We are dropping by at London Tech Week 2024 👋
View Details

Mevrik’s dedication to the GDPR

The General Data Protection Regulation (GDPR) is a significant piece of legislation that aims to bolster and harmonize data protection regulations for everyone living in the European Union.
Mevrik has made the necessary technological and business changes to run in a way that complies with GDPR.

How does Mevrik maintain all GDPR criteria?

We appreciate the privacy rights of our customers as well as their customers. We made the required adjustments to make sure Mevrik will always be GDPR compliant for this reason.

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

Here is a brief summary of the actions we took to be maintain all GDPR criteria's:

  • We completed a thorough analysis of the areas of our product and business that are affected by GDPR.
  • We finished appointing a data protection officer.
  • We have completely rewritten our data protection agreement.
  • We have created a plan and specifications on how to deal with the aspects of our product affected by GDPR.
  • Based on the specifications we made the necessary modifications & improvements to our product.
  • We implemented the necessary adjustments to our internal processes and procedures.

In addition, Mevrik has discussed our strategy with various independent attorneys.

What adjustments did Mevrik make in order to comply with the GDPR?

We implemented many actions throughout the whole company. We made adjustments to allow customers to customize how they obtain consent inside our feedback tools, and we increased anonymity within our analytics tools. For instance, Mevrik by default conceals all user keystrokes.

We also developed user interfaces that enable customers to respond to inquiries from their clients on their legal entitlements to access any personal data that may be kept in their Mevrik account.

What do we request from our users?

Future clients may need to do two things, depending on your circumstances and the laws in your jurisdiction. The only significant modifications we detect that could have an impact on you as a result of utilizing Mevrik are listed below:

Make sure you clearly explain to your users how you utilize Mevrik on your website or application in your terms of service or privacy policy. We advise you to make sure your viewers can understand your policies and that they are current. You should most likely sign a Data Processing Agreement with Mevrik if you reside in the European Union. We are pleased to do so. 

Why is GDPR significant and what does it mean?

The General Data Protection Act (GDPR), which will replace the 1995 Data Protection Directive, is regarded as the most significant piece of European data protection law to be adopted in the European Union (EU) in 20 years.

The GDPR governs the collection, storage, transfer, and use of personal data concerning persons within the European Union. Importantly, the term "personal data" as used under the GDPR is quite wide and includes all information pertaining to a named or identifiable individual (also known as a "data subject").

By establishing guidelines for how businesses should manage and keep the personal data they gather, it grants data subjects additional rights and control over their data. By strengthening enforcement and charging higher fines should the GDPR's rules be violated, the GDPR also raises the stakes for compliance. The GDPR strengthens the privacy rights of EU citizens and imposes much stricter requirements on corporations that handle data.

Here are a few of the major adjustments brought about by GDPR, in brief:

  • Individuals' rights are increased by the GDPR, which among other things gives EU citizens the right to be forgotten and the right to get a copy of any personal data that has been kept on them.
  • Organizations must comply with the GDPR by implementing suitable policies and security procedures, conducting privacy impact assessments, maintaining thorough records of data activities, and signing formal agreements with vendors.
  • The GDPR compels enterprises to notify data protection authorities and in some cases, the affected data subjects of certain data breaches. Additional security standards are imposed on enterprises by the GDPR.
  • The GDPR adds new rules for businesses that profile or keep track of EU citizens' online behavior.
  • Under the GDPR, corporations may be fined up to the greater of €20 million or 4% of their annual global revenue, depending on the gravity of the violation and the extent of the harm. Additionally, the GDPR gives firms with activities in numerous EU member states a single point of enforcement by forcing them to collaborate with a lead supervisory authority on international data protection problems.

Even if your business is based outside of the EU, you should be aware of this. Regardless of whether a business has a physical presence in the EU, the GDPR's obligations apply to any organization that handles personal data of EU citizens, including tracking their online activities.

Please don't hesitate to get in touch with us if you have any queries.

The California Consumer Privacy Act and Mevrik (CCPA)

The California Consumer Privacy Act, usually known as the CCPA, is a privacy-focused law that has gone into effect on January 1st, 2020 and is intended to safeguard the privacy of Californian customers.

How does Mevrik get prepared for the CCPA?

We were prepared to serve clients that needed to comply with the CCPA because of the numerous product and process improvements we made in advance of the 2018 General Data Protection Regulation (GDPR).

The GDPR is not the CCPA, though. We have hired a California-based law firm to examine our procedures and controls and provide advice on any necessary improvements so that we would be prepared and could complete our preparations. The following papers were improved as a result of this engagement:

  • Services Agreement
  • Privacy Policy
  • Data Processing Agreement (DPA)

Do I fulfill the CCPA's fundamental standards as a Mevrik customer?

The CCPA is a substantial piece of legislation that deals with numerous issues that are unrelated to or have no bearing on how you use Mevrik. However, there are parts of the CCPA that could apply to your use of Mevrik and give your clients rights. Below, we've provided a quick description of their rights as well as some tips for using Mevrik to help you take care of them.

1. Notification of privacy

According to the CCPA, companies must revise their privacy notices to clearly specify what data is collected, classify the data gathered, explain its intended use, name the third parties with whom the data is shared, and clarify the rights that an individual has.

To make sure you comply with the CCPA's standards, we advise you to thoroughly evaluate your company's terms of service and privacy policy. If necessary, you should also mention the usage of Mevrik.

We've created a particular text with the help of an outside attorney that you could use.

2. Demands for personal information (right of access and deletion)

Under the CCPA, customers in California may be entitled to ask for and obtain a list of the personal data and other information a company collects (or has collected), as well as information about the purpose for which this data is being used.

The customer may also be able to ask for the deletion of any specific personal data. These deletion requests must be complied with by you, the business, with the exclusion of certain categories of data (such as billing or other information required by regulatory requirements).

To assist you in responding to these kinds of queries, our team has created a function called Visitor Lookup. You can use Visitor Lookup to locate users by looking for specific data elements (typically an email address). You can then share any information you have located using Visitor Lookup with the user and, if they so choose, allow them to easily delete it, ensuring that you, as a Mevrik customer, do so in a timely and legal manner.

3. IP addresses

An IP address may fall under the CCPA's definition of personal data if it may be used to pinpoint a household.

In accordance with Mevrik’s normal practice, visitor IP addresses are always hidden before being stored to disk on our servers. To prevent the whole IP address from ever being saved to disk, we change the last octet of IPv4 addresses to 0. The IP address of a visitor, for instance, will be saved as 1.2.3.0 if it is 1.2.3.4. Only the first three octets of the visitor's IP address are used to pinpoint their location.

Note: Passing IP addresses to Mevrik as a User Attribute is optional. In the event that a Mevrik customer chooses to provide Mevrik with IP addresses using the Identify API, the IP addresses will be retained and may qualify as personal information under the CCPA. The Identify API can be used without sending IP addresses to our servers because it is optional in Mevrik and is not turned on by default.

As always, our team places a strong priority on protecting your privacy and that of your users. We've created tools to make it simple for you to comply with the ever-changing privacy rules; but, if you have any queries about these tools, please get in touch with us.

We are willing to assist, but we are unable to render legal counsel. The information on this page is simply meant to provide an overview of the key provisions of the CCPA and to educate you, as one of our clients, on how Mevrik can be utilized in compliance. To fully comprehend your CCPA obligations, we advise that you consult with a reliable legal advisor.

ISO: 2018

The ISO 9004:2018 standard, titled "Quality management - Quality of an organization - Guidance to achieve sustainable success," offers recommendations for improving an organization's capacity to do so. These recommendations are in line with the quality management guidelines provided in ISO 9001:2015. Any business, regardless of its size, nature, or activity, can use ISO 9004:2018.

PCI Compliance

Payment Card Industry Data Security Standard (PCI DSS) compliance is adherence to the set of policies and procedures developed to protect credit, debit and cash card transactions and prevent the misuse of cardholders' personal information. PCI DSS compliance is required by all card brands.

The 12 criteria of PCI DSS are as follows:

  1. To safeguard cardholder data, configure and maintain a firewall.
  2. Never use the system password defaults or any security settings provided by the vendor.
  3. Safeguard storing cardholder data.
  4. Transmit cardholder data securely across open, public networks.
  5. Utilize and update antivirus software as necessary.
  6. Create and manage secure apps and systems.
  7. Limit who has access to cardholder information for commercial purposes.
  8. Give each individual with access to the computer a special ID.
  9. Limit physical access to cardholder information.
  10. Keep track of and keep an eye on all network resources and cardholder data access.
  11. Test security procedures and systems on a regular basis.
  12. Keep an information security policy in place for all employees.

No matter what the size or location of the organization, it must comply with the Payment Card Industry Data Security Standard (PCI DSS), which is a set of industry-mandated regulations. Five of the largest card brands created the PCI Security Standards Council, and they each participate equally in its activities. All businesses that store, process or transmit payment cardholder data must be PCI Compliant.

Since Mevrik maintains PCI DSS, it indicates that our security policies and practices are up to par. Mevrik does not store any credit card information.

Explore How Mevrik Can  Grow Your Business

Ready to thrive customer experience, increase sales & support?

Request a Demo