OnSite & InBox - Anonymous Data Collection
Well before GDPR was adopted by the EU, OneSpot made the commitment to collect only non-personally identifiable information in our tracking and logging data. Through a combination of controls on people, process and tools, OneSpot ensures that none of the data that is automatically collected, stored or handled by OnSite or InBox can be used to identify a person either directly or indirectly. This is consistent with the guiding principle of privacy by design as stated under GDPR Article 25.
Too often we read online that any cookie tracking, IP address logging or web behavior analysis is personal data and subject to GDPR. To further clarify and further educate our customers we created the datasheet OnSite and Inbox data is Anonymous Data outlining our interpretation of the current GDPR definition of personal data as it applies to the data we handle in OnSite and InBox. In this datasheet, we review relevant GDPR articles, recitals and EU case law in order to show how TrustArc and OneSpot arrived at the conclusion that no personal data, as defined by GDPR, is processed by InBox or OnSite.
Insights - Personal Data We Collect
When OneSpot sets your employees up with user logins for our Insights dashboard, we require the users full name and email address. We collect data related to product usage, such as successful and failed logins, which features are used most often, as well as any error logs or crash reports. We also have live chat and email support features which allow users to submit questions and get real-time response. Finally we will email our users with product-related announcements, tips and tricks. We use this user data for customer service and product improvement, we do not use or share this data for any other purpose.
We retain this data for the duration of the customer agreement. Because all of this data relates to identifiable users, if any of your users are located in the EU then this data would be protected as personal data under GDPR, and you will want to sign our Data Protection Addendum (DPA) in order to maintain your own GDPR compliance. You can sign our DPA directly from this page in the section below.
Sign our DPA
In the course of providing our service, OneSpot may process personal data on your behalf. In order to outline specifics of how we will perform this processing and what our obligations are as well as the obligations of our users/customers we’ve developed a Data Processing Agreement (DPA) that we enter into free of charge with anyone that uses our service and requests it. This document forms part of a contract of service with OneSpot (as the Data Processor) and our users/customers (as the Controllers). The DPA reflects the parties’ agreement with regard to the processing of personal data performed using our service.
As a Controller, in order to sign this agreement, you must review and digitally sign copy of the Data Processing Agreement. We will countersign it and provide you with a fully executed downloadable copy via email within 5 business days. Upon OneSpot’s receipt of the validly completed and digitally signed Agreement, this Agreement shall be in full force and effect.
Do Not Track
OneSpot also honors the Do Not Track header. This means that if your website visitors have the Do Not Track header installed, OneSpot will not track them.
OneSpot Subprocessors List
OneSpot maintains a list of third party subprocessors in connection with the applicable OneSpot Products/Services.
When someone visits a site with our tracking script installed, we collect internet log information and details of visitor behavioral patterns. This allows us to identify the number of visitors to various parts of the website, as well as other general performance metrics. In theme with all of our privacy and compliance standards in place, we collect this information in a way that does not personally identify the individual. For more detailed information, please visit our Cookie List.