As your Ally in Digital, Marin Software believes that securing and protecting sensitive and confidential customer data is central to everything we do. Over the past year, we have been working hard to refine internal processes and procedures to ensure GDPR compliance. We believe Marin is in compliance with GDPR. Below is a summary of additional questions you may have.
What is GDPR?
The General Data Protection Regulation (“GDPR”) is a new set of regulations that harmonize the data privacy laws across the European Union ("EU"). The GDPR sets forth a number of rules to protect personal data processing, personal data movement, and other individual rights and freedoms.
When does GDPR go into effect?
May 25, 2018.
Who does GDPR apply to?
GDPR applies to all individuals (or “data subjects”) residing in
What organizations are subject to GDPR?
GDPR applies to any organization processing personal data that is: (i) established in the EU (regardless of where the personal data processing takes place); (ii) offering goods and services in the EU; or (iii) monitoring behavior of EU individuals.
What data is subject to GDPR?
GDPR applies to personal data that is processed or profiled.
What is Personal Data?
Personal data is any data that relates to an identified or identifiable individual, including elements such as: (i) location data; (ii) online identifiers; (iii) identification numbers; and (iv) profiling data (e.g., cookie data). Personal data also includes personal characteristics such as physical, physiological, genetic, mental, economic, cultural, or the social identity of an individual.
What is Profiling?
GDPR applies to those circumstances where individuals are profiled, or where personal data is used to evaluate certain personal aspects of an individual. Using Internet preferences and cookie data to create individual profiles falls into this category. Profiled personal data includes information such as economic situation, personal preferences, interests, online behavior, IP addresses, geo-location data, and movement data.
What is Data Processing?
Data Processing is defined quite broadly under GDPR and includes any action, whether automated or not, performed on personal data. Such actions may include viewing personal data on a computer screen (regardless of where the data is stored) and transforming or classifying information. Any personal data processing must be performed in compliance with GDPR.
What is a Data Controller?
A Data Controller is any organization that owns or controls the means of personal data. Customers using Marin’s solutions may be Data Controllers under GDPR.
What is a Data Processor?
A Data Processor is any third-party to whom a Data Controller provides personal data for processing. These may include consultants, agencies, tracking technology providers, ad tech analytics, marketing firms, CRM providers, marketing analytics tools, and outsourced email providers. Marin operates as a Data Processor under GDPR when providing services to our customers.
What actions has Marin taken in preparation for GDPR?
Marin always has maintained the highest standards with respect to protecting confidential information and complying with privacy rules and regulations around the globe. We have reviewed this status in the context of GDPR to ensure compliance.
Audits and Certifications
- Marin performs periodic security scans on our applications and networks.
- Marin works with an EU-based independent third-party to perform penetration tests and vulnerability assessments to ensure that we are operating at the highest standards.
- Marin’s data center is a Tier IV gold SSAE No. 16 audited facility that meets the highest standards for data center security.
- Marin Software complies with PCI-DSS standards for credit card processing.
Privacy-by-Design and Privacy-by-Default
- Marin employs Privacy-by-Design principles in our product planning and development practices.
- Marin also uses Privacy-by-Default principles to ensure our products remain compliant throughout their lifecycle.
- Data Protection Impact Assessments (DPIA): Marin supports our customers by providing assistance with DPIAs that involve Marin’s applications.
Dedicated Security and Privacy Team
- Marin’s security and privacy team are here to answer our customer’s questions and provide support in their security and privacy initiatives.
- Marin has appointed a Data Protection Officer to oversee and our compliance with data privacy requirements world-wide.
- Marin supports our customer’s privacy and security programs by providing guidance and documentation to enable transparent data processing practices.
- Marin’s tracking technologies can be configured to support our customer’s privacy requirements.
Marin only processes the minimum amount of data necessary to provide our customers with meaningful analytics and management tools.
What if I have additional questions?
Ask your Marin Customer Success representative or contact Marin's privacy office at firstname.lastname@example.org.
Additional GDPR Resources:
- European Commission — Seven Steps for Businesses to Get Ready for the General Data Protection Regulation. https://ec.europa.eu/commission/sites/beta-political/files/data-protection-factsheet-business-7-steps_en.pdf
- Google’s Data Privacy Site. https://privacy.google.com/businesses/
- Interactive Advertising Bureau – Europe: Privacy & Data Protection Information. https://www.iabeurope.eu/category/policy/data-protection/
- Interactive Advertising Bureau – Europe: Transparency & Consent Framework. http://advertisingconsent.eu/
- Oath’s Privacy Center. https://policies.oath.com/us/en/oath/privacy/index.html
- International Association of Privacy Professionals - GDPR Checklist. https://iapp.org/resources/article/gdpr-checklist/
- Amazon Advertising: Advertising and the EU General Data Protection Regulation. https://advertising.amazon.com/ad-specs/en/policy/gdpr
- Digital Content Next “Ad Ops: the unlikely GDPR heroes. 10 Actionable Steps to Digital GDPR Compliance”. https://digitalcontentnext.org/blog/2018/02/06/ad-ops-unlikely-gdpr-heroes/