Simple Analytics

Audited

Designated DPO or GDPR correspondent

Compliant
Partially Compliant
Not Compliant

Simple Analytics doesn’t process personal data, therefore does not have to designate a DPO.

Simple has a privacy dedicated email contact available on the website: privacyquestions@simpleanalytics.com

Privacy Policy

Compliant
Partially Compliant
Not Compliant

Regarding cloud:
A Cloud Privacy Policy is not necessary as no personal data is processed in the Cloud.

Regarding website:
https://simpleanalytics.com/privacy-policy

Country & Type of Data storage

Compliant
Partially Compliant
Not Compliant

Company Headquarters:
The Netherlands 🇳🇱  (EU) 🇪🇺

Storage Facilities:
All analytics data is processed by Dutch cloud providers Worldstream and Leaseweb.

Data transfers outside the EU

Compliant
Partially Compliant
Not Compliant

Data is never transferred outside the EU.

Legal tools for Subcontractors

Compliant
Partially Compliant
Not Compliant

Simple has only one subcontractor for CDN that is called BunnyCDN and is part of a company called BunnyWay, located in Slovenia (EU). They have concluded a written agreement protecting personal data processed on BunnyCDN's part.

Data Breach Notification

Compliant
Partially Compliant
Not Compliant

Simple shares technical incidents on its website: https://status.simpleanalytics.com/?ref=simpleanalytics.com

Simple doesn’t process personal data and therefore a data breach cannot be materialized nor notified.

Right Requests Process

Compliant
Partially Compliant
Not Compliant

Simple doesn’t process personal data therefore does not have to fulfill this GDPR obligation.

Data Privacy Impact Assessment

Compliant
Partially Compliant
Not Compliant

Simple doesn’t process personal data therefore does not have to fulfill this GDPR obligation.

Employee Trainings

Compliant
Partially Compliant
Not Compliant

Simple doesn't process personal data and therefore is not obliged by the GDPR to have its employees subject to confidentiality obligations and trainings on personal data management.

Security Policy

Compliant
Partially Compliant
Not Compliant

Simple doesn’t mention having a security policy.

Organizational and Technical Security Measures

Compliant
Partially Compliant
Not Compliant

Server security:
Cloud security relies on Worldstream and Leaseweb.

Other measures:
Anonymisation and pseudonymisation of data, password encryption, backups on external servers.

Data Encryption

Compliant
Partially Compliant
Not Compliant

Data is encrypted at rest.

Restriction of access

Compliant
Partially Compliant
Not Compliant

Simple doesn’t process personal data therefore does not have to fulfill this GDPR obligation.

Reuse of data

Compliant
Partially Compliant
Not Compliant

Swetrix doesn’t reuse personal data, nor sell it.

Exemption of cookie consent

Compliant
Partially Compliant
Not Compliant

YES, Simple doesn’t set any cookies.

Submission to Cloud Act/FISA

Compliant
Partially Compliant
Not Compliant

NO, data is stored in the EU and anonymized (therefore no more considered personal).

Updates
March 24, 2022
Privacy Score has increased
March 24, 2022
Listed on PrivacyBoard with a score of
March 24, 2022
Has been audited by PrivacyBoard
View the audit
March 12, 2022
Privacy Score has increased
42%
March 12, 2022
Listed on PrivacyBoard with a score of
42%
March 12, 2022
Has been audited by PrivacyBoard
View the audit