable data stored in our our active databases. The generic behavioral data is retained, but its relationship to a specific user is severed by irreversibly anonymizing the related IP address, visitor ID, and session ID. We then similarly anonymize any relevant log files that exist in long-term storage--though this process may be performed in batches, within a reasonable timeframe from the user's request, to comply with the provisions of the GDPR.
Portability of Data
We provide a form on the Bound website that allows users to request a copy of any data that we may have collected from them. This form submits a request to Bound, including the user’s unique visitor ID, which is stored in a browser cookie. This cookie is the only link we have between an individual user, and their (otherwise anonymous) behavioral data--if the cookie has been deleted, we have no way to link the user with any data we may have stored. The user must provide an email address, to which the data (if it exists) will be delivered. Within a reasonable timeframe from the user's request, we will deliver any relevant data to the provided email address, to comply with the provisions of the GDPR.