Tinkerforge and GDPR

As you have probably already heard, the General Data Protection Regulation (GDPR) will become enforcable on May 25th 2018. The GDPR is EU regulation for better data protection and pivacy of individuals in the EU.

In this blog post we would like to inform you how the GDPR rules are implemented at Tinkerforge:

We took a detailed look at all of the data that we are gathering in the light of GDPR. The only relevant part in our company that we found was our Matomo (formerly Piwik) installation. It did set a cookie that you could opt-out on our privacy notice site. Since this needs to be opt-in with GDPR now we just removed the cookies from our Matomo setup. This does not change a whole lot, since we already did honor the "do-not-track" request that browsers set nowadays, in which case Matomo didn't set a cookie anyway.

Our Matomo installation will now collect anonymized data that can not be correlated to an user account, IP address or similar. The collected data includes

  • sites visited,
  • visiting time,
  • country of origin,
  • browser
  • and similar.

The data is used to

  • find dead links (404),
  • find sites that talk about Tinkerforge,
  • determine server workload through visitor numbers/load times,
  • determine effectiveness of advertising/articles
  • and similar.

The data is not

  • correlated with shop accounts in any way or form,
  • used to track recurring visitors
  • or used to make a permanent profile of users.

This complies with the requirements of the GDPR.

Additionally we operate a shop. If you create an account in our shop we save the address information as well as the orders. This data is (obviously) necessary to run an online shop and it is unavoidable that we save the data. If you want your shop user account deleted (according to the "right to be forgotten"), write us an email. We can execute a SQL query that removes all of your data from our shop system. What will stay is an archived printed copy as well as an archived digital copy of the invoice that you received with your order. We are legally required to keep them (Aufbewahrungspflicht). If you want to see what data we have, you can log into your account and go to the "My Account" page. The address book and order information that you can see there represents all of the data we have.

If you don't have a shop account and you put products in your shopping cart, the shop sets a cookie with an ID of the content of the cart. If you (for example) open the shop in a new tab, the shopping cart content will persist. The only thing tied to this ID is the shopping cart content, no personal information can be obtained from that or correlated to it. The documentation may set one additional cookie if you explicitely choose a language that does not match your browser language, so on the next visit you will automatically be redirected to the correct language page. Again, this does not contain any or could be linked to your personal information.

Generally speaking, we are in the business of designing, manufacturing and selling hardware. We only collect personal information that is absolutely necessary. Thus the new GDPR rules do not affect us greatly.