Narratiive is committed to the privacy of individuals, the security of personal data, and compliance with the European Union’s General Data Protection Regulation (GDPR), which is effective from 25 May 2018.
Disclaimer: This article is provided for your general information and is not intended to provide legal advice. To understand the full impact of the GDPR on any of your data processing activities please consult with an independent legal and/or privacy professional.
About the Regulation
The GDPR is the most significant change in European Union data privacy regulation in 20 years.
The regulation applies to organisations, located both inside and outside of the European Union (EU), who offer goods or services to, or monitors the behaviour of, EU data subjects (i.e. EU citizens, residents and visitors). The regulation applies to all organisations processing and storing the personal data of data subjects, regardless of the organisation’s location.
We are actively working to ensure our processes and systems meet the requirements of the GDPR and we aim for compliance by the enforcement date.
Individuals should have easy access to information about Narratiive’s data practices, including the data that we collect, what we use it for, and with whom we share it. Individuals should also have informed choice over the data that we collect about them.
A Data Protection Officer (DPO) has been appointed and we are developing personal data audit trails across our entire technology stack. These audit trails will be made available to supervisory authorities upon request.
We are in the process of rolling out our GDPR compliance strategy. We understand that our clients have requirements under GDPR that impact their use of Narratiive and we are committed to helping them fulfil their requirements.
Narratiive as a Data Processor
Narratiive is considered a data processor when our clients use our services to store and process information about their data subjects (e.g. visitors to their website).
Narratiive as a Data Controller
Narratiive is considered a data controller when we collect information directly from data subjects. Examples of activities we perform as a data controller include:
- Collecting anonymous demographic survey responses (which may include IP address and cookie IDs).
- Recording names, email addresses, and billing details of dashboard users.
Under the GDPR personal data includes IP addresses and cookies. To ensure compliance with the regulation, any data collected from Europe-based data subjects are immediately deleted.
Narratiive complies with the GDPR by anonymising IP addresses collected from these visitors, setting the last octet to 0 (i.e. 138.223.31. 167 becomes 22.214.171.124). This allows for high level, anonymous geolocation while the underlying data cannot be used to refer back to an individual.
We continue to set, record and process cookies for the purposes of reporting on unique browsers and unique visits to client websites. This is regarded as a legitimate purpose for processing as our clients need to understand their overall audience size and composition to effectively provide their services.
We are rolling out tools to comply with Article 17, the right to erasure (‘right to be forgotten’) and Article 20, the right to data portability. The efficacy of these tools is dependent on the visitor maintaining persistent cookies on their devices. For example, if a visitor clears their cookies, we have no mechanism to implement their right to be forgotten, as the cookie is the only identifier we store.
Narratiive will continue to provide updated materials to our clients and measured audiences regarding our compliance with the GDPR.
Supporting Client Compliance
Our publisher clients may adopt the following suggested text to describe the data collected and processed by Narratiive, on their behalf, and the purpose of the data collection. Remember that you must seek consent from your visitors before placing, or allowing a third party to place, a cookie on their device.
Publishers Using Narratiive Dashboard Services
Narratiive provides analytical information about visitors based in the Middle East and Africa. Narratiive collects data on traffic, engagement and audience profile. The data provides insights into aggregate traffic and audience allowing comparison with other websites. These insights may be used for sales pitches, marketing strategy, editorial, business, and product development.
Publishers Taking Part in the Data Co-operative
Our site is part of a data-cooperative, operated in the Middle East and Africa by Narratiive. Narratiive collects data related to the types of content our visitors consume. This data is anonymised and shared with ad targeting platforms which ensure people see ads that are relevant to them. Companies the data is shared with include Google DBM, MediaMath and The Trade Desk.
For further information you may get in touch with our DPO by emailing firstname.lastname@example.org.