WALKER TRACKER AND GDPR COMPLIANCE
From our perspective, the GDPR (the European General Data Protection Regulation ) compliance is a great thing. Europe’s privacy and security legislation is a huge stride forward for user data protection.
We have always adhered to the spirit of GDPR, by providing instant account deletion and data portability, with deep attention to whole spectrum security.
And now Walker Tracker gets to do its part to comply with the letter of GDPR.
Here are a few highlights:
- Data Portability: We rebuilt and beautified a tool so that you can export all of your personal data from Walker Tracker.
- Privacy by Design: We’ve created new security processes which focus on privacy by design and best-in-class security protocols
- Clarification of Privacy Policy: We updated our privacy statement to clarify how we use data and how it gets shared
- Breach Notification: We implemented new protocols for notification in case of a data breach
- Removal of Data: We implemented a new process for ensuring the removal of stale/unused data
Under GDPR, Walker Tracker is considered a data processor
Walker Tracker is considered a processor. We act on the instructions of the controller (you), which come in the form of API or web requests. Similar to controllers, processors are expected to comply with the GDPR.
As a processor, we rely on our customers to ensure that personal data are collected on the basis of one of the GDPR lawful grounds for processing. You, as a controller, can collect personal data based on one of the following legal basis: (i) consent; (ii) processing is the necessary for the performance of a contract you have with the data subject; (iii) processing is necessary for compliance with a legal obligation; (iv) you need to protect the vital interest of the data subject or of another person; (vi) you (or another third party) have a legitimate interest to process personal data and this is not overridden by the interests, rights and freedoms of the data subject.
Walker Tracker agrees that it may receive personal information (as that term is defined under GDPR) belonging to employees of Walker Tracker’s clients. With respect to that personal information, Walker Tracker acts only on instructions from the client; Walker Tracker provides appropriate technical and organizational measures to protect personal information against accidental or unlawful destruction or accidental loss, alternation, unauthorized disclosure or access, and understands whether onward transfer is allowed; and taking into account the nature of the processing, assists clients in responding to individuals exercising their rights under GDPR.
We are committed to be transparent in how we handle and process personal data. As one of our customers, you should be aware of how we handle personal data on your behalf. Please see our privacy policy for information on how we collect and store data.
We keep data only as long as it is necessary to provide our services. Where possible, we employ mechanisms that allow us to automatically remove data after it is no longer needed to offer our services.
Subprocessors
Processors may leverage other third-parties in the processing of personal data. These entities are commonly referred to as “sub-processors”. We use cloud infrastructure providers ( Amazon Web Services) to host Walker Tracker, we use Mailgun to handle transactional email, and we use HumanAPI to anonymously allow us to sync device data. As required under the GDPR, we have put in place appropriate measures with our sub-processors that will allow us to secure the personal data we process on your behalf.
If you have any questions or concerns about privacy or GDPR compliance, feel free to reach out to us at privacy@walkertracker.com.