Any data about the user, which can help identify him or his preferences. Examples:
- Full name
- Email address
- IP Address
- Facebook ID
- Google Play ID
- Device and OS
- Secret Question and Answer
- Marital status
Some data, like Name and ID allows you to quickly identify a user. Other data provides you with a detailed portrait for targeting, such as user with high “LTV” means a user can spend more money than average, so that makes him a possible target for offering expensive goods.
Any actions with the above mentioned data, for example:
- Storage of the data by you and integrated third-parties: including server-side logs, Google Analytics, Yandex metrika, Appsflyer, Xsolla.
- Usage of the data, by you and integrated third-parties: showing special offers, mailing, automatic login, showing targeted ads.
Thus, all information is used in one way or another (even if it is simply stored in the server’s logs and you do not display it in analytics).
IMPORTANT: it is necessary to understand which third-party services receive what data and how they use it! Appsflyer? Facebook? AdMob? UnityAds?
Data Processing Rules
What General Data Protection Regulation expects from companies?
- Make a public statement which data is collected, how is it used and for how long will be stored. Let users know about that statement before using your service, app or website.
- Obtain user consent regarding data processing and store information about how and where the user gave this consent. For children: consent should be provided by parents.
- Ask user to perform unambiguous action to confirm acceptance. Make him tick a box, press a button stating that he agrees to the statement.
- Satisfy user’s rights to contact it and receive:
– Data collected in relation to that particular user
– Confirmation of the fact, that user’s data is being processed
– Information where and for what goals the data is processed and for how long it will be stored
– Clarification of the source of data acquisition
– Update data
– Erase data
– Transfer data to another company
- Notify the regulation authorities within 72 hours if there is a data leak.
- Have a contract with all third-parties, that have access to user data.
- Implement technologies to prevent unauthorized access, damage and erasure of the data.
What should you do?
These simple steps should make you compliant in most cases:
- Show user a popup, informing that he must give a consent to the updated terms of service and data processing terms or leave your app/site.
- Create an email for processing legal requests and add a topic selection in your contact form.