GDPR FAQ

GDPR Background

Triblio is committed to protecting the privacy of its customers and their users.  In conjunction with European Union legislation of the General Data Protection Regulation (GDPR), we want to ensure our customers are confident Triblio is able to uphold those standards.

The GDPR applies to any organization who is marketing and/or tracking behaviors of those within the EU and EEA.  If you are processing any personal data of Europeans, this legislation applies to you.

The two key elements to the GDPR is consent from the individual which expressly gives you permission to process their personal data and accountability to prove compliance.  

Triblio as a Processor

What data does Triblio collect?

Triblio collects IP addresses, email, and cookies of individuals coming to the website.  Details on the collected data can be found in Triblio's Privacy Policy.

Where is collected data stored?

The United States

How is data transferred between the EU and the US?

Data is transferred securely on SSL connections between the EU and the US under the EU Privacy Shield.

Triblio is a member of the EU Privacy Shield

What data is collected from integrations with marketing automation and CRM integrations?

Data from CRM and marketing automation is stored in Triblio based on the configurations selected by the user.  If those configurations are removed, the data is removed from Triblio. 

How is the data secured by the processor?

All data in Triblio using industry standard encryption practices at the row and database level.  Further details on how Triblio handles sensitive data is available in the SOC-II Audit Report.

How can an individual opt-out of Triblio tracking?

Triblio's opt-out policy is described in our Privacy Policy.  An automated opt-out is also available.

How long does Triblio hold client data for? 

Triblio holds customer data for the term of the arrangement.  Encrypted backups are subsequently held for a two week time period.

In the event of a terminated relationship, how can the data be retrieved?

In the event of termination, Triblio will delete all customer data.  Upon written request made within thirty days of termination, Triblio will provide temporary access to the platform to retrieve Customer Data. After thirty days, Triblio will delete all Customer Data in its possession or control.

Who can access Triblio's data from the controller?

Users with accounts into the platform.

Who has access to clients data at Triblio?

Accessing customer data is not permitted under Triblio Employee policy.  Access to customer data is only permitted when requested by the customer to resolve an issue. 

What security certifications are in place?

Triblio performs an annual SOC-II Type 2 Audit.

Anonymizing IP Addresses

IP Addresses are listed as a type of Personal Data in the GDPR and ICO guidance. Triblio protects customers from utilizing IP addresses in targeting for advertising in Europe by removing the final digit from an address before utilizing it for targeting prospects or customers. Therefore no prospect or business in the EU/EEA is ever targeted by a single IP address, i.e. Personal Data. 

If you have more detailed questions about GDPR regulations, please email them to erin@triblio.com