StartApp & GDPR: Frequently Asked Questions

GDPR at StartApp

Is StartApp GDPR ready?

A team of StartApp employees, accompanied by the company’s legal consultants and other professional and expert consultants, have spent the past year conducting a thorough review of all data storage and processing procedures, ensuring all required actions have been taken in order to achieve GDPR compliance. StartApp has been certified by ePrivacy as GDPR ready. StartApp is investing, and will continue to invest substantial efforts and resources to support the GDPR compliance process. Visit www.startapp.com/gdpr to learn more about what has been done so far.

 

How does StartApp comply with the legal requirements for transferring data?

StartApp complies with all local laws, GDPR Law, among other data privacy legislation and self-regulation requirements, and have updated our agreements (as well as signed various binding Data Processing Agreements), terms and conditions and privacy policy to be in line with the new additions to these laws. In addition, we have detailed our security procedures on our website.

 

Is StartApp a data controller or data processor?

Along with the app publisher, StartApp is a data controller.

 

Will the SDK obtain consent for the processing of personal data?

A GDPR compliant SDK will be published before GDPR goes into effect on May 25, 2018. Publisher partners will be responsible to obtain consent (which they are contractually obligated to do) and send that consent to StartApp. By downloading and using your mobile app, users have the opportunity to grant you, the app publisher, with permission to collect Device Information and share it with StartApp. For additional information regarding choices you may have with respect to our use of your information, please refer to the Your Choices and Controls section of our Privacy Policy.

 

I’m a publisher. What happens if I don’t update my apps to the new SDK?

The GDPR compliant SDK will be released with sufficient time to update your apps prior to the May 25 deadline. After May 25, StartApp will continue to answer ad requests, but will not be able to personalize and target ad requests to users that come from earlier versions of the SDK. We encourage you to update to the latest version as soon as possible to avoid any disruption to your ad performance and revenue.

 

Are your company’s data partners GDPR-compliant?

Our data partners have signed our SDK agreement, publisher agreement and Data Processing Agreements with StartApp agreeing and confirming that they are GDPR compliant.

 

What is now considered personal data that wasn’t before?

Personal Information includes your contact details submitted upon registration or voluntarily contacting us, such as your name, email address telephone number, address upon a submitting voluntarily request; or certain identifiers such your IP addresses or Android ID, Advertising ID, IDFA or Device ID (“IDs”).

Note that, while advertising IDs are not considered personally identifiable information in some jurisdictions, there are jurisdictions (such as the EU), in which such data sets are considered personal data. Therefore, we treat all IDs from various jurisdictions as personal data. Please note that we may collect different categories of Personal and Non-Personal information from you depending on the nature of your interaction with StartApp as detailed in our privacy policy.  However, we will always treat Non-Personal Information as Personal information if we combine it with such.

 

Will there be an impact on your company’s use of data in targeting or in other product offerings?

There will be no major impact on StartApp’s use of data in targeting or other product offerings.  StartApp uses the information it collects about you to provide its services and to gain a better understanding of the products and services that may interest you and other users.

 

If so, what is changing? By working with your company, are publishers automatically GDPR compliant?

The GDPR compliant SDK has been released with sufficient time for publishers to update apps prior to the May 25 deadline. We encourage publishers to create their own privacy policy that includes a link to our privacy policy. In addition, publishers should review all SDKs installed in their apps and determine if a EULA is necessary to add to their apps.

 

What data of the end user is collected?

Certain identifiers such IP addresses, Android ID, Advertising ID, IDFA or Device ID (“IDs”) are collected from the end users, as well as device data such type of device, language, time and data, for more information please review our privacy policy

 

How is the data used?

Data from end users is used to provide StartApp services, like serving targeted ads.

 

Are sufficient protection taken to keep the data safe when at rest as well as while transferring or collecting?

StartApp has followed all guidelines brought by both TrustE and ePrivacy to ensure that all data is safe while at rest and during transfer or collection. Further, StartApp has implemented technical and security measures to comply with the accountability requirements under the GDPR, for more information please review our security policy (add link).

 

How long is the data stored?

We retain the Non-Personal Information we collected for as long as needed to provide our service, carry out our business purpose and to comply with our legal obligations, resolve disputes and enforce our agreements, in accordance and compliance with applicable laws, but in any event we will not keep the data longer than 24 months in an identifiable form, or as required by law.  Other data, such as the IDs are kept for maximum time period of 6 months and some for less than 7 days, all as required to provide the Service and in compliance with applicable laws and legislation.

 

Who has access to the data?

Access to Personal Data is restricted to solely the employees that “need to know” and is protected by passwords and usernames. Access to the Personal Data is secured by VPN and is highly managed by access control policies. The Company uses high-level security measures to ensure that the Personal Data will not be accessed, modified, copied, used, transferred or deleted without specific authorization. The Company audits any and all access to the database and any authorized access is immediately reported and handled.

 

Are sufficient measures being taken to prevent a data breach?

StartApp has implemented both technical and organizational measures to protect the Personal Data processed by it against loss, unlawful acts and destruction, alteration, unauthorized disclosure or access, etc. You can review the full details in our Privacy Policy and Security Statement.

 

 

Is there a provision provided in which the users who are affected by a Data breach can be informed?

In the event of a data breach, in which we discover your Personal Data is at risk, or might be at risk, we will notify you through the Services or, if technically possible, by sending you an email. Further, our DPO will decide if needed to inform the Authorities as well.

 

 Is the data backed up anywhere else?

Data is backed up daily on multiple servers.

 

Share Article

Back to Blog