The EU General Data Protection Regulation (GDPR) is the most comprehensive change to EU data privacy law in decades. It took effect on the 25th May 2018. We work hard to comply with the GDPR and apply its principles as we build new services.
Does this affect me?
The GDPR regulation applies to any EU residents' data, regardless of where the processor or controller is located. This means that if you’re using Scrapeak from the US to obtain non-EU specific data, the regulation doesn't affect you. But if you need EU specific data, you should pay attention to it.
In practice, most companies need to take the GDPR into consideration.
Data Processing Addendum
Scrapeak is in most cases a processor. As a data controller, under Article 28 of the GDPR, you need a a data processing addendum (DPA) signed with your processors. We've made this procedure simple and have the contract ready to be signed. Contact us at [email protected] to get started.
How Scrapeak is complying with the GDPR
Even though the GDPR only applies to data from EU residents, we took the decision to apply broadly the requirement of the regulation. This means that except in some rare cases, we don’t restrict any privacy-related feature based on the geographical location of a data subject.
Here are some of the actions we’ve taken to ensure we’re compliant:
Purposes of the processing
We process only publicly available online data for informational purposes. Our users have a legitimate interest in having easier access to already public data. By working as a specialized data aggregator, we make it possible for companies to obtain almost any kind of data easily and legally.
Systematic pseudonymisation of non-public data
Our applications heavily pseudonymise data to ensure the privacy of data subjects. Any attributes that doesn’t need to remain in its original form is truncated to remove any possibility to be linked back to a specific data subject.
Right of erasure
Because we deal with publicly available web data, information removed from a website are also removed from our database. But if a data subject wishes to speed up the removal of any in our index, we offer a way to claim email addresses or any other personally identifiable information. It is then possible to either update the data or entirely remove it.
Contact us at [email protected] if you'd like to know more.
Security
We’re taking the security of the data we manage very seriously. Our architecture has been vastly upgraded prior to the GDPR enforcement: Our entire cluster is systematically behind a firewall. Double authentication is required for any connection and we’re continuously improving our security as well performing regular penetration tests and security audits.
Log retention
To improve, debug or prevent fraud on the service, we keep a variety of logs. We now make sure logs are destroyed at most 3 months after there collection date. We never use those logs of anything else than monitoring and debugging. Financial information or personal identifiers are never logged.
Data portability
The GDPR gives the right to any user to download any data that he provides to a service. This allows for easier migration to other services. We think this is a great idea and Scrapeak has always made it possible for user to download their data.
Contact us at [email protected] if you'd like to know more.
Questions?
We invite you to look at our Privacy Policy as it contains a precise description of how we process data. Should you have any other questions, we’re here to help: [email protected].