GDPR (General Data Protection Regulation) was introduced in Europe on May 25, 2018. The regulation is focused on to the collection of personal information, and brings strict penalties of up to 4% of gross annual worldwide revenue or €20M (whichever is greater) for each violation. The rules and penalties can apply to companies based in any country, and customers based in any country, if a company has any sustained business presence in Europe (such as a small sales or support office) or does business with any European subjects.

Treasure Data helps you to comply with GDPR in the following ways:

Data Retention Policy

Our data retention policy is described here.

Data Retention in Presto

Customer data that you collect using Treasure Data can be permanently deleted by using the Presto DELETE function.

SDK Controls

The Treasure Data JavaScript SDK and Android, Unity and iOS SDKs are all able to collect data that counts as personal data under GDPR. To protect Treasure Data customers (and Treasure Data) from legal jeopardy under GDPR, the SDKs have been updated to minimize the collection of personal data by default. Treasure Data customers who use such personal data must make code changes to continue to collect such data and notify their subscribers about consent for data collection and use.

For the JavaScript SDKs, this personal information includes the td_client_id and IP address of a web site visitor. For the mobile SDKs, the personal information includes the td_uuid and IP address of the application sending events.

GDPR-ready releases of our SDKs were made available prior to the May 25 GDPR deadline, including:

Ensuring Compliance with GDPR using the SDK

Developers using the SDKs should upgrade to the latest SDK.

To support compliance with national and global data privacy requirements such as the European General Data Privacy Regulation, our SDK provides methods that control the collection and tracking of personal data and metadata in applications and websites. When your company defines data privacy policies around personal data, you can use these methods in your code to implement default data collection behaviors, and add controls for individuals to use to manage data collection and privacy themselves.

Consult with your Privacy officer and Legal team, before collecting or enabling collection of personal data using Treasure Data provided SDK’s. Then, after appropriate reviews by your company, you can explicitly enable collection of personal data for events if this is in line with your legal obligations and your company’s chosen data privacy posture.

The documentation for each SDK, hosted in GitHub, explains the new data privacy-related controls and how to re-enable data collection. If you have technical questions about the use of the SDKs, contact Treasure Data support or customer success for implementation guidance.

Customers of Treasure Data must ensure that their usage of the SDK, including its use that collects personal data, complies with the legal agreement that governs access to and use of the Treasure Data service, including specifically Treasure Data's Terms of Service, privacy policy, and Privacy Statement for Customer Data.

EU Site and Endpoints AWS

Treasure Data accounts can use a data site in Europe. Data that is assigned to the EU service physically resides in Germany, to comply with both GDPR and the German Privacy Act (Bundesdatenschutzgesetz). For details, see Sites and Endpoints.

Treasure Data and Segmentation for Marketing

You can read more information about Treasure Data as a customer data platform and GDPR.

  • No labels