GDPR Compliance & Cookie Notices Policy

GDPR Compliance & Cookie Notices Policy

  1. What data does the Veracity platform capture on our website?
    The Veracity platform tracks all activity carried out on your website by your website visitors, including mouse movement, interaction with page elements and navigation throughout the site.
    By default, without any further action, the only personal information Veracity capture, as per the current UK General Data Protection Regulation (GDPR) is the IP address of the visitor. At your specific request, the Veracity platform is also able to capture additional personal data submitted through forms on your website

  2. What’s the precise purpose of why we’re collecting the data?
    The Veracity platform collects data for two purposes:
    1) to report on journeys on the Veracity platform dashboard for our clients;
    2) for tracking patterns of behavior, for training data detection models that may indicate invalid traffic or bot activity.

  3. Where is the data stored (i.e. UK or EEA or elsewhere)?
    All data is stored solely in the UK on the Amazon Web Services (AWS) cloud. AWS UK datacentres are UK Gov validated; please click here for more information. All data is stored on encrypted drives at rest, and encrypted using TLS during communication, conforming to current security best practices.

  4. How long is the data kept?
    The Veracity platform keeps identifiable data of users of the platform (the reporting apps/apis) for 6 years after the account has been closed. After 6 years, all identifiable data is permanently removed.
    The exception to this is if our customer (an agency) or our customers’ customer (the agency’s customer) ask us to remove their account and/or data, we will permanently remove the data at that point.

  5. Does the Veracity platform use cookies to track users?
    The Veracity platform tracking system does not use cookies at all; it does not set any cookies. Instead, the Veracity platform uses browser LocalStorage. This enables the Veracity platform to uniquely track a visitor on one site, but prevents tracking of a visitor across multiple sites.
    You need to note in your Privacy Policy that you capture IP addresses on your website. If you have set-up the Veracity platform to capture other personal information, you need to note this in your Privacy Policy too.

  6. Where does Veracity fit with Cookie Consent software?
    You will have software on your website that allows users to decide what cookies to accept. Veracity is functional security software that does not use cookies; therefore it does not need to be part of this cookie consent process.
    You do not need to make reference to the Veracity platform or Beaconsoft Limited in your Cookie Policy or Cookie Notice, nor in your Privacy Policy.
    The Veracity platform does not fall under the scope of analytics in terms of GDPR due to the above and can be treated as a requirement of your site operating normally, in the interest of bot & fraud prevention.

  7. Common data due-diligence questions, answered
    1. Will the project involve the collection, storage, and/or other use of personal data?Our system is not designed to intentionally capture personal data. However, in the event that such data is inadvertently collected, it is imminently destroyed in a non-recoverable manner. Any personal data that is obtained by the system is not retained for more than two hours within our sandboxed system. Please note that ‘sandboxed’ refers to a secure environment where there is no external access to the data; only our internal automated systems may access this data. This ensures the highest level of data security and privacy.

    2. Will the project involve the processing of special category data on a large scale?
      In line with our previous statement, should any special category data be inadvertently captured, it will not be retained. It will be promptly and irreversibly erased from our system. This is part of our stringent data privacy and security measures.

    3. Does the project involve the systematic and extensive profiling of individuals?
      Our system does not profile individuals based on personal data. Instead, it focuses on profiling the behaviours of individuals. These behaviours are determined by how individuals access and interact with the website. This approach allows us to enhance user experience without compromising personal data.

    4. If yes to 3 above, for what purpose are you collecting this data?
      Our services primarily revolve around the algorithmic analysis of data, which includes both AI and non-AI methodologies. The primary objective of this analysis is to ascertain whether the observed behaviours align with known patterns of bots or humans. This approach enables us to deliver a robust and efficient service.

    5. If yes to 3 above, do you intend to use this data for a different purpose other than for which it will be initially collected?
      No we are registered with the Information Commissioner’s Office (ICO) and our Privacy Policy clearly states that we cannot engage in such practices. This is because it would necessitate individual opt-ins from every user. As we do not retain any personal data, we do not have a mechanism to request such consent. Therefore, such a scenario is not feasible within our operational framework.

    6. Do you profile vulnerable persons including children under 16 to target marketing or online services at them?
      As previously mentioned, our system does not store personal information and does not have consent to utilize the data. Consequently, the data can never be used for purposes that would require such consent. This is a fundamental aspect of our commitment to data privacy and security.

    7. Do you plan to monitor, track or observe individuals’ location or behaviour?
      Our system is designed to monitor the behaviour of individuals as they interact with the websites registered for our product. We do gather generalized location information, which may include the country and potentially the county level. However, we do not collect any information beyond what is publicly provided by Internet Service Providers (ISPs). This ensures that the information we obtain is in compliance with the General Data Protection Regulation (GDPR) guidelines prior to our acquisition. This approach underscores our commitment to data privacy and security.

    8. Do you profile individuals on a large scale?
      Our approach involves profiling user behaviours on a large scale. This is primarily done to facilitate the training of our Artificial Intelligence models. This method allows us to continually improve and adapt our services based on user interactions.

    9. Do you process biometric data (including CCTV) to uniquely identify an individual or individuals or enable such identification in combination with other data?
      Our system does not have access to any form of biometric data. Therefore, the combination or integration of such data is not within our capabilities. This is in line with our commitment to uphold the highest standards of privacy and data security.

    10. Does the project match or combine data sets from various sources to better profile individuals?
      Our systems utilizes a variety of data sources to enhance its functionality. This includes information related to the user’s browser and the results of browser tests. We also make use of publicly available IP information as outlined above. Additionally, inputs provided by users on the website are also incorporated into our data pool. This comprehensive approach allows us to provide a robust and efficient service.

    11. Is the personal data transferred outside of the European Economic Area (EEA) ?
      Our primary data storage is located in the AWS London region. This data storage practice is in compliance with the Data Adequacy agreements established between the United Kingdom and the European Union. Consequently, it adheres to the General Data Protection Regulation (GDPR) guidelines.

      Addendum to Point 11: We have a strategic development roadmap in place to support the “globalization” of our system. This means that data will be stored long term exclusively in the region where the website is registered within our system. In scenarios where data is collected from outside the European Economic Area (EEA), it will only pertain to individuals accessing your sites from those regions. For instance, if a user from the United States accesses your website, the data collected will be temporarily stored in the United States. However, within a span of two hours, this data will be relocated to the region of the site they accessed, as registered in our system.

  8. Profiling
    In the interest of security, our Web Threat Protection does not have the capability to identify the same user across different websites. With regards to Ad Fraud Protection, identification across websites specified by the customer that they have the right to connect, is possible, but only with the explicit agreement of the Data Controllers. This identification is limited to instances where users navigate from one site to another using a link on the protected websites. It does not apply when users arrive at each site organically and individually. This approach is designed to ensure the utmost privacy and security for all users while maintaining the security and fraud prevention our service offers.

    • Related Articles

    • How to Add Your Veracity Tag

      Our Bot Detection Tag is what makes Veracity unique. Veracity and Cookies – Veracity must not be part of your cookie consent process Veracity is functional security software that does not use cookies; therefore it must not to be part of your cookie ...

    • Getting Started with Ad Fraud Protection

      Welcome to Veracity Ad Fraud Protection We are delighted that you are going to be working with us to reduce the impact of bots on your Digital Marketing campaigns. There are 3 simple steps that you need to follow to get your account set-up. Please ...

    • Web Threat Protection Onboarding Guide

      Let’s get you started with Web Threat Protection

    • Ad Fraud Prevention Onboarding Guide

      Let’s get you started with Ad Fraud Prevention