StartApp & GDPR: Frequently Asked Questions
Is StartApp GDPR ready?
A team of StartApp employees, accompanied by the company’s legal consultants and other professional and expert consultants, have spent the past year conducting a thorough review of all data storage and processing procedures, ensuring all required actions have been taken in order to achieve GDPR compliance. StartApp has been certified by ePrivacy as GDPR ready. StartApp is investing, and will continue to invest substantial efforts and resources to support the GDPR compliance process. Visit www.startapp.com/gdpr to learn more about what has been done so far.
How does StartApp comply with the legal requirements for transferring data?
Is StartApp a data controller or data processor?
Along with the app publisher, StartApp is a data controller.
Will the SDK obtain consent for the processing of personal data?
I’m a publisher. What happens if I don’t update my apps to the new SDK?
The GDPR compliant SDK will be released with sufficient time to update your apps prior to the May 25 deadline. After May 25, StartApp will continue to answer ad requests, but will not be able to personalize and target ad requests to users that come from earlier versions of the SDK. We encourage you to update to the latest version as soon as possible to avoid any disruption to your ad performance and revenue.
Are your company’s data partners GDPR-compliant?
Our data partners have signed our SDK agreement, publisher agreement and Data Processing Agreements with StartApp agreeing and confirming that they are GDPR compliant.
What is now considered personal data that wasn’t before?
Personal Information includes your contact details submitted upon registration or voluntarily contacting us, such as your name, email address telephone number, address upon a submitting voluntarily request; or certain identifiers such your IP addresses or Android ID, Advertising ID, IDFA or Device ID (“IDs”).
Will there be an impact on your company’s use of data in targeting or in other product offerings?
There will be no major impact on StartApp’s use of data in targeting or other product offerings. StartApp uses the information it collects about you to provide its services and to gain a better understanding of the products and services that may interest you and other users.
If so, what is changing? By working with your company, are publishers automatically GDPR compliant?
What data of the end user is collected?
How is the data used?
Data from end users is used to provide StartApp services, like serving targeted ads.
Are sufficient protection taken to keep the data safe when at rest as well as while transferring or collecting?
StartApp has followed all guidelines brought by both TrustE and ePrivacy to ensure that all data is safe while at rest and during transfer or collection. Further, StartApp has implemented technical and security measures to comply with the accountability requirements under the GDPR, for more information please review our security policy (add link).
How long is the data stored?
We retain the Non-Personal Information we collected for as long as needed to provide our service, carry out our business purpose and to comply with our legal obligations, resolve disputes and enforce our agreements, in accordance and compliance with applicable laws, but in any event we will not keep the data longer than 24 months in an identifiable form, or as required by law. Other data, such as the IDs are kept for maximum time period of 6 months and some for less than 7 days, all as required to provide the Service and in compliance with applicable laws and legislation.
Who has access to the data?
Access to Personal Data is restricted to solely the employees that “need to know” and is protected by passwords and usernames. Access to the Personal Data is secured by VPN and is highly managed by access control policies. The Company uses high-level security measures to ensure that the Personal Data will not be accessed, modified, copied, used, transferred or deleted without specific authorization. The Company audits any and all access to the database and any authorized access is immediately reported and handled.
Are sufficient measures being taken to prevent a data breach?
Is there a provision provided in which the users who are affected by a Data breach can be informed?
In the event of a data breach, in which we discover your Personal Data is at risk, or might be at risk, we will notify you through the Services or, if technically possible, by sending you an email. Further, our DPO will decide if needed to inform the Authorities as well.
Is the data backed up anywhere else?
Data is backed up daily on multiple servers.