Visitor Analytics has appointed a Data Protection Officer who can be contacted at the following address: firstname.lastname@example.org.
Germany and Romania (EU)
All analytics data is processed by German cloud provider Hetzner, in Germany.
Data is never transferred outside the EU.
If ever, Visitor commits only to transferring personal data outside the EU if an adequate level of data protection is established.
Subcontractors are subjects to written agreements providing the same protection level as set out in Visitor’s DPA: https://www.visitor-analytics.io/fileadmin/visitor-analytics/downloads/dpa/20210622_visitor-analytics_data-processing-agreement_en.pdf
Visitor has made public its of subprocessors: https://www.visitor-analytics.io/fileadmin/visitor-analytics/downloads/dpa/20210622_visitor-analytics_data-processing-agreement_en.pdf
Prior to adding new subprocessor or replacing an existing subprocessor, Visitor informs controllers and provides a reasonable deadline for them to object.
Visitor commits to notify controllers without undue delay after becoming aware of a security incident, to assist controllers in fulfilling their notification and communication obligations, and to take appropriate measures to mitigate the possible adverse effect of the incident.
Visitor Analytics will notify the concerned controller promptly (maximum 5 working days) in writing of any communication received from a data subject relating to its rights and will assist the controller within the scope of its ability to fulfil the request.
Visitor assists controllers in ensuring compliance with their obligations in respect of DPIAs and prior consultation.
Visitor ensures all persons authorised to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
Visitor has obtained an ISO 27001 certification, for which a security policy is necessary.
Cloud security relying on Hetzner (CCTV, security team, physical access controls, etc.)
Regular data backup, IP address anonymisation (optional), intrusion detection controls, data encryption in transit, data access monitoring, authorization management, employee security training, firewalls, server redundancy, prohibition of permanent workstation storage of personal data.
Data encryption in transit (SSL).
Visitor allows access or processing of personal data by employees for IT support and maintenance. The internal access to data (e.g., by employees) is regulated through the concept of least privilege.
A special script and encrypted keys are used to access personal data and audits are conducted to ensure controls are enforced.
Visitor Analytics is only providing data to each controller based on the Data Processing Agreement signed between the two parties and will not share personal data without the controller’s consent, except under certain limited circumstances, such as when required by law.
YES, Visitor doesn’t collect unnecessary cookies.
Cookies collected relate to ignoring a data subject’s visit on a website.
NO, data is stored in the EU by an European cloud provider.