1. What is GDPR?

The General Data Protection Regulation (“GDPR”) is the primary law regulating how companies protect EU citizens’ personal data which went into effect on May 25th, 2018. The GDPR:

  • Strengthens and regulates user data privacy across the EU.
  • Gives citizens broader rights and control over their data.
  • Requires compliance from all organizations that handle EU citizens’ personal data, regardless of which country the organizations are registered.

2. Is Linkfire GDPR compliant?

Yes. Linkfire had been preparing for GDPR almost two years prior to the deadline and was fully compliant before May 25th.  Linkfire has distributed updated Terms & Conditions explaining how we use and protect Personally Identifiable Information (PII) while fulfilling our duties as a Data Processor. For more information, please view our Privacy Portal or contact privacy@linkfire.com.

3. How has Linkfire prepared for GDPR?

Linkfire is committed to protecting customer data and privacy. We take our obligations regarding data compliance seriously and transparently. Like many cloud service providers, we have reviewed our data protection program and made adjustments to ensure compliance with GDPR prior to May 25th, 2018. Linkfire’s ongoing commitment to data protection is evidenced in a variety of ways: Security

  • Linkfire only uses trusted and certified compliant data-centers. Both AWS and Azure carry with them certifications, including ISO 27001 and SOC.
  • Linkfire is continually investing in our own and our partners’ security infrastructure.
  • Linkfire is currently in the process of obtaining a SOC-2, Type II report, anticipated to be completed within 2020.

Data Handling

  • Linkfire is and has been certified with the EU-US Privacy Shield since 2017.
  • All data is encrypted in transit using TLS 1.2, and at rest using industry-standard AES-256.

Linkfire published an extensive Privacy Policy in 2017 covering:

  • FAQs for everything privacy related.
  • Centralized Opt-Out from all data collection.
  • Dedicated privacy support contact.
  • Children’s data policy.
  • Cross-border data transfer policy.
  • Third party independent dispute resolution.
  • Our Data Protection Officer.
  • All Pixel partners working with Linkfire.

Read our Technical and Operational Measures.

4. How does Linkfire account for consent?

Linkfire has redesigned the consent method to collect and treat personal data to comply with the latest regulations. The new consent flow empowers users with:

  • Giving or withdrawing consent to tracking.
  • Granular control over which tracking entities are accepted.
  • Additional disclosures over what the cookies used for and by whom.

The new consent flow features:

  • dynamic display of different disclosures and user flows according to the country the user is navigating from.
  • Advanced logging for consent given and withdrawn in compliance with GDPR’s data subject rights.
  • Subject Access Request system allowing users to exercise their GDPR rights.

Explore more within the Privacy Portal

5. What types of customer data could be collected?

Personally Identifiable Information (PII) is information that can be used on its own or with other information to identify, contact or locate a single person, or to identify an individual in context.General examples of PII are:

  • First and last names
  • Email addresses
  • Financial records
  • Credit card numbers
  • National insurance/SSN numbers

Data collected by Linkfire can be found in our Privacy Policy

6. Does Linkfire offer a protection agreement between processors and controllers?

We have a standard Data Protection Agreement that we enforce in connection with our MSA, Privacy Policy, and TOMs. Review each here:
Data Protection Agreement

Privacy Policy


For more information, please contact privacy@linkfire.com.