"What is the GDPR and who does it apply to?"

"The General Data Protection Regulation (GDPR) is an EU regulation designed to protect personal data and privacy for individuals in the EU and EEA. It applies to any organization processing personal data of individuals within these regions, regardless of the organization's location."

"How does URLsLab ensure GDPR compliance?"

"URLsLab by Quality Unit implements robust data protection policies, technical safeguards, and transparent processes to comply with GDPR. Data is securely stored in the EU, user rights are respected, and subprocessors are regularly audited for compliance."

"How can I request access to, correction, or deletion of my personal data?"

"Subscribers can request access, correction, or deletion of their data at any time by contacting support@urlslab.com. Data deletion requests are processed within 1 business day."

"Where is my data stored and who can access it?"

"Data is stored in a secure European data center in Germany (Akamai Connected Cloud). Access is limited to authorized personnel and only granted with the subscriber’s prior approval."

"What security measures are in place to protect my data?"

"URLsLab uses HTTPS encryption, secure credential storage, and restricts API access to authenticated users. Regular technical and organizational measures are implemented to safeguard all personal data."

GDPR policy

URLsLab by Quality Unit is committed to GDPR compliance, prioritizing user privacy, data security, and transparent data processing practices for all users.

At Quality Unit, safeguarding your privacy and ensuring compliance with data protection regulations is paramount. We are committed to transparency, security, and adherence to the General Data Protection Regulation (GDPR) standards, which became enforceable on May 25th, 2018, to protect the personal data of our users.

Definitions

Quality Unit: Refers to Quality Unit, s. r. o., the company providing the Service.
GDPR: General Data Protection Regulation.
Service: Refers to the URLsLab WordPress plugin, along with associated tools, services, and content provided by Quality Unit.
Subscriber: Refers to the user accessing or using the Service, whether as an individual or on behalf of a legal entity.
Personal Data: Refers to any information relating to an identified or identifiable natural person (‘data subject’); as defined by Regulation (EU) 2016/679.
Data Controller: Refers to a person or entity determining the purposes and means of personal data processing.
Data Processor: Refers to a person or entity processing personal data on behalf of the controller.
Subprocessor: Refers to third-party entities engaged by Quality Unit for data processing on behalf of the Subscriber.
Processing: Refers to any operation performed on personal data, such as collection, organization, storage, and erasure.
Account Owner: The account holder with full access to account management, billing, and system settings.

Description, Scope, and Commitment

Understanding GDPR: GDPR is a legal framework by the EU to enhance data protection and privacy for individuals in the EU and EEA. It regulates personal data processing and imposes obligations on organizations.
Scope of Application: Quality Unit processes personal data on behalf of Subscribers and ensures GDPR compliance in handling such data.
Commitment to GDPR Compliance: Quality Unit has implemented robust data protection policies and technical safeguards since GDPR enforcement in May 2018.

Data Processing of Customer Support Interactions

Data Processed: Includes names, addresses, phone numbers, emails, IP addresses, product usage, geolocation data, and more.
Data Sources: Information is collected directly from Subscribers or publicly available directories.
Purpose: Data is processed for marketing and customer support services.
Duration: Consent for data processing is valid for the Service duration and up to five years post-termination.
Subprocessors: Selected subprocessors ensure high privacy and security standards.
Subscriber Rights:
- Right to access data.
- Right to correct inaccuracies.
- Right to data erasure (‘right to be forgotten’).
- Right to restrict processing.
- Right to data portability.
- Right to object to processing.
- Right to contact data protection authorities.

To revoke consent for data processing, contact support@urlslab.com.

DPO, Compliance Team, and Formal Verification

Data Protection Resources: A dedicated Data Protection Officer and internal team oversee GDPR compliance. Direct inquiries to support@urlslab.com.
Formal Verification: Subscribers can download the data protection addendum and include company details for verification.

Data Storage and Access

Storage Policy: Data is retained during Service usage or until a deletion request is submitted. EU data is hosted in Germany via Akamai Connected Cloud.
Access: Granted only upon Subscriber request or approval, and limited to support, development, or marketing teams.

Data Removal and Subprocessor Management

Data Removal: Subscriber data is deleted within one business day upon request.
Subprocessors: Quality Unit ensures subprocessors comply with data protection regulations. View the list of subprocessors.

Safeguards Implementation and Operations Processing

Technical and Organizational Measures: Extensive safeguards were established before GDPR enforcement, including incident response protocols and data protection enhancements.
Operations Processing: Measures ensure reliable services and compliance with regulatory standards.

Data Subjects, Categories, and Cross-Border Transfers

Data Subjects: Individuals or businesses sharing data with Quality Unit or its Subscribers.
Data Categories: Includes names, business details, emails, phone numbers, IP addresses, timestamps, and browser cookies.
Cross-Border Transfers: Limited to EU or US jurisdictions.

Security Measures for Subscribers

HTTPS Encryption: Ensures secure data exchange via HTTPS protocol.
Credential Storage: Adheres to best practices for secure credential storage.
API Security: Access to the REST API requires authentication via username/password or API tokens.

Service Data Deletion: Subscribers can request deletion of personal data, including accounts and chat history.

Account Ownership Control and Deletion

Service account owners maintain full control and can request account deletion by contacting support@urlslab.com.

Frequently asked questions

What is the GDPR and who does it apply to?: The General Data Protection Regulation (GDPR) is an EU regulation designed to protect personal data and privacy for individuals in the EU and EEA. It applies to any organization processing personal data of individuals within these regions, regardless of the organization's location.
How does URLsLab ensure GDPR compliance?: URLsLab by Quality Unit implements robust data protection policies, technical safeguards, and transparent processes to comply with GDPR. Data is securely stored in the EU, user rights are respected, and subprocessors are regularly audited for compliance.
How can I request access to, correction, or deletion of my personal data?: Subscribers can request access, correction, or deletion of their data at any time by contacting support@urlslab.com. Data deletion requests are processed within 1 business day.
Where is my data stored and who can access it?: Data is stored in a secure European data center in Germany (Akamai Connected Cloud). Access is limited to authorized personnel and only granted with the subscriber’s prior approval.
What security measures are in place to protect my data?: URLsLab uses HTTPS encryption, secure credential storage, and restricts API access to authenticated users. Regular technical and organizational measures are implemented to safeguard all personal data.

Ensure Your GDPR Compliance

Discover how URLsLab’s GDPR-compliant tools help you manage data privacy, user rights, and secure your website’s data.

Visit URLsLab Plugin Contact Support