GDPR & Data Processing

Last updated: May 25, 2025

This document describes how VisitorFilters complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 and outlines your rights as a data subject.

Roles Under GDPR

VisitorFilters as Data Controller

VisitorFilters acts as a Data Controller for the personal data of our customers — including account data, billing information, and platform usage data.

VisitorFilters as Data Processor

When you install the VisitorFilters collector script on your website, VisitorFilters acts as a Data Processor on your behalf. You (the customer) are the Data Controller for visitor data collected from your end-users. We process this data solely according to your instructions.

Legal Basis for Processing

• Contract performance — processing necessary to deliver the service you subscribed to.
• Legitimate interests — fraud prevention, service security, and improving our platform.
• Legal obligation — compliance with applicable laws (e.g., tax and financial regulations).
• Consent — where explicitly obtained (e.g., marketing communications).

Data Subject Rights

Under GDPR, EU/EEA residents have the following rights:

• Right of access — request a copy of your personal data.
• Right to rectification — correct inaccurate data.
• Right to erasure — request deletion of your data ("right to be forgotten").
• Right to restriction — limit how we process your data.
• Right to data portability — receive your data in a machine-readable format.
• Right to object — object to processing based on legitimate interests.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Data Retention

• Account data — retained for the duration of your subscription, plus 30 days after account deletion.
• Visitor analytics data — per your plan's retention limit (7–365 days).
• Billing records — retained for 7 years to comply with financial regulations.
• Support communications — 2 years from last interaction.

International Data Transfers

Your data is processed in the EU/EEA. If data is transferred outside the EEA, we ensure adequate protection through Standard Contractual Clauses (SCCs) or equivalent mechanisms.

Security Measures

• TLS 1.2+ encryption for all data in transit.
• AES-256 encryption for sensitive data at rest.
• Role-based access controls — staff access to customer data is logged and audited.
• Regular security assessments and penetration testing.

Contact & DPO

For GDPR-related inquiries or to file a complaint: [email protected]. You also have the right to lodge a complaint with your local supervisory authority.