The GDPR (General Data Protection Regulation) is a single set of laws governing data protection and privacy that apply to all companies that do business in the European Union, no matter where their offices or headquarters are located.
It not only imposes strong protections on personal data, but also gives individuals rights where the use and storage of their personal data are concerned.
The GDPR concerns personal data that is processed by companies. Personal data includes names, addresses, non-generic email addresses, IP addresses, and any other information that can be used to identify a living individual. Collecting, storing, consulting, using, and otherwise handling data are all forms of processing.
The GDPR came into full effect on May 25th, 2018.
How does the GDPR change how data is handled?
- Some countries had requirements for data protection, but each country — and each company was different.
- Companies’ privacy policies could often be difficult to understand.
- Some companies assumed your agreement to allow them to handle or process information about you.
- You might not have known where information about you was stored or transferred.
- Some companies collected any information they could obtain.
- Many companies stored personal data indefinitely.
- Not respecting privacy laws or policies did not have significant consequences for most companies.
- Companies might have worked with other companies whose data protection was not very robust.
- All companies operating in the European Union must comply with the rules and requirements of the GDPR.
- Privacy policies must be easy to read and to understand.
- Companies must now obtain clear consent from you before they can collect and process information about you.
- You must be informed when your personal data is transferred or stored outside of the European Union.
- Companies can only collect information for specific, clearly stated purposes.
- You now have the right to access your personal data, have it moved to another service, or deleted.
- Heavy fines are now imposed for violations of data protection laws.
- Companies must now make sure that their partners and subcontractors also respect the data protection standards of the GDPR.
Who is affected?
You are affected if you live in the European Union or if you interact with businesses operating in the European Union.
If you represent a company, you are affected if you do business in the European Union, or if your clients are located in the European Union. You may also be indirectly affected if your business partners, subcontractors, or B2B clients do business in the European Union.
OnCrawl has always been committed to protecting your data
OnCrawl has never collected data that we don’t need in order to analyze your website and to display visualizations of its data.
Any additional data that you provide us as a user has always been stored in a private FTP space associated with your account, and is isolated and protected. We do not process this data in any way except to identify types of visitors to your webpages and to provide the anonymous, aggregated results you see in the OnCrawl application.
The OnCrawl application is secure: we use the HTTPS protocol. We isolate our software components. And we keep our software stack up to date as part of our commitment to providing a reliable service to you.
What else does OnCrawl do to ensure GDPR compliance?
We clarify your rights
You have the right to understand what personal information we process about you, why, and what we’re doing with it.
You can request access to the personal information we have about you at any time.
We need your consent to process your personal data, and we will get rid of any of your personal data upon request.
We tell you what personal data we collect with the application OnCrawl
If you use our Log Monitoring feature, the OnCrawl application handles personal data in the form of the IP addresses of visitors to your website. This information is required in order to distinguish reliably between google bots and other visitors.
IP addresses are not stored in the OnCrawl application. This data only exists in the original file that you upload to your private, secure FTP.
The raw data is deleted after being filtered and the results have been imported into the OnCrawl application. The original file remains in your private FTP space.
We allow you to refuse to share personal data with the application OnCrawl
You can choose not to provide OnCrawl with personal data by removing IP addresses from your server logs before uploading them to your FTP account. This may have an impact on the reliability of the data from your log files: without IP addresses, we may incorrectly identify some visitors as bots even though they aren’t.
We tell you what we do with the data collected by the application OnCrawl
We perform operations to aggregate the data you provide in order to visualize it. We use this data to give you a detailed view of how your website is structured and of the behavior of search engines as they index a website that they visit.
This allows you to identify the technical factors that help or hinder indexation of pages of a website by search engines.
We use personal data (IP addresses) to authenticate the visits by Google’s bots on the pages of a website. We use the method recommended by Google on their support page about verifying their bots.
We tell you what personal data we collect outside of the application OnCrawl
If you use the Intercom service available on our website and in the OnCrawl application to chat with our team or ask questions, we use information about you in order to know who you are and to answer your questions. This information can be information provided by your browser through a tracker on our website, or information in your Intercom profile, if you have one.
We tell you what we do with do with the data collected outside of the application OnCrawl
We collect the most frequent questions in order to add to the available help content and to improve your experience with OnCrawl.
We also maintain a history of conversations in order to improve training for our team members, to improve the quality of answers we provide to you and to other clients, and to keep you updated when new information related to a question you asked becomes available.
Only OnCrawl team members have access to this data using personal account credentials.
We have put transparent internal procedures in place to ensure data protection
Our team members are bound by confidentiality agreements and receive training on data protection issues. Access to personal data by our team is restricted, and all access by authorized team members is via protected, individual accounts.
We ensure data hosting within the European Union
All of the data in OnCrawl is hosted in Belgium, within the European Union. We do not transfer any personal data collected with OnCrawl outside of the European Union.
We use outside experts to ensure our accountability
OnCrawl uses the services of privacy consultants and experts. This ensures that our standards and procedures are compliant and prevents conflicts of interest.
What does this mean for you?
Good news for you: in addition to the security measures we put in place because we believe your data is important, we’ve also taken the necessary steps to make sure we are fully GDPR compliant. When you work with us, the activities you carry out in OnCrawl are also GDPR compliant.
You can continue to use OnCrawl with confidence that your personal data is treated with respect and that the personal data of anyone else that you share with us (such as IP addresses) is secure.
For our clients who do business within Europe and who provide personal data for us to process (such as server logs for use with OnCrawl Log Monitoring), we offer a Data Protection Agreement. This document clearly states our responsibilities as sub-processors and the responsibilities of our clients with regards to the personal data they provide us. We and our clients agree to uphold these responsibilities and to follow the guidelines in the document.
If you would like to receive a copy of your information, or to have it deleted, you can let us know.
How OnCrawl can help you respect the GDPR
If you are a communication or an SEO agency, we can help you provide GDPR-compliant SEO audits to your clients.
If you are a business operating in the European Union, we respect your data processing standards and establish common practices through a Data Protection Agreement.