When you use WebMaxy to record and collect data from your site, WebMaxy takes on the role of the Data Processor. This means WebMaxy is processing data on your behalf whereas you are the owner and Controller of the data.
As the Data Controller, you are principally responsible for (among other things) collecting consent, managing consent-revoking and enabling right to access. WebMaxy’s Data Processing Agreement specifies the obligations of both parties, you the Controller and WebMaxy the Processor.
- What counts as “personal data”?
- How might I be capturing personal data with WebMaxy?
- How can I know what data I have on any specific user?
What counts as “personal data”? #
According to the GDPR, personal data is any information relating to an identified or identifiable individual, which could mean any information that could be used either on its own or in conjunction with other data, to identify an individual.
Unless clear and advance consent has been given by the individual or end-user, WebMaxy’s behavior tools should not be used to monitor personally identifiable information that would allow you to gain insight into individual user behavior. For more information about this read WebMaxy’s Acceptable Use Policy or How to use WebMaxy in a GDPR compliant manner.
How might I be capturing personal data with WebMaxy? #
There are two types of personal data you can send to WebMaxy:
- You can passively send personal data to WebMaxy if personal data is embedded in the page content of your website when using Sessions Recordings, or in Heatmap screenshots. For example, you may have a profile page for your site containing a user’s personal information. This content will appear in your site content unless you take steps to suppress it.
User keyboard input (e.g. form inputs) is suppressed by default, and will only appear in Sessions Recordings if allowed.
- You can actively send personal data (e.g. email address, user ID, purchase data, etc.) to WebMaxy using WebMaxy’s Identify API. This feature is optional.
How can I know what data I have on any specific user? #
In the event you’ve gathered consent to associate data about a user using a Feedback Widget or over the Identify API, you can use WebMaxy’s User Lookup features to find and delete personal data about your user that WebMaxy may have processed.
Visitors Lookup does not inspect HTML content within Sessions Recordings or Heatmaps #
Session Recordings associated with user records via email addresses or User IDs will be found. Unassociated Recordings or Heatmaps that contain personal information in HTML must be found and deleted manually. It’s best to use content suppression to prevent this.