GDPR compliance

Issue Date: July, 2018

The GDPR (General Data Protection Regulation) is an important piece of legislation designed to strengthen and unify data protection laws for individuals within the European Union. This regulation became effective within the region on 25 May 2018, and has been a strict benchmark for strengthening data laws worldwide.

Our Commitment

Predictable Media's infrastructure was analyzed by Kemp Little to ensure compliance with GDPR standards and regulations. Our team is fully committed to complying with these regulations, and to helping our clients adhere to them as well.

This page provides an overview. For any specific questions, you can contact our Chief Privacy Officer (CPO).

Contents

  • Predictable Media's Role
  • Data we store & process
  • How we comply with GDPR
  • Our sub-processors

Predictable Media's Role

Following GDPR regulations, Predictable Media is defined under the role of Data Processor, who acts according to instructions given by the client who takes on the role of Data Controller.

Under this role, it Predictable Media has the obligation to give clients a platform complying with GDPR security and privacy standards, giving them the tools to connect, model and use their data for the purposes and objectives that they determine.

Data we store & process

Predictable Media does not collect data, but processes and consolidates data from the data sources that the client decides to upload or connect to the platform. These can be:

  • E-commerce platforms
  • POS systems (physical point of sale)
  • Customer data systems (ERP, CRM, etc.)
  • Forms
  • Uploading CSV files
  • Accounts on advertising platforms (Facebook Business Manager, Google Ads, Google Analytics)


The client is always the owner of the data uploaded to the platform. Predictable Media does not sell data or use it for its own intents and purposes, and eliminates data completely once the service has been completed.

Data loaded onto the platform is source from first parties, most common being:

  • Name (first name, last name)
  • Unique number (RUT, SSN, etc)
  • Demographic information (sex, age)
  • Contact information (phone number, email, address)
  • Transactions (product, date, amount, purchase channel, checkout)
  • 商品(管理単位、写真、価格)
  • Campaign metrics from marketing platforms


How we comply with GDPR

World-class safety standards

We have technical and organizational measures to meet the safety requirements of Article 32 of the GDPR.

  1. Infrastructure: Our infrastructure based on Amazon Web Services has the highest security standards in the market, in addition to world-class service availability.
  2. Data Encryption: All of our clients' data, both in transit and at rest, is encrypted using standards such as AES 256.
  3. Processes: Automated process in data treatment that reduces human access to a minimum.
  4. Emergency protocols: In the event of any data security breach, Predictable Media will immediately notify involved clients and the relevant authorities.


Confidentiality

All our client contracts include the signing of an NDA to safeguard confidentiality.

Additionally, all PM employees work under contracts with strict confidentiality obligations.


Suppliers

We only hire processing providers who meet the same standards and obligations as we do.


Protection of consumer rights

Ensuring compliance with the consumer rights established by the GDPR, it Predictable Media may correct, edit, restrict or delete data in the event of receiving a direct request from the customer without the need for an instruction from the client.

In case the client is the one who receives this request from his customer and notifies Predictable Media, the platform will assist the client in taking the necessary measures.


Client assistance in adherence to regulations

We keep a record of all data processing activities, which our customers may request at any time for audits or inspections.

GDPRの規定に反する要求があった場合は、GDPRとの整合性を逸脱しないように、お客様に通知します。


Our sub-processors

In Predictable Media we're committed to using world-class technologies that allow us to scale and, at the same time, generate a secure ecosystem for data entrusted to us by our clients.

  • We select suppliers who meet the same standards as us in terms of security and privacy of personal data.
  • For international data traffic, we use the Privacy Shield provided by AWS, which is a mechanism approved by GDPR regulations.
  • We do not add new sub-processors without first informing our clients, who will always have the option to object to the change.


Some of the main technologies that make up our ecosystem