At Cookie Information, we prioritize your data protection and compliance needs. With advancements in tracking technologies, such as server-side tracking, our consent log data used for documenting valid consent can, in some cases, be linked to analytics data stored within our customers’ analytics solutions. It’s only possible if customers link the data, not Cookie Information. This data may be considered personal data under the General Data Protection Regulation (GDPR).
When Cookie Information stores or processes personal data on behalf of our customers, we are considered data processors in a data protection context. That’s why it is now necessary for our customers to enter into a data processing agreement (DPA). The DPA is needed if you evaluate that you can link analytics data and consent log data. This usually happens if you use server-side tracking.
This article will explain what a DPA is, why it’s important, and how you can manage it easily with Cookie Information.
What is a data processing agreement (DPA)?
A data processing agreement (DPA) is a legal document under GDPR that defines the responsibilities, obligations, and protections involved in handling personal data. This binding agreement is signed between the data controller and the processor. DPAs are required when a data processor handles data on behalf of a controller.
Crucial aspects of a DPA involve:
Defining scope
Rights and responsibilities
Technical measures
Sub-contractual relationships
Annexes detailing security measures and sub-processors
Why a DPA is important
The DPA ensures that Cookie Information, as a data processor, handles your customer and users data in compliance with GDPR and other relevant regulations.
When you sign the DPA with Cookie Information, we guarantee that both your data and your users' personal data will be handled securely and in line with the privacy laws.
Who the DPA affects
The DPA affects all Cookie Information customers who use tracking technologies and link consent data to other analytics data as this data may be considered personal data under the GDPR.
What you need to do
You don’t need to do anything.
If you became our customer after August 8, 2024, your DPA was included in the contract and terms of service you signed with us.
If you became our customer before August 8, 2024, we’ll send you an email with all the details about the upcoming changes and inform you that we’ve added the DPA to your contract and terms of service.
How this affects my current service
No worries, your service won’t be interrupted. The DPA simply formalizes our commitment to data protection and GDPR compliance.
If you need a signed DPA, you can download it here.
If you have any questions about the Cookie Information data protection agreement, reach out to us at support@cookieinformation.com.