Try it free

GDPR Compliance and Privacy

Starting in May 25, 2018, AFS Analytics will become 100% compliant with the General Data Protection Regulation (GDPR). To ensure this compliance to our customers, we have improved our infrastructure and strengthened our security protocols. The rules for using our services will also evolve and become more restrictive for free accounts. The following tentative schedule details the planned changes.

Does the GDPR sign the end of free AFS Analytics?

In order to follow the technological evolution of the analytical services and to comply with the GDPR, AFS Analytics has invested massively for 2 years in its infrastructure and in the development of its web analytics service.

The GDPR greatly increases the legal liability of site analysis providers and exposes them to record fines. For these reasons, DataSense has the obligation to restrict access to free accounts, or even remove them for legal reasons.

If you use AFS Analytics on a professional website, we strongly advise you to migrate to a paid subscription.

What you need to do today!

  • Ask consent to your users prior to use cookies. How to set-up analytic.js to comply with the European law on the deposit of cookies
  • Add the disclaimer below in your terms and condition or privacy policy. Links must be respected for legal reasons.
  • 
    In order to better serve you and improve the user experience, we are analyzing the audience of our site with <a href = "https://www.afsanalytics.com/info/105/web-analytics-how-it-works.html"> Web Analytics</a> solution: <a href="https://www.afsanalytics.com/"> AFS Analytics </a>. This service, which complies with the general data protection regulations, may save personal data (as defined by the GDPR) as a subcontractor, including a unique number consisting of alphanumeric characters identifying you. This encrypted data is saved on secure servers located in France or in Canada. Canada guarantees data protection under Articles 44 and 46 of the GDPR. No banking information is transmitted to AFS Analytics.  We are the sole owner of the personally identifiable or not information data collected on our website. AFS Analytics does not share, sell, or claim any rights to this data. The storage duration is limited to 365 days by default. You may request the deletion or modification of this data by contacting our Data Manager or <a href="https://www.datasense-analytics.com/">DataSense</a>, the company responsible for data for AFS Analytics. For collecting data, we are using <a href="https://www.afsanalytics.com/info/113/add-analytics-js-to-your-website.html">analytics.js</a>, a library developed by AFS Analytics. This library uses cookie technology. The cookies are exclusively attached to our domain name, first-party Cookies and are not shared . The data collected makes it possible to provide statistical traffic data. We are the sole owner of these cookies, and you can oppose their registration: <a href='javascript: aa("set","cookiesconsent","optout");'>Click here to opt out of AFS Analytics cookies</a>
    
  • Check the calendar of changes to AFS Analytics usage rules following the legal consequences of the GDPR.
  • Are you ready for the GDPR?
  • Calendar of changes to AFS Analytics usage rules following the legal consequences of the GDPR

    May 25, 2018

  • All personal data stored by DataSense (AFS Analytics) from its customers' sites is encrypted and stored in databases on secure servers.
  • The personal data of its customers are encrypted and secure. DataSense does not save bank data on its servers. They are managed by specialized providers in securing financial transactions like PayPal or Stripe.
  • All data processed by AFS Analytics on behalf of its customers are exclusively transferred in secure mode: https (Hyper Text Transfer Protocol Secure)
  • Our customers always own the data collected on their site. DataSense does not share, sell, or claim any rights to this data. DataSense, considered a subcontractor, only hosts this data in secure mode on behalf of its customers.
  • AFS Analytics does not use shared cookies.
  • AFS Analytics new code (analytics.js) uses only "first party cookies". That is, cookies attached to the domain name of the sites of its customers and which are accessible exclusively from their website. No other site can access these cookies.
  • AFS Analytics customers can choose how long cookies are kept, and stop using them.
  • The data is stored in Canada. Canada guarantees data protection under Articles 44 and 46 of the GDPR. Starting September 1, 2018, customers will have the opportunity to request the migration of their account to servers located in France or Europe.
  • The duration of cookies is limited to 365 days by default. AFS cookies contain only an alphanumeric identifier and no personal data is stored there. The duration can be changed by the customers.
  • IP addresses can be anonymized.
  • Starting June 1st 2018:

    Free subscriptions:

  • AFS Analytics will no longer accept the creation of free accounts for sites that do not have their own domain name.
  • All free accounts using an old tracking code should update their website pages with the new code using "analytics.js".
  • All website using the free subscription of AFS Analytics should update their privacy policy with the text (see above) provided by AFS Analytics.
  • Each free account owner will be required to fill a disclamer to limit liability of DataSense and provide the contact information of the data manager of their site.
  • AFS Analytics may stop the analysis of free sites that are not in compliance with the GDPR.
  • Paid subscriptions:

  • For European customers, a form will be available to indicate the contact details of the data manager.
  • DataSense will be able to provide its customers with a contract specifying its compliance with the GDPR as a subcontractor.

    From July 1st 2018

    Free subscriptions:

  • Service will be terminated for free accounts that did not provide the documents requested by DataSense or using a non-compliant tracking code.
  • AFS Analytics may stop the analysis of websites exceeding the traffic 100,000 pages viewed per month without using HTTPS protocol. A migration to paid accounts will be recommended for these websites .

    From September 1st, 2018

  • The owners of paid accounts will be able to request the migration of their account to European datacenter notably located in France.
  • When you open an account, you will be able to choose where the data is stored.
  • All free subscriptions will be limited to 15,000 page views per month.
  • From January 1st, 2019

  • All free accounts will have to use the https protocol.
  • Site Owners: Are you ready for the GDPR?

    On the fateful date of May 25, 2018, the General Data Protection Regulation (GDPR) of the European Union will start being enforced. Here is a small summary of things to know.

    Are you concerned?

    If you process personal data from users who are in the European Union through an audience analysis solution on your website then yes you are concerned with the GDPR whether you are based in Europe or not. However, if you have no interest in Europe, it is unlikely that you will be worried by this regulation.

    Why companies need to be vigilant:

    Companies failing to comply with rules are exposed to colossal fines.

    Which data is concerned?

    According to the GDPR, personal data is any information relating to an identified or identifiable individual, directly or indirectly. For your web analytics solution, this corresponds to all data collected from the moment these data are linked to an IP address, or another unique identifier. Personal data must be retained only if it is necessary for its original purpose, and if end users are informed of this period. If you process personal data from users who are in the European Union through an audience analysis solution on your website then yes you are concerned with the GDPR whether you are based in Europe or not. However, if you have no interest in Europe, it is unlikely that you will be worried by this regulation.

    You and your Analytics provider are required to document the following information in order to identify and record the flow of personal data circulating in your organization:

  • Use of the data collected.
  • List of data collected.
  • Location of data storage.
  • Data retention period.
  • Be transparent about the data collected

    Each company must appoint a data manager: a person, company or other body that determines (alone or jointly) the purpose and means of the processing of personal data. They must ensure that end users are informed about the data collected, the storage location and the data retention period. They must also inform them of their rights:

  • Request access to their personal data;
  • Claim their modification, removal or limitation of their treatment;
  • Exercise their right to portability of data;
  • withdraw their consent at any time;
  • Open a claim with a supervisory authority.
  • The GDPR requires this manager to answer requests from people wishing to retrieve, modify or erase the data concerning them: you must be able to carry out these operations easily, and as quickly as possible.

    In practice, what are the initiatives to take:

  • Name someone responsible for your site's data.
  • Update your legal notice or privacy policy to inform your users about the data collected and the tools you propose to remove them.
  • Use AFS Analytics tools to obtain user consent.
  • Use IP anonymization if you wish.
  • Sign the contract that binds you to AFS Analytics.
  • The data manager for AFS Analytics:

    The data manager for AFS Analytics is the DataSense company represented by Christophe Jacquet, christophe at datasense.fr

    This article is also available as PDF

    By AFS Analytics, Tuesday, May 8, 2018