Paddlewaver takes the privacy of our developers and their end-users seriously. We know that user data is important to our developers’ values and operations. That is why we are taking measures to support our partners’ compliance with EU data protection requirements, including those set forth in the General Data Protection Regulation (“GDPR”), effective May 25, 2018.

For more information, we encourage our customers to read through the resources provided below.

What is GDPR?

The General Data Protection Regulation (“GDPR”) is a new European privacy law that is set to replace the current EU Data Protection Directive (“Directive 95/46/EC”). The GDPR is intended to strengthen the security and protection of personal data in the EU.

To whom does the GDPR apply?

The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.

Is Paddlewaver a controller or processor?

Paddlewaver is a “Controller” with regard to the personal data that we process of European data subjects. Paddlewaver relies on its publishers to have the appropriate legal grounds or consent for Paddlewaver to process such data.

We have a dedicated team working on GDPR compliance to implement appropriate measures by May 25th, 2018.

What data does Paddlewaver collect through its advertising service?

Paddlewaver collects data (including device ids and IP addresses) to optimize our in-app advertising network and to enhance performance and targeting. Also, Paddlewaver may collect post-install events associated to its customers’ users.

What are Paddlewaver’s data transfer practices for data transferred outside of the EU?

Paddlewaver is certified for the EU-US and Switzerland-US Privacy Shield Frameworks.

How does Paddlewaver plan to handle requests from EU users (data subjects) of partners under the GDPR?

We value our partners and intend to help them in their obligations to their users under GDPR. Additionally, our privacy policy describes options consumers have for managing their data and opt-out choices.

Does Paddlewaver have a record of processing activities and is this record of processing activities regularly recorded and updated?

Yes. Paddlewaver maintains an internal record of processing activities that is updated regularly by a dedicated, cross-functional team.

What technical and organizational measures does Paddlewaver have in place to secure user data?

Paddlewaver has developed security measures and protocols. An overview of Paddlewaver’s security policies and measures may be obtained under a Non-Disclosure Agreement (“NDA”) in specific cases.

How can Paddlewaver publishers prepare for GDPR enforcement?

Paddlewaver encourages publishers to begin preparing for the GDPR by reviewing their privacy and data security processes and policies to ensure compliance by May 25, 2018.

How does the Paddlewaver SDK register user consent for the use of personal data?

Publishers should call the “setPIDataUseConsent” API from the Paddlewaver SDK and pass in the appropriate value for whether consent exists, does not exist, or is unknown. Publishers are required as part of Terms of Service to obtain the consent from their users before Paddlewaver will process any personal data and pass it to the Paddlewaver SDK via the above method.