Privacy & Compliance
OneSpot's Commitment to GDPR
A new data privacy law was recently introduced in Europe called the General Data Protection Regulation (GDPR), impacting how businesses collect and process data. This important piece of legislation was designed to strengthen and unify data protection laws for all individuals within the European Union (EU).
At OneSpot we’ve created a platform and service to deliver relevant content to users anonymously, without personally identifying users. We believe we have a responsibility to safeguard privacy and support anonymity in user behavior analysis, so that trust between website owners, prospects and customers can be assured and maintained.
We recently engaged with TrustArc, a reputable privacy risk management firm, to do a thorough GDPR assessment. TrustArc confirmed that OneSpot’s Inbox and OnSite products do not handle any personal data nor perform any high risk processing activities. For more detailed information on OneSpot’s commitment and compliance with GDPR, please review our compliance data sheets below.
OnSite & InBox - Anonymous Data Collection
Well before GDPR was adopted by the EU, OneSpot made the commitment to collect only non-personally identifiable information in our tracking and logging data. Through a combination of controls on people, process and tools, OneSpot ensures that none of the data that is automatically collected, stored or handled by OnSite or InBox can be used to identify a person either directly or indirectly. This is consistent with the guiding principle of privacy by design as stated under GDPR Article 25.
Too often we read online that any cookie tracking, IP address logging or web behavior analysis is personal data and subject to GDPR. To further clarify and further educate our customers we created the datasheet OnSite and Inbox data is Anonymous Data outlining our interpretation of the current GDPR definition of personal data as it applies to the data we handle in OnSite and InBox. In this datasheet, we review relevant GDPR articles, recitals and EU case law in order to show how TrustArc and OneSpot arrived at the conclusion that no personal data, as defined by GDPR, is processed by InBox or OnSite.
Insights - Personal Data We Collect
Sign our DPA
Do Not Track
OneSpot Subprocessors List
OneSpot maintains a list of third party subprocessors in connection with the applicable OneSpot Products/Services.