The General Data Protection Regulation (GDPR) is a significant piece of legislation that aims to bolster and harmonize data protection regulations for everyone living in the European Union.
Mevrik has made the necessary technological and business changes to run in a way that complies with GDPR.
We appreciate the privacy rights of our customers as well as their customers. We made the required adjustments to make sure Mevrik will always be GDPR compliant for this reason.
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Here is a brief summary of the actions we took to be maintain all GDPR criteria's:
In addition, Mevrik has discussed our strategy with various independent attorneys.
We implemented many actions throughout the whole company. We made adjustments to allow customers to customize how they obtain consent inside our feedback tools, and we increased anonymity within our analytics tools. For instance, Mevrik by default conceals all user keystrokes.
We also developed user interfaces that enable customers to respond to inquiries from their clients on their legal entitlements to access any personal data that may be kept in their Mevrik account.
Future clients may need to do two things, depending on your circumstances and the laws in your jurisdiction. The only significant modifications we detect that could have an impact on you as a result of utilizing Mevrik are listed below:
Make sure you clearly explain to your users how you utilize Mevrik on your website or application in your terms of service or privacy policy. We advise you to make sure your viewers can understand your policies and that they are current. You should most likely sign a Data Processing Agreement with Mevrik if you reside in the European Union. We are pleased to do so.Â
The General Data Protection Act (GDPR), which will replace the 1995 Data Protection Directive, is regarded as the most significant piece of European data protection law to be adopted in the European Union (EU) in 20 years.
The GDPR governs the collection, storage, transfer, and use of personal data concerning persons within the European Union. Importantly, the term "personal data" as used under the GDPR is quite wide and includes all information pertaining to a named or identifiable individual (also known as a "data subject").
By establishing guidelines for how businesses should manage and keep the personal data they gather, it grants data subjects additional rights and control over their data. By strengthening enforcement and charging higher fines should the GDPR's rules be violated, the GDPR also raises the stakes for compliance. The GDPR strengthens the privacy rights of EU citizens and imposes much stricter requirements on corporations that handle data.
Here are a few of the major adjustments brought about by GDPR, in brief:
Even if your business is based outside of the EU, you should be aware of this. Regardless of whether a business has a physical presence in the EU, the GDPR's obligations apply to any organization that handles personal data of EU citizens, including tracking their online activities.
Please don't hesitate to get in touch with us if you have any queries.
The California Consumer Privacy Act, usually known as the CCPA, is a privacy-focused law that has gone into effect on January 1st, 2020 and is intended to safeguard the privacy of Californian customers.
We were prepared to serve clients that needed to comply with the CCPA because of the numerous product and process improvements we made in advance of the 2018 General Data Protection Regulation (GDPR).
The GDPR is not the CCPA, though. We have hired a California-based law firm to examine our procedures and controls and provide advice on any necessary improvements so that we would be prepared and could complete our preparations. The following papers were improved as a result of this engagement:
The CCPA is a substantial piece of legislation that deals with numerous issues that are unrelated to or have no bearing on how you use Mevrik. However, there are parts of the CCPA that could apply to your use of Mevrik and give your clients rights. Below, we've provided a quick description of their rights as well as some tips for using Mevrik to help you take care of them.
According to the CCPA, companies must revise their privacy notices to clearly specify what data is collected, classify the data gathered, explain its intended use, name the third parties with whom the data is shared, and clarify the rights that an individual has.
To make sure you comply with the CCPA's standards, we advise you to thoroughly evaluate your company's terms of service and privacy policy. If necessary, you should also mention the usage of Mevrik.
We've created a particular text with the help of an outside attorney that you could use.
Under the CCPA, customers in California may be entitled to ask for and obtain a list of the personal data and other information a company collects (or has collected), as well as information about the purpose for which this data is being used.
The customer may also be able to ask for the deletion of any specific personal data. These deletion requests must be complied with by you, the business, with the exclusion of certain categories of data (such as billing or other information required by regulatory requirements).
To assist you in responding to these kinds of queries, our team has created a function called Visitor Lookup. You can use Visitor Lookup to locate users by looking for specific data elements (typically an email address). You can then share any information you have located using Visitor Lookup with the user and, if they so choose, allow them to easily delete it, ensuring that you, as a Mevrik customer, do so in a timely and legal manner.
An IP address may fall under the CCPA's definition of personal data if it may be used to pinpoint a household.
In accordance with Mevrik’s normal practice, visitor IP addresses are always hidden before being stored to disk on our servers. To prevent the whole IP address from ever being saved to disk, we change the last octet of IPv4 addresses to 0. The IP address of a visitor, for instance, will be saved as 1.2.3.0 if it is 1.2.3.4. Only the first three octets of the visitor's IP address are used to pinpoint their location.
Note: Passing IP addresses to Mevrik as a User Attribute is optional. In the event that a Mevrik customer chooses to provide Mevrik with IP addresses using the Identify API, the IP addresses will be retained and may qualify as personal information under the CCPA. The Identify API can be used without sending IP addresses to our servers because it is optional in Mevrik and is not turned on by default.
As always, our team places a strong priority on protecting your privacy and that of your users. We've created tools to make it simple for you to comply with the ever-changing privacy rules; but, if you have any queries about these tools, please get in touch with us.
We are willing to assist, but we are unable to render legal counsel. The information on this page is simply meant to provide an overview of the key provisions of the CCPA and to educate you, as one of our clients, on how Mevrik can be utilized in compliance. To fully comprehend your CCPA obligations, we advise that you consult with a reliable legal advisor.
The ISO 9004:2018 standard, titled "Quality management - Quality of an organization - Guidance to achieve sustainable success," offers recommendations for improving an organization's capacity to do so. These recommendations are in line with the quality management guidelines provided in ISO 9001:2015. Any business, regardless of its size, nature, or activity, can use ISO 9004:2018.
Payment Card Industry Data Security Standard (PCI DSS) compliance is adherence to the set of policies and procedures developed to protect credit, debit and cash card transactions and prevent the misuse of cardholders' personal information. PCI DSS compliance is required by all card brands.
No matter what the size or location of the organization, it must comply with the Payment Card Industry Data Security Standard (PCI DSS), which is a set of industry-mandated regulations. Five of the largest card brands created the PCI Security Standards Council, and they each participate equally in its activities. All businesses that store, process or transmit payment cardholder data must be PCI Compliant.
Since Mevrik maintains PCI DSS, it indicates that our security policies and practices are up to par. Mevrik does not store any credit card information.
Ready to thrive customer experience, increase sales & support?