Hurry! Offer expires soon
50% off
Predominantly, IO acts as a Data Processor regarding personal data of data subjects provided by IO customers.
Also, IO acts as a Data Controller regarding personal data of registered users of this Website. In this case, IO processes personal data for the purposes of the legitimate interests as it stated in Article 6(1)(f) of the GDPR (European General Data Protection Regulation). Providing services to other businesses, IO designs this Website to interact with individuals, who have relevant and appropriate relationship with those businesses, and such processing is necessary to display them web-analytics.
Acting as a Data Processor, IO processes mainly users’ ID or some other technical data of individuals, located worldwide and providing this data to IO customers via their websites, which provide this data to IO. The exact scope of personal data being transferred from IO customers to IO may vary and can be found in personal data protection contractual clauses signed between IO and each of its customers.
Acting as a Data Controller, IO processes mainly the first and last names, e-mail, and position of individuals, who have a relevant and appropriate relationship with IO customers.
Acting as a Data Processor, IO processes and conducts web-analytics regarding personal data of data subjects provided by IO customers. IO runs analytics about the provided data and provides its customers with a report of same. Only in individual cases, personal data may be included in the data provided by IO customers to IO to conduct such analysis. If so, the scope of personal data being processed while doing the analysis is app. only 1 % of the overall data provided to IO.
Acting as a Data Controller, IO processes a minimum of personal data to keep users’ accounts and identify their owners’ rights during their access to web-analytics.
The main processing activities conducted by IO with regard to personal data of third parties are the following:
Personal data of third parties, if provided by IO customers, is not changed during the processing activities of IO.
IO tries everything to minimize the processing of personal data. In this regard, IO has implemented organizational and technical security measures which allow only a minimum necessary number of IO employees to process personal data of third parties.
After the successful implementation of a GDPR compliance system, only 2-3 Employees in the Kyiv office of IO have access to the personal data of third parties.
Data provided by IO customers is processed with systems only located in Germany and the Netherlands. The web analysis of IO is conducted only via these servers.
Access to the final customer reports is possible for a very limited number of IO Employees in Ukraine and for IO customers worldwide.
No, usually all processing activities are conducted automatically by IO scripts and only on servers located in Germany and the Netherlands.
Only in rare cases of script problems (e.g., bugs), IO Employees might need to take a look at ad hoc final reports and need to access the servers to solve technical problems. In these cases, such employees might review also personal data included in the reports.
IO already has implemented best practices on IT level standards to protect data in general, and personal data in particular.
IO also is conducting several IT security tests in order to audit and evaluate potential security issues on a regular level.
IO has in place sophisticated and adequate security measures, both on the organizational and technical side to protect personal data, to be compliant with the requirements of the GDPR.
IO has in place sophisticated and adequate security measures, both on the organizational and technical side to protect personal data, to be compliant with the requirements of the GDPR.
Based on this, IO has, e.g., among others, the following organizational and technical security measures in place:
The recipients are IO customers only.
A transfer from IO servers inside the EEA to recipients outside the EEA is possible when IO customers are located outside the EEA, and when they access IO reports, in rare cases, also including personal data.
For these purposes, IO concludes contracts and has in place other safeguarding measures to protect the transfer from its servers in the EEA outside the EEA. The safeguard measures are in line and in compliance with the GDPR requirements.
The legal basis for all processing actions is a contract between IO and its customers.
IO customers provide IO with data of their own clients, and individuals, who are in the service of such customers, provide their personal data when registering on this Website. IO has contractual clauses with its business partners in place that foresee the compliance with the GDPR.
IO completely fulfills its obligations, existing under the GDPR.
Yes. Every data subject has the right to withdraw its consent. As for data subjects, whose personal data are provided to IO by its customers, such withdrawal of consent needs to be filed with the controller of the personal data. But IO can support the data subject to forwarding this request to the responsible data controller.
Yes. Every data subject has the right to access its personal data. As for data subjects, whose personal data are provided to IO by its customers, such request needs to be filed with the controller of the personal data. But IO can support the data subject to forwarding this request to the responsible data controller.
Yes. Every data subject has the right to request the erasure of its personal data. As for data subjects, whose personal data are provided to IO by its customers, such request needs to be filed with the controller of the personal data. As to personal data of EU citizens, IO only acts as a data processor. But IO can support the data subject to forwarding this request to the responsible data controller.
IO stores personal data of EU citizens in connection with the contractual obligations it has towards its customers. This can differ on a case by case basis. Nevertheless, IO is fulfilling the principle of data minimization and its obligations under the GDPR also with regard to data storage.
When IO acts as a Data Processor, data subjects whose personal data is processed by IO is limited to users of websites of IO customers.
When IO acts as a Data Controller, data subjects whose personal data is processed by IO is limited to individuals, who both have a relevant and appropriate relationship with IO customers and who are users of the IO Website.
IO does not collect information about the age of data subjects at all. IO is also not responsible for the website construction of the customer’s website. However, if IO understands that it processes personal data of children, special data protection measures are in place.
No. Automated processing does not lead to automated decision-making, and it does not have the significant impact on data subjects’ rights, as personal data is only used for analytical reports for IO customers.
When IO acts as a Data Processor, the controllers of the personal data are the IO customers.
When IO acts as a Data Controller, the controller is IO itself.
No.
EU Representative:
Esterson Limited
Limassol, Cyprus
Data Protection Officer:
Mr. Den Golotyuk
Kiyv, Ukraine