Cincopa-GDPR & Data Privacy FAQ
On May 25, 2018, the EU General Data Protection Regulation (GDPR) will become effective, bringing new global data protection rights for citizens of the European Union.
Cincopa supports the privacy rights of its customers and their users and is currently GDPR-compliant.
Over the coming months, we plan to add additional functionality to our product, player, and APIs to make it easier for you to process Data Subject Requests with us.
As part of our GDPR roadmap, We strive to make this a self-serve, efficient process for our customers where they will be able to manage data requests directly from their Cincopa account.
Data Subject Rights
A major part of GDPR is the rights granted to EU residents in regards to their personal data. Under GDPR, a user has the right to access their data (in a commonly-used and machine-readable format) and the right to be forgotten (have all of their personal data erased), subject to certain conditions.
Once a visitor has provided their email address to you via the video lead generation form, we can show you which of your videos they’ve watched, what parts they watched, and when they watched them. All of this data is available for export and can also be deleted.
Possible today
- We’re happy to serve any Data Subject requests and are committed to doing so within 30 days upon receipt of your request. Email us at support@cincopa.com with your user’s email address and instructions.
- Global Settings – Anonymize IPs of all viewers. Click here to navigate to your account’s global settings
Our GDPR roadmap
- Data Export – Provide complete API access to find and export information about viewers via our Cincopa Analytics API.
- Data Deletion – Extending our API to allow you to delete all of a user’s collected data.
- Self-Service Data Export from your account – Export entire viewer data to CSV from our analytics.
- Privacy mode and banner opt-in – When a user opt-in to a cookie consent banner on your site you will be able to send an API call to our Cincopa Player JS API and enable session tracking, otherwise cookie and tracking will be disabled.
Data Breach – notification via email
In any event of a data breach involving personal data, We will contact you by email.
List of Data Sub-processors
Last updated: May 1st, 2018
a current list of sub-processors authorized to process customer data for Cincopa’s services. We impose data protection terms with each sub-processor regarding their security controls and applicable regulations for the protection of personal data.
| Name | Type | Location |
| Amazon Web Services, inc. | Cloud Service Provider | USA |
| Fastly and CacheFly | CDN | USA |
| IBM Cloud | Cloud Service Provider | USA |
Questions
For questions or inquiries related to data privacy and GDPR, please contact us at support@cincopa.com
Which Cincopa products does GDPR affect?
Through the use of our application, Cincopa may potentially collect personal data from end users. In most cases, this personal data is limited to email addresses.
Below is a table of the types of personal data that could be captured in Cincopa:
| Personal Data | Product(s) | How data is captured | How consent is achieved | Why we collect it |
| Email address | Cincopa Lead generation – MAP forms | Via integration with Marketing Automation platforms like HubSpot. Data is pulled from identified leads in the MAP securely via API. | For already identified viewers, consent for tracking video view data will be assumed from the MAP.
In addition, player APIs can be added to prevent tracking based on consenting to your web policies on tracked pages. |
Used as a unique identifier to pass analytics back into MAP and CRM integrations |
| Email address | Cincopa Video Email Embed (Merge tags) | Email merge tags can be added from any platforms that support it to push the email address into Cincopa Analytics. | Consent is assumed from the source of the email address (MAP, CRM, CMS, etc) as the email would have originated from that platform.
In addition, player APIs can be added to prevent tracking based on consenting to your web policies on tracked pages. |
Used as a unique identifier to pass analytics back into MAP and CRM integrations. |
| Email address and other data | Cincopa native Lead generation Form | Cincopa native forms are added to the video to collect personal data.
Cincopa forms are primarily used to collect email addresses. |
Consent language can be added to the forms created in Cincopa. (top and bottom text)
This must be added by Cincopa users and is not automatic. |
Used to generate leads in integrated MAP, Zapier, Email marketing and CRM tools. |
How can I inform my users/views that their data will be collected?
In general, to capture the data relevant to Cincopa, you want to include information on tracking video view data and metrics. However Cincopa can’t advice you on the actual wording. Please contact your legal representatives to discuss the language required on pages where Cincopa videos and other media may be embedded. Usually, these pages will also have other scripts and technologies providing additional services. The language you use will need to encapsulate all tools being employed.
If I get a request from my users/views to view data stored on your system about them, how can I get it?
The Cincopa team can extract a CSV of video views associated with an identified email. This report can be generated by our team.
Contact us at support@cincopa.com
If I get a request from my users/views to delete all viewing data that is stored about them, how is this done?
The Cincopa team will be able to process your request within 30 days.
Contact us at support@cincopa.com