Happy GDPR Day – We’ve got you covered
Dear Ghostery Users,
As you may be aware, on May 25, 2018 the EU General Data Protection Regulation (GDPR) goes into effect. We at Ghostery hold ourselves to a high standard when it comes to users’ privacy, and have implemented measures to reinforce security and ensure compliance with all aspects of this new legislation.
How does the GDPR affect me?
If you are a citizen of the EU or have data transactions that occur within EU member states, you are protected under GDPR regulations. This also means that any company that handles the data of EU citizens are subject to compliance – including Ghostery and our parent company Cliqz. Consequently, all of our users, regardless of where they are located, will be affected going forward.
A summary of your rights under the GDPR:
- Right to information (Article 12)
You must be informed of any data processing that occurs and of your rights regarding that data.
- Right of access (Article 15)
You may request confirmation as to whether personal data concerning them is being processed. Furthermore, if this is the case, the controller must provide a copy of all personal data, including information on the purposes of processing, duration of storage, origin and transfer of data to a third country or to an international organization.
- Right to rectification (Article 16)
You can obtain from the controller without undue delay the rectification of any inaccurate personal data of yours.
- Right to erasure / “Right to be forgotten” (Article 17)
You have the right to obtain from the controller complete erasure of all your personal data without undue delay.
- Right to restriction of processing (Article 18)
Under certain circumstances, you can obtain from the controller restriction of processing of your personal data, for example if you contest the accuracy of the data or if the processing is unlawful.
- Right to data portability (Article 20)
You will have the right to transfer your data to another application (such as from one social network to another). The controller must provide this data in a “structured, commonly used and machine-readable format.”
- Right to object (Article 21)
You have the right to object at any time to the processing of your personal data.
What is Ghostery doing to uphold GDPR regulations?
- We conducted and reported on an internal audit for all services that involved data processing of individuals per Data Protection Impact Assessment (DPIA) guidelines.
- We have reviewed all external services we use for development, support, and recruiting to ensure they operate in compliance with GDPR regulation.
- We implemented a feature on users’ account pages that allows users to export and view all data associated with their Ghostery account if they have one, including personal info (name and email) as well as settings (blocking preferences, trusted/restricted sites, etc.).
- We provide an account deletion feature to completely and permanently expunge account data without the option of recovery.
- We updated our FAQ page and continue to maintain our open source code page on GitHub as sources of transparency and information.
How can I learn more?
If you have further questions or concerns, you may contact us at firstname.lastname@example.org.