- Roles and responsibilities of Frosmo and its customers in gathering and processing website visitors' personal data
- Procedures Frosmo uses to store and process personal data gathered from its customers' websites on their behalf to implement the various features of the Frosmo platformPlatform, such as content targeting, conversion tracking, and content modifications
- Technical solutions and processes that ensure compliance with national and regional regulations regarding data privacy and protection
|Customer||Organization that has a valid subscription agreement with Frosmo.|
|Data controller||Natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.|
|Data processor||Natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.|
Optimization and personalization is based on visitor usage data collected from the browser.
For more information, see Introduction to the Frosmo Platform.
Natural person whose personal data is being processed; "one who can be identified, directly or indirectly, in particular by reference to an identifier".
In the Frosmo context, the data subject is normally a visitor on a customer's website using the Frosmo platformPlatform.
Basically, any data related to an identified or identifiable natural person ("data subject"), for example:
|Site||Customer's website that uses the Frosmo platformPlatform.|
User of a website and, in case the site collects personal data about its visitors, a data subject.
The Frosmo platform Platform identifies the visitor based on the Frosmo visitor ID stored in the browser's local storage. By default, the Frosmo platform Platform does not recognize the visitor across different browsers or devices
This means that the legitimate and specific purpose for collecting personal data through the Frosmo platform Platform is always determined by the customer. The customer is responsible for:
Frosmo, as a data processor, is committed to assisting its customers in these responsibilities regarding any personal data collected through the Frosmo platformPlatform.
Data protection organization at Frosmo
The agreement with the hosting partners prohibits any operations related to Frosmo customer data. Frosmo personnel is solely responsible for managing and processing all data collected by the Frosmo platformPlatform.
- Modification performance data: Basic modification events used for monitoring and reporting
- Product data: Information used in product recommendations
- Server logs: "Raw data" not collected through the Frosmo platform Platform and not used for profiling or targeting
- Visitor data:
- Background data: Information about the visitor not related to a specific website
- Behavior data: Visitor's actions on the website
- Conversion and transaction data: Visitor's actions on the website in connection with purchases and other conversions
- Account data: Personal data collected and stored temporarily for the purpose of transferring it to customer's back end or third-party systems controlled by the customer; only tracked when explicitly agreed with the customer
By default, the Frosmo platform Platform collects and processes only anonymous and pseudonymous information about visitors and their behavior on a website. The platform does not collect data that in itself enables the identification of an individual data subject.
The Frosmo platform Platform can collect additional information about visitors, including account data, such as email addresses and phone numbers. However, processing of such data must always be determined by the customer and documented. Frosmo only collects account data for the purpose of transferring the data to the customer's back end or third-party systems (such as CRM systems or marketing automation platforms) controlled by the customer.
Purpose and lawfulness of data processing
The purpose and lawfulness of data processing is invariably determined by the customer and documented in the subscription agreement between Frosmo and the customer, and in the Frosmo General Terms of Service.
If so agreed, the Frosmo platform Platform will collect personal data for the purpose of passing it on to the customer's system or a third-party service, such as a marketing automation platform. The data will not be stored in the Frosmo back end, unless the customer has explicitly authorized this, and even then the information will only be stored on a temporary basis.
Data storage and retention
The Frosmo platform Platform stores data in the Frosmo back end as well as in the browser's local storage and cookies. For more information data storage, see Data collection storage and storageretention.
Most of the data collected by the Frosmo platform Platform (for example, segmentation and modification IDs, site configurations, visitor context data, and analytics data) is stored for the duration of the subscription agreement between Frosmo and the customer.
The log data is used to create usage statistics. Before refining the data for statistics, any personal data, such as IP addresses, are removed.
The Frosmo platform Platform data is regularly replicated for business continuity purposes. The backup copies cannot be accessed as such, and rolling back to one requires effort from the Frosmo System Administrator.
Integrations with third-party systems
The Frosmo platform Platform can communicate with back-end systems and basically any analytics, marketing automation, or content management system, depending on the configuration of that system. The platform can act as a master API for utilizing data from several sources. Integrations can also be implemented as custom solutions.
The personal data retrieved from a customer's databases or other back-end systems is not stored in the Frosmo platformPlatform, but transferred to the customer's system or third-party system used by the customer. However, Frosmo may combine it with segmentation data for personalization purposes. This type of data processing must always be determined by the customer and documented in the subscription agreement between Frosmo and the customer.
When a data subject refuses profiling on a site, the Frosmo platform Platform can discontinue all profiling for the corresponding Frosmo visitor ID. The platform does this by setting a cookie in the visitor's browser that prevents the use of the platform. After this, any collected data is stored in a format that prevents the platform from using it or associating it with a person. The data is then removed from the Frosmo back end according to the normal data retention cycle.
For more information, see Profiling solutions on the Frosmo platformPlatform.
The Frosmo platform Platform identifies the visitor based on the Frosmo visitor ID stored in the browser's local storage. By default, the platform does not recognize the visitor across different browsers or devices.