How do we collect and process personal data
As part of offering our services, Plumbr may collect and process personal data of the end users of our customers’ digital services. In the terms of the GDPR (the European Union General Data Protection Regulation), Plumbr acts as a Data Processor, while our customer is the Data Controller of said data.
In our day-to-day activities we fully comply with the EU and Estonian Data Protection laws and regulations, including the Estonian Data Protection Law, the GDPR and other relevant legislation. The goal of this guide is to be transparent about the processes that we have set up internally at Plumbr, so that you as a Data Controller can verify that we act responsibly with the personal data that you and your end users entrust to us.
Which Plumbr customers does this apply to
The GDPR only applies to our relationship when:
- You are using the Plumbr Cloud services. If you use Plumbr On-Premises, then Plumbr will not be the Data Processor and GDPR will not apply.
- You choose to identify end users (see below)
- You choose an identifier that reveals to us the identity of the end users (name, e-mail address, phone number, etc)
What kind of personal data do we collect
By default, the data that Plumbr collects is anonymous. We collect data about end user interactions with the monitored digital services, but we do not identify the end user. We also do not collect data that would allow anyone to identify the end user (e.g. the IP address).
However, our customers can opt for identifying end users in order to get more value out of using Plumbr. In such case all user interactions will be linked to the identity (username) that you provide to us. You are free to choose any identifier that you please – for Plumbr, the identifier is just a label. We prefer identifiers that do not reveal the identity of the end user to us, for example an internal customer ID. In such case Plumbr data will be pseudonymous and anyone who has access to Plumbr data will not be able to know the identity without having access to the mapping between the identifier and the end user. This will allow you as the Data Controller to reduce the risks of subcontracting data processing activities to Plumbr.
However, you may also use an identifier that classifies as personal data (e.g. name, e-mail, phone number, etc). In such case the GDPR starts applying to Plumbr as well.
Regardless of the type of user identifier that you choose, we will process the data according to the internal data processing rules laid out below.
Note that you must not send us any other personal data. Sometimes, personal data can end up being sent to us accidentally, as part of another data object. Such data objects include:
- URLs of the pages of monitored applications
- User Interface element labels (buttons, links, dropdown choices)
- Error messages
- Database queries
- URLs of third-party or internal web services
When we discover that you send us personal data in the above unintentional form, we will notify you and ask you to stop sending that data. In most cases, we can offer you a way to anonymize the data on the fly without changing the way your application is built. However, in some cases changing your application’s technical implementation might be necessary.
Under no circumstances may you send to us any sensitive personal data as defined by the GDPR (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation, genetic or biometric data etc) or data relating to criminal offences and convictions. If we discover that you send us such data and do not stop sending such data, we may be forced to delete your account.
How do we collect personal data
The user identity is collected by the Plumbr browser or Java agent. The technical rules for how you can pass the user identifier to us are described in the Identifying users section of the Plumbr manual.
The Plumbr browser agent collects the user identity in the location of the end user using your application. The Plumbr Java agent collects it from your servers in the location of your server. The data is then sent to the Plumbr servers in Ireland (see below).
The data is transferred from the Plumbr agents to the Plumbr servers via an encrypted HTTPS channel. Before sending the data to our servers, the Plumbr agent and Plumbr server verify that they are talking to each using specific verification keys in order to minimize the risk of a Man-in-the-middle attack.
Where and how do we process and store personal data. Does personal data leave the EU?
All the processing of the personal data takes place on Plumbr servers that are hosted by the Amazon Web Services and located in their data centers in Ireland.
Given the limited sensitivity of the data we collect, we have decided not to encrypt data during storage and processing. Instead, we limit access to data with organizational and legal measures (see below).
All the data processing and related activities (including backups) are carried out in the data center in Ireland, and the data never leaves the borders of the European Union.
Do we share the personal data with subcontractors and what kind of policy do they have for processing the data?
Yes. Amazon Web Services is hosting the servers where we process the data. Their legal name is Amazon Web Services EMEA SARL. The terms of hosting and processing of personal data are governed by their Data Processing Addendum, which is baked into the AWS Service Terms.
Secondly, if you write to our support and disclose any customer data, the data will be processed by our subcontractor HubSpot. Their data processing and protection rules can be found here.
As Data Processor, we do not share the personal data entrusted to us by our customers with any other subcontractor.
What is our data retention policy
All personal data (including all data that may include accidentally received personal data as described above) is kept for 90 days, after which it is deleted. If needed, we can configure a shorter retention policy on a per account basis.
The same applies when our service contract ends. All data collected from you (including personal data) will be deleted within 90 days of the termination of the contract.
Who has access to the data
In addition to subcontractors, our own team members access the data in order to provide our services to our customers. We carefully observe who has access to our customers’ data and make sure that the level of access corresponds to their role in the company. The list of roles that have access to customer data:
- Support team and account managers (for the purposes of answering our customers’ questions, and for providing help with using our services)
- IT administrators (to make sure that our services technically work at the level of quality that we strive to provide)
- Engineers (limited access to assess the quality of the service that we provide and troubleshoot any customer-specific edge cases)
Our internal data access rules govern the procedure for accessing the data. In addition to training, we also deploy different levels of technical safeguards (requiring login, VPN access, physical location in our officess, etc) to make sure that risks of privacy breach is adequately mitigated.
All Plumbr employees who have access to our customers’ data understand the responsibility of keeping the data secure. All our employment contracts include confidentiality clauses with adequate measures for contract breaches as allowed by the law.
Data subject rights
As the GDPR stipulates, the data subjects (that is, the end users of the digital service that you monitor with Plumbr) have some specific rights related to the personal data that you collect about them. As the Data Controller, you are responsible for making sure that they can exercise these rights. Here’s how we help as a Data Processor you to fulfill your obligations to the data subject:
- Right of access. If the data subjects wants to know if you collect data about them with Plumbr, you can find out by using the search form in the user list (log in at app.plumbr.io -> Go to list of applications in the menu -> Choose a the monitored application -> Switch to “Users” tab)
- Right to rectification. If the end user’s identifier that is passed to Plumbr is incorrect, you need to fix it in your own application and just send to Plumbr the right ID.
- Right to be forgotten. If the end user asks you to forget their data, we will remove the identity from the user interactions linked to that identity. In order to carry this out, just send us a request by e-mail to email@example.com
- Right to restriction of processing. You need to carry out the required actions in your application, and make sure that you don’t send to Plumbr the identity of the specific end user. If your end users chooses not to use any cookies, your application can instruct Plumbr not to track the given user (see here for a technical description).
- Right to be informed. You should disclose to your end users (and if needed, get their consent) that you collect information about their interactions with your application and the technical quality of your applications responses.
- Right to data portability. While we don’t see a practical way to import the data that we have collected about the end user’s interactions with your application into another service, you can still download the data that we have about a specific end user’s interactions. Just navigate to the list of end user’s failed or slow interactions and click on the “Download CSV” button.
Data breach notification
We follow internal guidelines to safeguard our data stores and to minimize the risk of any leakage. Should we discover a breach of personal data, we will notify the respective Data Controller without undue delay, but not later than 48 hours of the discovery of the breach. The notification will be sent to the person who created the Plumbr customer account, or the administrative contact provided to us by the customer.
What is the legal basis for Plumbr storing and processing personal data?
If you are a customer of Plumbr, our relationship is governed by our general Terms of Service or in some cases a specific service agreement. In addition to the general terms, we encourage customers who process personal data governed by GDPR to also sign a Data Processing Agreement with us. In order to sign the agreement, simply notify your account manager or write to firstname.lastname@example.org and we will coordinate from there.
Where can I get more information
If you need more information, you are welcome to ask questions by e-mail at email@example.com.