GDPR FAQ

GDPR FAQ

What is the GDPR?

The General Data Protection Regulation (GDPR) is European Union legislation designed to protect the personal data of EU citizens. This law replaces the 1995 Data Protection Directive and applies to all corporations and individuals doing business inside the EU or collecting data about its citizenry. The GDPR takes effect on May 25th, 2018.

What rights does the regulation grant?

The regulation grants EU citizens the right to know what data is collected about them, the right to have inaccuracies corrected, the right to be forgotten, the right to restrict processing of the data, and the right to transfer the data to another service.

The regulation also enforces industry standard best practices for secure storage, transfer, and access. The GDPR stipulates strict penalties of up to €20 million or 4% of the worldwide annual revenue of the previous financial year, whichever is higher, for organizations that do not comply.

What data does Mediafly collect?

Mediafly collects general information including your name, email address, contact information, IP address, geographic location, user agent, and document viewing history based on the nature of your interaction (e.g. visiting our website vs. using our platform).

Mediafly does not collect sensitive information such as race, sex, religion, or medical history.

Why does Mediafly collect this data?

Mediafly cannot provide the quality of service we offer without access to this information. We use this data to make incremental improvements to our website and platform, service platform users, and provide reporting and analytics to customers. This information may also be used for diagnostics and troubleshooting purposes.

How does Mediafly protect this data?

Mediafly uses industry standard best practices to protect your data. These practices include using encryption at all times (both at rest and during transit) as well as limiting who has access to the information. Mediafly uses DRM technologies where appropriate.

Mediafly does not share data with third parties other than Amazon Web Services where Mediafly hosts its application infrastructure and the customers who have contracts with Mediafly.

How does Mediafly comply with the GDPR?

Mediafly enforces an updated Terms of Service agreement (applicable to all customers) as well as updated privacy policies. For Engagement360 customers, the Terms of Service and Privacy Policy can be customized by the customer. 

At our customer’s request, Mediafly can both store and process EU citizen data within Engagement360 inside a local data center in one of Amazon Web Services’s data centers located within the EEA. Reporting data for Engagement360, and data for other Mediafly products, cross borders to the United States for processing.

Mediafly supports anonymization of reporting data and deletion requests, subject to our Data Protection Policy.

Mediafly is committed to implementing policies that ensure data will be protected and align with industry standards. We will conduct periodic audits to ensure that these policies are enforced.

Who do I contact for more information?

Please contact dataprotection@mediafly.com with questions or to exercise rights outlined in the regulation.