As the #1 Mobile Attribution and Analytics platform, AppsFlyer is committed to providing its customers full transparency and control over their users personal data, empowering them in their pathway to GDPR compliance.
What it Means What is the GDPR and how does it affect AppsFlyer customers?
On May 25, 2018, The European Union began the enforcement of a new data privacy law called the General Data Protection Regulation (GDPR) replacing the previous Data Protection Directive. A primary aim of the GDPR is to provide people in the EU greater control over their personal data and data which is collected about them.
Any company that collects (or processes on behalf of the company that collects) personal data of persons in the EU falls under the scope of the GDPR, even if the company has no physical presence in the European Union. This means that most businesses with a global or online presence, including AppsFlyer’s customers are affected.
Our Commitment to You How does AppsFlyer prepare for the GDPR?
At AppsFlyer, data privacy and security are at our core. Our state-of-the-art real-time infrastructure, advanced security and data protection, independent certifications and global regulatory compliance have earned the trust of the world’s leading brands.
AppsFlyer is committed to and investing significant and strategic resources — implementing rigorous technical measures and working with leading third party consultants — to provide diligent GDPR compliance across our solutions and teams.
AppsFlyer’s data transfer practices are certified under the EU-U.S. Privacy Shield Framework. EU and US clients can rely on the Privacy Shield Framework to transfer data lawfully between the EU and the US and vice versa.
AppsFlyer has implemented appropriate technical and organizational measures for ensuring that, by default, only personal data which is necessary for each specific purpose of the service are processed, strictly in accordance with our customers’ instructions and configuration.
Personal Data is collected only when we obtain assurances of user consent
Anonymized and encrypted personal data options
No selling or re-brokering of personal data
SDK opt-out/opt-in options
Honoring do-not-measure privacy choices
Maintain a Connected and Compliant Digital Stack
OpenGDPR is a universal, secure, and common framework for compliance with GDPR mandated data subject rights. The OpenGDPR framework presents a public API specification along with a recommended set of best practices for implementing and maintaining a connected and compliant stack. By adopting OpenGDPR, brands can reliably address data subject requests across their partner ecosystems, in near real-time.
GDPR Best Practices How AppsFlyer clients can prepare for the GDPR
Mobile app developers and advertisers utilize unique, personal identifiers to measure and understand their performance, optimize their app’s effectiveness and marketing. To ensure that you are complying with the GDPR’s personal data security requirements, here is a list of 6 key recommended measures to take towards GDPR readiness:
Use established third party tools that follow the top industry standards, like AppsFlyer.
Map out and document all data collection, processing and storage, as well as the data processing lifecycle. Ensure adequate security is employed at every stage.
Obtain informed and unambiguous user consent for the collection and use of personal data for the specific purposes for which you are collecting this data.
Does your app really need all the data it accesses? Strive to use only what is absolutely necessary for the purposes of the service provided to your end users.
Manage and respond to users’ requests, including consent withdrawal.
Identify potential weak links within your technology.
FAQ Clear answers to your GDPR questions
Does the GDPR apply if we are not an EU based company?
Even non-EU based companies will be subject to the GDPR if they offer goods or services in the EU or otherwise monitor the behavior of individuals in the EU.
What information does the GDPR apply to?
The GDPR applies to Personal Data. However, Personal Data is broadly defined and includes identifiers such as IP address, cookies, and device ID’s. Therefore, under such definition data collected by you through your use of AppsFlyer may be deemed Personal Data under the GDPR.
Does all personal data need to be stored in the EU?
No. The GDPR provides clear rules and frameworks under which personal data may be transferred and processed outside the EU. For example data may be transferred to countries deemed by the European Commission as having adequate privacy laws. Furthermore, data may be transferred under certain frameworks approved by the European Commission, such as the US-EU and Swiss-US Privacy Shield frameworks and Standard Model Contracts.
How does AppsFlyer handle the data it receives when customers use the AppsFlyer service?
Does AppsFlyer have a Data Processing Agreement to cover GDPR requirements?
A word from our lawyers: Nothing stated here is legal, compliance or other advice. It is provided only for your informational and convenience purposes. You should work closely with legal and other professional advisors to determine exactly how the GDPR may or may not apply to you. As we explained above, AppsFlyer is merely a processor of data which you, as the controller of your users’ data, make available to us. So, AppsFlyer can never directly engage with your users nor address their requests. You remain in charge of meeting your data subject users’ requests and we can help you by providing tools to streamline this process.