ROI Hunter | Blog

How ROI Hunter is Getting Ready for the GDPR

Written by Tolu Oke | Mar 20 2018

Getting Ready GDPR

We are committed to maintaining the trust of everyone whose data we handle. From visitors to our website to clients to employees and more. We want to make your data secure. At each intersection we have assigned staff to make sure that are compliant on all fronts. We do this by:

Extending GDPR Knowledge: ROI Hunter is working with GDPR experts to analyse our data processing procedures.

Carrying Out Internal Audit: We are running through all of our data collection flows to ensure that we are compliant from collection to deletion of user data.

Enabling Stakeholder Awareness: We are informing all necessary stakeholders of their rights and obligations with regard to GDPR.

Getting a Security Overview: We continuously update and invest in our security infrastructure.

Encouraging Vendor Compliance: We are and will continue to be in conversations with all of our vendors to make sure that they too are compliant.

ROI Hunter Platform

The ROI Hunter platform is open to clients and employees to use Facebook to serve ads to the public. As a result, there are some changes that we will implement to make sure that we are compliant as contract and consent processors, in accordance with the GDPR law.

Contract Processor

In order to gain access to the ROI Hunter platform, we will need some basic information from you such as your full name and name of company. In this case, we act as contract processors. The access tokens for third-party use i.e. Facebook and Google are encrypted.

Consent Processor

In order to deliver the best performing ads for our clients, we often need to process the contact information that our clients acquire. This is usually in the form of custom audiences, lead ads and CRM information. Because our clients have direct access to this data, it is up to them to get specific consent. The data we then get from custom audiences and CRMs are hashed so that we cannot gain access to personal or identifying information. Data acquired through a lead is sent to our clients and as a result we encrypt that information so that others cannot have access. We will also have a Privacy Shield which will ensure that data transfer to the US will be in line with the GDPR updates.

Other Points in the Regulation

Right to be forgotten: If users no longer wish to work with ROI Hunter and ask us to remove their data then they can simply click on the button asking to be deleted from our database. Even if past clients do not explicitly ask for this, we routinely delete old data from our platform on a regular basis.

Logs:

In order to ensure the smooth running of our platform, we need logs that describe what exactly happens in our platform every second. Theoretically, data from the logs can be used to identify individual clients. In order to minimize such risks, access to the logs is limited to only a few people and we only store the logs for a short time.

If any clients want an in depth view of what we will be doing, please contact your Client Success Manager for more details. 

ROI Hunter Website and Social Media

We can divide how we handle data on the website into three parts: collection, storage and deletion.

Data Collection

Before we collect personal data, we always inform the data user in plain terms what the data will be used for as well as give them the option to opt out at a later time. This includes access to our services, for example, webinars. 

Data Storage

Under the legislation, users can ask for all of the information that they provided to us. They can also ask us to modify and update the data. We provide this opportunity by placing a page on the site where users can request such changes.

Data Deletion

We will provide easily accessible opportunities for users to delete their data upon request. The time period in which we have to perform this action will also fall in line with GDPR principles.

Data protection is something that we take seriously at ROI Hunter. With these changes we will be able to continue to serve our clients and other stakeholders while respecting their need to know that their data is safe and handled properly.