General Data Protection Regulation
What is the GDPR?
The General Data Protection Regulation (‘GDPR”) is a European law that regulates the data of individuals in the European Economic Area. GDPR went into effect on May 25, 2018. GDPR marks the most significant reform of European data protection law.
The Purpose of the GDPR
The GDPR’s purpose is to create a universal data protection law across the European Union. The goal of the law is to protect individual rights and freedoms regarding the use of their personal data. EEA citizens enjoy a fundamental human right to privacy of their personal data.
The Scope of the GDPR
Any business that provides goods and services in the European Economic Area, or that otherwise monitors the behavior of individuals in the European Economic Area (e.g., the use of analytics or ad tech technologies), will be subject to data protection law. Organizations that do not comply with GDPR face potential regulatory fines of up to 4% of annual worldwide turnover, in addition to civil suits from affected individuals.
Propensity’s approach to the GDPR
Propensity recognizes the significance of these reforms both to our clients and to the services we provide. Our customers expect to work with partners who commit to ethical data practices, compliant data protection, and information security standards when handling their data. Propensity has adapted the concept of privacy by design and incorporated privacy in every aspect of our organization from the development of our products; to delivering our products and services; to ensuring the continued use of adequate security measures to safeguard any data collected and processed on systems owned or managed by Propensity.
Data Collection
How does Propensity curate its data?
Propensity aggregates data collected by its proprietary list of data partners in a Data Co-op. Each member of the Data Co-op (“Co-op Member”) contributes data by deploying a javascript or pixel tag on their web properties. A web-property is a point of presence (e.g., a website, advertisement, blog) on the web that is an asset of a company used for the purpose of representing a brand.
What data does Propensity use?
Propensity uses unique identifiers, such as cookie ID or hashed email; IP address and information derived from the IP address, such as city and state; engagement level data, such as dwell time, scroll depth, scroll velocity, and time between scrolls; page URL and information derived therefrom such as content, context, and topics; referrer URL; browser type and operating system.
Does Propensity collect Personal Data?
Propensity profiles Companies, not individuals. Propensity does not collect any Personal Data that directly identifies an individual as part of our intent data aggregation. Propensity collects Cookie IDs and IP addresses, including engagement metrics. The data Propensity collects is not Personal Data because at collection the data is aggregated to create a profile of a company, not an individual.
How is consent collected?
- Pursuant to TCF protocols, the javascript tag sits behind the Consent Management Platform (“CMP”) on each Co-op Member web property. When you visit a Co-op Member web property, the Co-op Members’ CMP collects your explicit informed consent or offers an opt-out. After you provide consent, the Co-op Member passes the consent string to our data partners, for the purposes that have been granted. You can revoke your consent for any or all purposes previously granted at any time.
- Co-op Members agree to present their website visitors with the option to consent (and, in some jurisdictions, opt-out) when each visitor lands on the Co-op Member’s web property.
- The Propensity Tag does not collect data unless it receives the appropriate consent signal (where applicable). The Co-op Member collects and records consent from the user in a consent-based model.