EU General Data Protection (GDPR) Compliance

The European Union’s General Data Protection Regulation protects the privacy of website visitors, setting out the rules that apply to the collection and processing of data that could be used to personally identify the visitor.  Where personal data is collected, the GDPR requires that the website clearly disclose the details of that collection, and obtain clear, unambiguous consent from each visitor.  In a word, it ensures that EU citizens visiting websites are in control of their personal data at all stages of the relationship.

The GDPR defines “personal data” as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Compliance under GDPR can be established by providing detailed disclosures and obtaining consent, among other things. Or, alternatively, personalization can be accomplished without relying on the collection and processing of personal information in the first place. Generalized, nonpersonal data attributes of visitors, such as their coarse geographic location or broad demographic affiliations do not trigger the application of GDRP’s detailed disclosure requirements in the first place.

If you have EU customers, you need to be GDPR compliant.

Is GDPR compliant?

Pulse does not receive or process personal information within the meaning of GDPR and other privacy legislation. It receives only a coarse visitor location for each visitor, and from there returns relevant demographic information corresponding to that coarse location. At no time in the Pulse transaction can an individual visitor be identified by Pulse.  

Tracking, consent and GDPR

Pulse neither individually identifies nor stores information about, nor tracks individual website visitors.  It does not create or store cookies on your website’s visitors’ computers.  Because it collects no personal data or data that could be used to identify an individual visitor to your website, Pulse does not  trigger GDPR’s requirements, and using Pulse does not in itself require you to obtain specific consent from your website’s visitors. 

We DO NOT STORE the IP address of your visitors or any other personal identifiable data. We do not track your visitor’s visit in the first place, and that visit cannot be associated with any individual by Pulse and is not subject to GDPR regulation.

Data security and data breaches

We take data protection and security very seriously at Pulse. We constantly monitor for security flaws and unauthorized access and we will take action immediately if something suspicious is detected. In the unlikely case of a data breach, we will notify all of our customers within 72 hours after the breach was detected.

Some of the preventive measures we take include:

  • encrypted HTTPS communication layers for all data transfers
  • isolated data containers and data network
  • firewalls to prevent and mitigate different types of attacks and data leaks.

Privacy and Cookie Policy

Our privacy policy and cookies policy are GDPR compliant.

Sign Up for the Pulse Newsletter

Get exclusive digital marketing resources delivered to your inbox.