GDPR & Talkwalker: 8 questions and answers
If your inbox is anything like ours, not a day has gone by in May without at least one email about updated terms of service or communication preferences. And for good reason: this week, the General Data Protection Regulation, or GDPR for short, is coming into effect.
This EU regulation affects how your personal data is handled by companies in Europe, but also elsewhere when European residents are affected. GDPR ensures the personal data of individuals in the EU is handled securely and respectfully, which will strengthen the trust in the online media and data industries in the long term, and allow us all to do credible work.
Compliance with GDPR has been and will continue to be a top priority for us at Talkwalker.
We know that understanding the legalese can be tricky. In our FAQs below, we have tried to make the new legislation as intelligible as possible, so you understand the background and the practicalities around GDPR, and how it affects Talkwalker.
Frequently asked questions
Does Talkwalker comply with GDPR?
Talkwalker has a dedicated task force in the legal, information security, product, marketing and IT departments that ensures current and future compliance with GDPR.
Internal compliance and privacy impact assessments are assured by two data protection officers (DPO) which can be reached for any questions by email at email@example.com
Who does the GDPR affect?
The GDPR law affects:
- the processing of personal data of EU residents
- the processing of personal data by EU companies
To the extent the Talkwalker service provides access to personal data of EU residents, the GDPR changes affect our customers and users of the Talkwalker service independently of their location, outside or inside the EU.
As such, all customers and users benefit from the fact that all Talkwalker processing activities are subject to GDPR, which is among the strictest data protection laws in the world.
What is personal data?
Personal data is any element that can point to a single person such as a name, an ID number or a picture, no matter if data is publicly available on the Internet or it is private information.
What personal data does Talkwalker process?
For our customers, the processing includes the email addresses, names or the tokens that we use to access the social media accounts of our customers. A full overview is given in the attachment 1 in our Data Processor Agreement (DPA) which can be found at https://www.talkwalker.com/legal/
Where is the data being processed and is the data secure?
All data is being processed on dedicated physical servers (no virtualization) in two physically separate data centers at our hosting provider in Germany, Europe. Our hosting provider is ISO 27001:2013 certified by independent auditors.
A full overview of all sub processors, including physical, technical and organizational measures taken by us and our sub processors, are specified in the attachment 2 of our Data Processor Agreement (DPA) and the individual sub processor contracts can be found at https://www.talkwalker.com/legal/
Is Talkwalker a data controller or a data processor?
We are both, depending on what we do!
Here we need to look at two aspects of our processing:
For the Talkwalker service, we crawl websites including social and web media platforms. In this context, we decide what data we collect and how and why this data is used in connection with the Talkwalker Platform. Our data collection and processing is not specific to any particular customer and is therefore logically not considered as being processed on the instructions of any customer.
Consequently, for the data that Talkwalker crawls and uses independently of any instruction by our customers, we consider ourselves a data controller under the GDPR for personal data contained on our platform, and we are committed to the GDPR compliance of any such data processing.
For the personal data input by our customers into Talkwalker, or the specific requests made by our customers on the Platform, we follow the instructions of our customers to input and process the data, some of which may be personal data. .
Consequently, for the data or requests that the customer inputs into the Talkwalker Platform, we consider ourselves a data processor under the GDPR and undertake to ensure that appropriate technical and organizational security measures are in place to protect personal data. As such, we abide by the Data Processor Agreement as required by the GDPR.
Does Talkwalker process or export personal data outside the European Union?
As data controller, Talkwalker does not itself process or export any European personal data outside the European Union. However customers may export data outside of the European Union by downloading results from the Talkwalker platform.
We may however share some of our customer personal data with our group companies which are located outside of the European Union. This allows our client support team to service you and respond to your questions in your time zones. We have put in place contractual clauses between our different group companies to comply with GDPR in this matter.
Where can I find more information?
For more general details on GDPR, please refer to
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ which provides a good overview of the new legislation.
If you have any questions about Talkwalker & GDPR, please don’t hesitate to contact our data protection officer (DPO) at firstname.lastname@example.org