Skip to main content
All CollectionsPolicies and Legal Information
Technical description / DPA questions
Technical description / DPA questions

Detailed description of the ABM service: how to proceed in practice.

Mikaela avatar
Written by Mikaela
Updated over 3 weeks ago

The ABM service consists of two technical products (as well as several services that fall outside the scope of a generic DPA). The two products are:

  1. Account Tracking - Script on Inzynk's customer's website captures the IP address from the visitor and distributes a 1st party cookie and a 3rd party cookie if the user accepts cookies according to Inzynk's customer's cookie consent box. The IP address is checked against InZynk's matched company IP database to see if the IP address has been linked to a named company. If a company match exists, the visit is stored in AWS (specification in Annex A-C) and presented in InZynk's platform (which the customer can get a login to if desired). The user will then be tracked as long as the cookies are on the device and in the event of a return visit to the customer's website, these cookies will be recognised and data can then be aggregated on the device. If the incoming IP number is not matched to a company, the data for the specified visit is not stored.

  2. Account Based Advertising - InZynk's customer selects companies to be included in processing (advertising (programmatic)). InZynk checks that companies are in InZynk's matched company IP database. If companies exist, the matched IP ranges are sent to InZynk's DSP (demand side platform) partner for advertising. From the advertising, InZynk then retrieves data in terms of numbers: Views, clicks on the ad, CTR, viewability etc (if desired, specification about all advertising data that can be retrieved can be given). Advertising data is then presented in InZynk's platform (which the customer can get a login to if desired).

Are the IP addresses InZynk work with linked to B2C customers or B2B customers? Can they be classified as indirect customer data, so that they – combined with other data – can identify a natural person?

  • The IP addresses that we work with cannot be linked to a B2C customer. The IP addresses that InZynk retrieves are always matched to a company name and are only used in that case and area of use. InZynk does not have access to data that allows InZynk to identify a natural person.

Subject matter of the data processing:

Inzynk Analytics is a web analytics service that provides basic statistics and analytical tools. Inzynk Analytics is used to track website performance and collect basic visitor insights. It can help organizations determine top sources of web traffic and see what companies are visiting their website.

Nature and purpose of the processing:

Account Based Marketing – the purpose of processing is analytics. Analytics; Accounts are tracked based IP-number(s) registered on companies.

The Personal Data transferred concern the following categories of Data Subjects:

Companies are tracked by IP-numbers. Devices are tracked by cookie IDs. All Visitors are matched towards the processor’s company register.

The Personal Data Processed by Processor on behalf of Controller concerns the following categories of Personal Data:

  • IP number.

  • Cookie ID.

Types of Personal Data processed:

Marked [x]

Contact/identification details:

[ ] Name, address place

[ ] Telephone number, e-mail address

[ ] Date of birth

[ ] Gender

HR Data/Master data of employees

[ ] Employee-ID

[ ] Department (OLC code)

[ ] Work performance record

[ ] Social security number

[ ] Personnel files incl. confidential reports

[ ] Special categories of data (health, racial or ethnic origin, sexual orientation, religious beliefs, political opinions, trade union membership)

[ ] Payroll records

[ ] Job application data (such as cv, qualifications)

[ ] Employees’ tax data

Customer data / Contract information

[ ] Billing data

[ ] Bank information

[ ] Consumption data

[ ] Contract data

[ ] Metering data

Customer history

[ ] Volume information/consumption history (incl. smart meter data)

Financial data

[ ] Banking account number

[ ] Credit card number

[ ] Payment defaults

[ ] Purchase history

[ ] Derivative financial details (income category, residential property, car ownership)

[ ] Credibility information on payments (credit scoring)

Lifestyle characteristics

[ ] Family composition, living situation, interests, demographic characteristics etc.

Social Media

[ ] Data obtained from social profiles (Facebook, Twitter account etc.)

Other

[X] IP-number

[X] Cookie ID

Special categories of personal data processed (if applicable)

N/A

Categories of Data Subjects that will be processed by Processor. The group of Data Subjects affected by the processing of their Personal Data includes:

[ ] Customers incl. ex-customers

[ ] Prospective or potential customers

[ ] Employees

[ ] Users of the IT Infrastructure,

[ ] Suppliers

[ ] Subscribers

[X] Other, namely users within companies that are chosen by InZynk Customer to be included in one or many ABM activities.

Contact details to Data Protection officer/contact person.

Data Protection Officer: Eric Johansson

Contact person: Rasmus Vejdegren

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period. The data is stored for one year if not user manually delete cookie(s).

ANNEX B – 3RD COUNTRY TRANSFER OF PERSONAL DATA

  • a) 3rd country transfer of personal data is not done – no further actions required

  • b) 3rd country transfer of personal data is intended:

Each and every Transfer of Data to a State which is not a Member State of either the EU or the EEA shall only occur if the specific Conditions of Article 44 et seq. GDPR have been fulfilled. The adequate level of protection in………………………………………………………………………. (e.g. country, territory or specific sectors within a country)

[ ] is the result of Standard Data Protection Clauses (Article 46 Paragraph 2 Points c and d GDPR);

[ ] has been decided by the European Commission (Article 45 Paragraph 3 GDPR);

If approved by European supervisory authorities:

[ ] is the result of binding corporate rules (Article 46 Paragraph 2 Point b in conjunction with Article 47 GDPR);

[ ] is the result of approved Codes of Conduct (Article 46 Paragraph 2 Point e in conjunction with Article 40 GDPR);

[ ] is the result of an approved Certification Mechanism. (Article 46 Paragraph 2 Point f in conjunction with Article 42 GDPR).

[ ] is established by other means:………. (Article 46 Paragraph 2 Point a, Paragraph 3 Points a and b GDPR)

ANNEX C: LIST OF APPROVED SUB-PROCESSORS AS WELL AS THE LOCATIONS OUTSITE THE EU (THIRD COUNTRIES)

The Controller will need approve the use of Sub-Processors. The Processor is not

entitled – without the express written consent of the Controller – to engage a Sub-Processor for any other processing than the agreed processing or to have another Sub-Processor perform the described processing.

In order to make the assessment and the decision whether to authorise sub-contracting,

the Processor shall provide the Controller with all necessary information on the intended Sub-Processor, including on their locations, the processing activities they will be carrying out and on any safeguards and measures to be implemented.

  • a) Subcontracting is not permitted.

  • b) Controller agrees to the commissioning of the following Sub-Processors on the condition of a contractual agreement in accordance with Article 28 paragraphs 2-4 GDPR:

Name Company SubProcessor

Address/country

Service/description of the

processing

Delivery

Locations/

Country

  • c) Controller agrees to the following “processing locations in third countries” in accordance to Annex B:

Name Company SubProcessor

Address/country

Service/description of

the processing

Personal Data Scope

Processing Locations/Country

Safeguards

Did this answer your question?