Snoobi Privacy-Secure Tracking on Clients' website


Background

We regularly receive questions on GDPR rules and (Snoobi) analytics.


 
Below are the reasons why using Snoobi would be allowed to be used as a default selection. However, note that this still requires to make statements about the use of the Snoobi cookies and it is advisable to present the visitor with the option to completely opt-out. Details can be found on our support site at https://support.snoobi.info
 Snoobi has the option to set Cookies to 'False' in which case no cookies are set other than session cookies.

 

Secure access

  • Data is collected for the specific client only, only employees, agreed Snoobi Partner contact and customer has access.
  • All access is logged and maintained in the European Union, and for all Finnish clients exclusively within our datacenter in Helsinki, Finland

Secure and anonymized tracking

  • As a service option Snoobi can create a specific solution for any client if visitors never want to be tracked by Snoobi (note that this sets a cookie).
  • Snoobi can disable the option for the client to make a mistake in setting up the Snoobi code and allow cookies other than session-cookies.
  • The data collected can never be traced back to an individual:
    1. Snoobi doesn't do any form of fingerprinting
    2. No trace of Snoobi is stored after the session. All Snoobi cookies that are set during the session are removed by the browser when the session has ended.
    3. There is no unique visitor ID, every visit is unique with a random ID and times out after 30 minutes of inactivity or closing of the tab/window of the browser.
    4. Any IP-addresses are anonymized.
    5. Snoobi doesn't store system-specific items other than generic browser type, language, operation system and version.

 

Secure data collection and retention.

  • All data collected remains within the European Union, or specifically in Finland for Finnish clients.
  • In the unlikely event a cookie IS stored the visitor can request insight and to be removed from Snoobi.
  • No data is ever shared with 3rd parties without explicit consent.
  • Snoobi has stringent security measures for the secure storage and use of client's data.
  • On request, Snoobi can shorten the data retention of detail data to a specific time period, the standard is 25 months (with longer data possible as an archive).
  • We can arrange that at the first claim by the client all data (or all data for a selected time period) is removed.

 

Low Risk

Why using Snoobi is a low-risk area (if used correctly):

  • Most local country privacy regulation bodies specifically mention that analytics is allowed under strict privacy rules.
  • As Snoobi cannot identify any individual, it would be impossible for an individual to take legal action as there is no proof of that individual accessing a site.
  • It would be advisable to clearly state what information is kept, the reason why and still give anyone an option to not be tracked.
  • There's a legitimate interest to anonymously analyse site behaviour to allow for site improvement.
  • Albeit still in a final discussion phase, the ePrivacy proposal states that anonymous analytics is allowed.
  • Most country - public sector and government sites have some form of analytics as there is also a requirement to conform to usability and that could not be analysed without analytics.
  • Even when there would be a complaint (but how that could be is difficult as there is no traffic trace), we can reverse our actions and remove data if needed.