Permutive and GDPR

In this article

Permutive is engineered from the ground up to ensure privacy:

 

No third-party cookies
Permutive doesn't use its own cookie to track a user in a third-party context; instead, we use the publisher's cookie/local storage in a first-party context. This means Permutive doesn't automatically track users across sites unless third party tracking is enabled on your project.
Data is siloed
All data stored within Permutive is logically siloed meaning that analysis and processing cannot take place across publishers.
Consent & data rights
Permutive provides code to help you comply with consent and data rights.

GDPR rights

Under GDPR regulation, you will be expected to comply with a number of key "rights".

With respect to Permutive, these are:

  • The right of access
  • The right of erasure
  • The right to data portability

📘   Guide to GDPR

For a detailed break down of these, and other rights, please see the UK's Information Comissioner's Office's Guide to GDPR

The right of access

Under the UK and EU GDPR, individuals have the right to access their personal data and supplementary information.

As a data controller, this means you need to be able to retrieve all data stored and processed for the individual by the data processors you use. Permutive operates an internal system for retrieving all data received and processed for an individual by Permutive on behalf of the controller. To accompany this data, we provide an overview of how Permutive works to aid you in responding to the data subject.

Right of access requests are to be sent by the data controller to support@permutive.com. Permutive aims to respond promptly and guarantees a response within one calendar month of receipt.

The right of erasure

The right of erasure, or the right to be forgotten, allows "an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing".

To file an erasure request please contact Permutive support. You'll need to provide a user ID, so we can delete all data stored for a specific user.

The right to data portability

The right to data portability "allows individuals to obtain and reuse their personal data for their own purposes across different services".

As a data controller, this means "you must provide the personal data in a structured, commonly used and machine-readable form". Permutive operates an internal system for retrieving all data received and processed for an individual by Permutive on behalf of the controller in a machine-readable format called JavaScript Object Notation (JSON).

Right to data portability requests are to be sent by the data controller to support@permutive.com. Permutive aims to respond promptly and guarantees a response within one calendar month of receipt.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request