GDPR Compliance
The General Data Protection Regulation (GDPR) is a regulation in EU law regarding data protection and privacy for European Union citizens. It states that brands in control of personal data, must be able to honor, within one month, requests for access, portability, rectification and erasure.
With regard to users, since it is impossible to know in advance which users are European citizens, GDPR applies to all users, European or not.
GDPR Entities
| Data Subject | The end-user of the application for which the data is being collected. |
|---|---|
| Data Controller | The advertiser determines the purpose and means by which the personal data is processed. |
| Data Processor | GrowthScore process personal data on behalf of the data controller |
GDPR Requirements
GDPR details the mandatory rights of the data subject.
| Rights | GDPR Definition | How GrowthScore helps the Controller |
|---|---|---|
| Right of Access | 1.If requested, data subjects have the right to know if, why, and for how long the data controller will be processing their data. 2.If data is shared with third parties (like GrowthScore), data subjects have the right to know who those third parties are. 3.The right to know what categories of data are being processed. 4.If there is automated processing, that has a significant effect on them. |
Data controllers at any point of time can access the status of the erasure request using API to get request status and report the same. |
| Right to Data Portability | The Data Subject needs to receive all of their personal data in a structured, commonly used and machine-readable format – such as a CSV file. | Get User Details API help the Data controller to read the personal data of the Data Subjects which in turn can be sent back on receiving portability request. |
| Right to Rectification | Allows Data Subjects to correct their data if they see it is inaccurate or untruthful. Data controllers then have to erase or fix inaccurate or incomplete data. | Data controller can submit ‘rectification’ request using Update user details API. GrowthScore updates the data subject's past data with the new data. |
| Right of Erasure | The right of erasure forces data controllers to remove the personal data within one month. | Data controllers can delete the collected personal data of data subjects with an ‘erasure’ request. |
GDPR Requests API
GrowthScore supports the above requirements via its GDPR Requests API
All requests to the GrowthScore API must be authenticated via Auth-Key provided in Dashboard -> Settings -> API.