If your company obtains your users' consent in compliance with the local regulations, make sure to pass the GDPR opt-in field to Insider One. If you want to stop collecting and processing the data of an identified user, GDPR opt-in field should have the false value. Insider One cannot be held liable if these obligations are not fulfilled and reserves the right to seek compensation from your company.
Is Insider Mobile GDPR Compliant?
First, GDPR compliance is not Insider One’s responsibility. As the data collectors, customers are mainly responsible for collecting data with users' consent and sending it to Insider One, their data processor. As the data processor of its customers, Insider One is responsible for providing the necessary tools to help its customers manage that data. Insider One has provided the necessary tools for its customers.
How does GDPR compliance work for apps?
The main purpose of GDPR is to prevent the collection of Personally Identifiable Information (PII) without users' consent. It requires app owners to explicitly obtain users' consent before collecting data. This means not simply adding an article to the Terms and Conditions, but providing a clear toggle or checkbox that explains what data the app collects and with whom it shares it.
Apps can no longer prevent users from using the app if they disable data collection. This setting also cannot be hidden in the app. It should be clearly described and visibly presented to the user.
How does Insider One’s Mobile SDK handle GDPR?
Insider One’s Mobile SDK automatically collects some device information without any additional integration. Some of this information is considered Personally Identifiable Information (PII).
Insider One introduced a GDPR method in the SDK. Customers need to use this method wherever they ask users for consent to collect and share information with us (the data processor). If the user does not give consent, the SDK is disabled and will not work at all. Insider One will not collect any information and that user will not exist in our database.
What happens when a user removes consent later?
If a user revokes consent later, the SDK sends this information to Insider One. The SDK will no longer function until consent is given again. All PII information related to that user is removed from Insider One’s database.
How does Insider One handle the "right to be forgotten"?
If a user wants to be forgotten, customers should delete that user in every tool they use. To support this, Insider One has developed a Delete User Profile API that helps customers delete any PII related to that user.