In May 2018 General Data Protection Regulation (GDPR) came in force. Among other terms GDPR provides individuals with more control over their data. Capsulink performed certain actions to be fully GDPR compliant.
GDPR classifies personal data as information that's related to an identified or identifiable natural person. This includes names, identification numbers, location data, online identifiers or special characteristics that can express the physical, genetic, mental, cultural or social identity of a natural person.
Examples of personal data include telephone numbers, credit card numbers, account data, appearance, address, number plates, customer IDs and more.
Capsulink is a data processor and data controller, i.e. an entity that determines the purposes, conditions, and means of the processing of personal data and processes the personal data on behalf of the controller.
Capsulink store customers' data, such as billing data, payment methods, and other types of personal data available to Capsulink solely for the purposes of providing the link management solution and in order to provide customers with click stats, Capsulink analyzes data from the users who click on links. To produce click metrics Capsulink analyzes a variety of sources of data, none of them considered personal data under GDPR - save for the IP address. While an IP address can be considered as personal data, Capsulink anonymize it by truncating the last class of digits prior to any reporting or storing. As such, no personal data is stored and Capsulink click metrics are not subject to GDPR laws. Even cases of IPv6, Capsulink anonymizes the data and remain compliant.
Capsulink is not responsible for any personal data which customers may wish to pass through their links in the form of forwarding parameters. In this case, it's the customer's responsibility to notify Capsulink and their own users or customers that links contain personal data.