The General Data Protection Regulation (GDPR) is a new European Union privacy law that goes into effect on May 25, 2018. The GDPR will replace the EU Data Protection Directive 95/46/EC and will apply a single data protection law throughout the EU.
ByteGain has taken steps to ensure that it will be compliant with the GDPR by May 25, 2018.
ByteGain has conducted an extensive analysis of its data collection and processing to ensure it complies with the new requirements of the GDPR.
ByteGain is also providing a GDPR API callable by customers, to perform certain GDPR actions, such as data deletion, data and access log retrieval.
ByteGain acts as both data controller and data processor under the GDPR.
As a data controller ByteGain collects and stores information voluntarily given by its customers, such as contact information (name, company name, email address, phone number and/or physical address) when customers sign up for its services. ByteGain may also collect and log information such as customer IP address for purposes such as but not limited to spam prevention and fraud detection.
As a data processor, when customers use its services, ByteGain will collect and store end user activity streams from web browsers and mobile devices. This is necessary in order for ByteGain to be able to provide its services, to train machine learning models and to provide predictive analytics to its customers.
Customers can request, on behalf of their users, certain actions on the user data (delete, retrieve data, retrieve access log, block data collection). Customers can interact with ByteGain via its GDPR API. Each customer request will be authenticated. It is the responsibility of the customer to retry API requests that may initially fail.
Customers can also request all their data, including contact information and data collected for the customers’ end users, be deleted from the ByteGain systems.
GDPR API requests are asynchronous and may take up to 30 days to be processed. ByteGain will notify its customers when requests are fulfilled.
End user data collected by ByteGain will be securely stored for an indefinite length of time or until a customer requests such data be deleted.
Artifact data generated during normal data processing activities, such as machine learning model training, will have a default retention policy of 180 days.
For data storage and processing, ByteGain uses the Google Cloud Platform (GCP) and Amazon Web Services (AWS). ByteGain makes every effort to implement best security practices on these platforms to ensure the security and privacy of customer and end user data.
ByteGain may also use other processors such as payment processors,analytics services and marketing services to inform and market new services to its customers.
Before using ByteGain services, customers are required to review and accept:
Please send a detailed message to firstname.lastname@example.org and ByteGain will address your questions and concerns.