This article provides additional context to Conductor Website Monitoring's Data Processing Agreement which our new and existing customers are asked to accept when using the Conductor Website Monitoring platform.
You can read the Conductor Website Monitoring Data Processing Agreement in full here.
What is a Data Processing Agreement?
Data Processing Agreements (DPAs) are part of the EU GDPR framework to protect the processing of personal data. When personal data is processed a DPA needs to be in place to describe the nature of the processing, and how it's safeguarded.
Why is a DPA needed?
Although we can't be sure of this, it could be that the websites in your Conductor Website Monitoring account contain personal data, which is then processed by the Conductor Website Monitoring platform.
If the websites you're monitoring in your Conductor Website Monitoring account contain personal data, there is a legal requirement to enter into a Data Processing Agreement with Conductor Website Monitoring to continue using our services.
If you are certain that the websites in your Conductor Website Monitoring account don't contain personal data, and that you don't process personal data through our services, you don't need to enter into a DPA with Conductor Website Monitoring.
If you're not sure about the processing of any personal data, or if you believe the websites in your Conductor Website Monitoring account may contain personal data in the future, we advise you to have a DPA with Conductor Website Monitoring anyway. The DPA will then apply as soon as the websites in your Conductor Website Monitoring account contain personal data and personal data are being processed.
If you don't enter into a DPA with Conductor Website Monitoring, we assume that you don't process any personal data through our services.
What personal data is in scope of the Conductor Website Monitoring DPA
The DPA only applies to the publicly available personal data on your or your clients' websites (if any is present) that Conductor Website Monitoring can access and process as part of the regular monitoring.
A good example of such personal data would be a team page, such as the team page on our website. The Conductor Website Monitoring Team page contains the first and last names of Conductor Website Monitoring's team members which are considered personal data.
Another example could be authors of blog and other articles, which our users often track in Conductor Website Monitoring using the Custom Element Extraction feature.
If any such data (first and last name, date of birth, etc.) is publicly accessible on any of your monitored websites, Conductor Website Monitoring will process it when monitoring the pages.
And if this is the case, there's a legal requirement to enter into the DPA with Conductor Website Monitoring.
What personal data is not in scope of the Conductor Website Monitoring DPA
The DPA does not apply to personal data which your website gathers from visitors via website forms and other channels, as Conductor Website Monitoring does not have access to this data in the first place.
Furthermore, the DPA does not apply to any personal data that you process internally (again, Conductor Website Monitoring does not have access to this data).
Questions?
{:#need-help .toc-hidden}
If you have any additional questions about the DPA, don't hesitate to contact us!