As of May 25, 2018, a new data privacy law known as the EU General Data Protection Regulation (or the “GDPR”) will be in effect, through the EEA countries. The GDPR (and other European privacy laws) make a distinction between organisations that process Personal Data for their own purposes (known as “data controllers”) and organisations that process Personal Data on behalf of other organisations (known as “data processors”). The GDPR requires companies that are “Data Controllers” (which includes some of our clients) provide users with certain information about the processing of their “Personal Data.” “Personal Data” is a term used in Europe that means, generally, data that identifies or can identify a particular unique user or device – for instance, names, addresses, cookie identifiers, mobile device identifiers, precise location data and biometric data.
We sometimes process Personal Data relating to data subjects (i.e., persons) on behalf of these clients, and we therefore often enter into agreements to assist them in complying with their own obligations under the GDPR. However, if you have a question or complaint about how your Personal Data is handled, we encourage you to direct your inquiry to the relevant data controller, since data controllers are the ones with primary responsibility for your Personal Data.
On the other hand, we are data controllers of Personal Data that we collect from our own website, and from our own customers. As to that data, please note the following :