Pendo is both a data processor and data controller. Pendo processes your customer data and controls the data of our own customers that log in to Pendo. Thus, General Data Protection Regulation (GDPR) impacts Pendo along with most of Pendo’s customers. Pendo has certain requirements and liability for both.
What GDPR is
GDPR is a set of data privacy regulations that were adopted by the European Union (EU) and became effective May 25, 2018. GDPR provides a common set of regulations that govern the protection of the personal data of EU residents regardless of which companies they do business with, including:
- How consent for data collection and processing must be obtained.
- How data subjects may exercise their rights regarding personal data.
- What must be done to demonstrate that data is processed and secured.
For more information about GDPR, see the official EU site.
Individual (data subject) rights
There are eight data subject rights under GDPR:
Right to be informed
Individuals have the right to be informed about the collection and use of their personal data, including what personal data is collected about them, why, who is collecting the data, the data retention period, and with whom their data is shared. This right emphasizes transparency and fair processing of information. All information must be communicated in clear and plain language at the time of consent to collect personal data.
Right of access
Individuals have the right to submit access requests and attain information from the organization about whether their personal information is being processed. This right helps individuals access their personal data so that they are aware of their data being processed and can verify the lawfulness of the processing. The organization is obligated to provide a copy of personal data they have about the individual and other information, such as the purpose of the processing, the source of collected data, with whom data is shared, and information about their GDPR rights.
Right to object
Individuals have the right to object to the processing of their personal data depending on the purpose of the processing and its lawful basis. On certain grounds, this right allows individuals to object to data processing for the purposes of profiling or direct marketing.
Right to rectification
If an individual discovers that an organization holds inaccurate or incomplete information about them, the individual has the right to ask the organization to update the inaccurate or incomplete data. Organizations have one calendar month to respond to a request for rectification.
Right to erasure (right to be forgotten)
Individuals have the right to request that an organization erase their data in certain circumstances. This right enables the deletion of personal data if it's no longer necessary. if the data was unlawfully processes, if it no longer meets the lawful grounds for which it was collected, or if the data subject withdraws consent.
Right to restrict processing
Individuals have the right to request that an organization limits the way that it uses personal data in certain circumstances. This right is an alternative to the right to erasure (right to be forgotten) and allows the data subject to block or suppress processing of personal data.
Right to data portability
Individuals have the right to obtain and reuse their personal data for their own purposes across different services. This data must be given to them in a structured, commonly used, and machine-readable format.
Invoking GDPR rights
If you have a request to invoke any of the rights listed above, contact Pendo Support to submit your request. Once a request is submitted, you can monitor its completion by tracking the ticket submitted.
If your request is for data deletion, you can do this programmatically using the Pendo API endpoint. For more information, see Bulk delete accounts and visitors through the API.
Data deletion makes use of DNP, which is shorthand for the "do not process" setting in Pendo. You can also use DNP in isolation to allow your users to opt-out of data processing without deleting any data history. For more information, see the Opt out of tracking with DNP article.
Guidelines
Pendo is committed to making the GDPR process as efficient as possible. Include the following information in your request:
- Visitor ID. Provide the relevant Visitor ID in the request. Email address isn’t always the Visitor ID. The format of your Visitor ID depends on how you decided to set up Pendo for your organization and can take the form of randomized alphanumeric characters.
-
Subscription. Provide the name of the Pendo subscription to delete or request the data from. If you have more than one subscription, provide the names of every subscription you would like to request or delete data from.
Example message to Pendo
Hi Pendo!
This message is being sent to inform you that the following visitor has submitted a GDPR Request to invoke their "Right to Access".
Visitor ID:
uniqueIdentifier-abcde12345
Subscription Name:
acme-solutions
Thanks,
Your Pendo Customer
Process
The Pendo support team responds to each request to confirm that it’s been received and that processes have been initialized. Requests for Erasure and Data Portability Rights take up to 21 days to help meet required compliance timelines.
Erasure requests
If you have API access enabled and a Pendo integration key, you can erase data programmatically using the Pendo API endpoint. For more information, see Bulk delete accounts and visitors through the API.
If, instead, you request Pendo Support to erase data, we update you through the request ticket confirming the deletion and summarizing which visitors the delete request has been fulfilled for. This can take up to 21 days. If you've sent multiple requests, the response might be batched.
Access requests
We send you a .zip file with .json
file for each access request. If you've sent multiple requests, the response might be batched into one .zip file, including a separate .json
file for each Visitor ID.
An empty .json
file means that there is no data for that user. You might instead receive an email stating that there's no available data for the requested user.
In an event of a data breach
In the event of a breach, we contact the affected Pendo account administrators and designated contacts. The breach immediately triggers remedial action to ensure compliance. Defined within the breach response, Pendo includes continuous updates to ensure effective communication with affected customers.
Additional resources
For more information, review Pendo’s GDPR Process and Approach white paper. For any additional general questions or concerns about Pendo’s approach privacy, security, certifications, or GDPR compliance plans, contact us at gdpr@pendo.io.