Liftoff is GDPR Compliant
Liftoff spent the last several months preparing to meet the requirements of the GDPR, the new data protection law coming into force on 25 May 2018. GDPR affects European and non-European businesses using online advertising and measurement solutions when their sites and apps are accessed by users in the European Economic Area.
The latest updates to our commercial contractual terms reflect Liftoff’s status as a Data Controller under the new law. We are also issuing a Data Processing Addendum to clients and partners (exchanges, MMPs, DMPs, etc..) which once again sets out our position as a Data Controller for the purposes of processing data pursuant to the GDPR. Liftoff is establishing the position of Data Controller on the basis that we utilize the data we collect solely for the purposes of providing our services, as well as to benefit all clients. Being a data controller allows Liftoff to define the purpose and usage of the data we collect, thus allowing Liftoff to develop better machine learning (ML) models quicker on a shared data pool, which drastically improves mobile marketing campaign performance and in turn increases spend on exchanges and the amount of data handled by data partners.
These commercial contract changes clarify that Liftoff will act as a “controller” of personal data that is received by Liftoff and will also provide clarity and protections around that controller status. Through these contract changes, Liftoff is establishing our commitment to comply with our obligations under GDPR when we process any personal data in connection with our services.
Liftoff has implemented the following changes, prior to May 25, 2018:
- Display AdChoices icon our HTML creatives for EU users which links to our opt-out page
- Built tools and processes to verify and support the user’s requests to show and/or delete personal data
If you have any questions about these updates, please don’t hesitate to contact us at [email protected]
Below are answers to commonly asked questions about GDPR.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a new European privacy law due to become enforceable on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and is intended to harmonize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state.
Who does the GDPR apply to?
The GDPR applies to all organizations established in the EU and to organizations, whether or not established in the EU, that process the personal data of EU data subjects in connection with either the offering of goods or services to data subjects in the EU or the monitoring of behavior that takes place within the EU. Personal data is any information relating to an identified or identifiable natural person.
Does the GDPR require personal data be stored in the EU? What does Liftoff do to ensure lawful data transfers from the EU?
No. There is no obligation under the GDPR for data to be stored in the EU and the rules regarding transfer of personal data outside the EU remain largely unchanged. The GDPR permits transfers of personal data outside of the EU subject to certain conditions. The EU-U.S. Privacy Shield continues to be one valid way to ensure adequate safeguards are in place for personal data transfer from the EU to the U.S. The EU model clauses also remain a valid mechanism to lawfully transfer personal data. Liftoff will offer a Data Processing Agreement to our EU/EEA customers. We are also Privacy Shield certified.
Will Liftoff be able to comply with the right to erasure (right to be forgotten)?
Yes. When end users (i.e. data subjects) ask us to delete them from our records, we will do so within 30 days.