General Data Protection Regulation
When does the GDPR take effect?
May 25, 2018
On May 25, 2018, a new landmark privacy law called the General Data Protection Regulation (GDPR) takes effect in the European Union (EU). The GDPR expands the privacy rights granted to EU individuals, and it places many new obligations on organizations that market to, track or handle EU personal data, no matter where an organization is located. Topaz Labs is a small company that leverages the global online market to make our products available to all citizens of the Earth. This means we’re impacted by this, too.
Quite frankly, there will be some negative consequences for our customers in the EU because of this legislation. Due to our small size and limited resources to comply, some individual requests to comply will likely result in a loss of function and access to your Topaz Labs software, account, and services. Should you opt to exercise your rights under the GDPR, we provide some options to do so in your My Account Page. Here, we’ll take a look at exactly what that means for you.
What is the GDPR?
The General Data Protection Regulation, a.k.a the GDPR, is a new comprehensive data protection law in the EU (European Union) that updates existing laws to strengthen the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.
What does the GDPR Regulate?
The GDPR regulates the “processing,” which includes the collection, storage, transfer or use, of personal data about EU individuals. Any organization that processes personal data of EU individuals, including tracking their online activities, is within the scope of the law, regardless of whether the organization has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).
How does the GDPR change privacy law?
The GDPR provides more privacy rights to EU individuals and places significant obligations on organizations. Some of the key changes are:
- Expanded rights for EU individuals: The GDPR provides expanded rights for EU individuals such as deletion, restriction, and portability of personal data.
- Compliance obligations: The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.
- Data breach notification and security: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.
- New requirements for profiling and monitoring: The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals.
- One stop shop: The GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues.
What is personal data?
Any information relating to an identified or identifiable natural person (‘data subject’). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as – name, email address or location, and also online identifiers like IP address, types of website cookies and other device identifiers.
For eg: Support tickets carrying personal data like name, location, social identity for purposes to record and solve an individual’s support requests; CRM software collecting online identifiers to learn prospect activity on from the company website/product.
Does the GDPR require EU personal data to stay in the EU?
No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside the EU.
Where can I learn more about the GDPR?
Additional information about the GDPR is available on the official GDPR website of the EU
How do I make a request for my data under the GDPR?
To request that your information be removed, sent to you, modified, or exported, please head to your Account page to make those requests:
[qodef_button size=”medium” type=”” text=”My Account Page” custom_class=”” icon_pack=”font_awesome” fa_icon=”fa-user” link=”/my-account” target=”_blank” color=”” hover_color=”” background_color=”” hover_background_color=”” border_color=”” hover_border_color=”” font_size=”” font_weight=”” margin=””]
Just click the “show/hide” button on your Dashboard to reveal privacy options:
Will Topaz Labs delete my data for me?
Yes, we will remove any data you request us to remove. However, your request to remove data will also imply a mutual understanding that removing your data from our systems can result in a complete or partial loss of functionality of your Topaz Labs products. We will not refund any orders due to functionality loss caused by a data removal request via GDPR, without exception.
What data does Topaz Labs keep on me?
Topaz Labs stores the following information in our systems, using your email address as the primary identifier:
- User Account
- Email address
- Username (based off of your email address, unless you change it)
- First name (if you provide it to us)
- Last name (if you provide it to us)
- Billing address (if you provide it to us)
- Owned products
- Coupon codes you’ve used
- Application (Topaz Studio: required for Topaz Studio to run properly, also provides preset backup in case of data loss on your local machine)
- Unique GUID (for use in our backend systems that power applications)
- Topaz Studio presets (stored in non-identifiable GUID format)
- Topaz Studio favorites (stored in non-identifiable GUID format)
- Topaz Studio likes (stored in non-identifiable GUID format)
- Application (Classic Plugin Products: Adjust, Clean, etc.)
- No personal data is communicated from Classic Plugin Products to Topaz Labs for processing
What data does Topaz Labs NOT keep on me?
We never store the following information that you provide to us:
- Payment Information:
- Credit card number
- Credit card CVV number
- Credit card Expiration Date
- Profile information:
- Your age
- Your gender (though Facebook does this, and is connected to our site, we don’t receive this information)
- Your sexual orientation
- Your political affiliations
- Your job/career/position/occupation
We have never stored this data, and never will.
What can I ask Topaz Labs to do under the GDPR?
You can make the following requests from Topaz Labs regarding your data:
- Removal of data from our systems: this can take up to 30 calendar days (one month) to process.
- Display of data from our systems: this can take up to 30 calendar days (one month) to process.
- Correction of data in our systems: we already do this regularly.
- Removal of contact information from our marketing systems: this can be done without impacting your ability to use your Topaz Labs products.
- Provide transfer of data from our systems: you can request your data in either of the following formats:
What we currently cannot do:
- Restrict processing: We will only offer the right to restriction via removal of data. Our products will not be functional upon any data processing restriction, so our default will be removal of data.
What do you use my data for?
The Topaz Labs website will not collect any personally-identifiable information from you without your consent. When you sign up for our site, we give you the option to agree to the terms we lay out for all users. We additionally provide an option specifically for EU users to accept our GDPR policy (this page). We constructed this page to be as easy to read as possible.
The following information about you is collected when you access our website:
- Your IP Address
- Your IP Location (Country)
We do not have any other mechanisms to collect your personal information, other than what is collected by WordPress by way of use of its site. Here’s a statement from WordPress (Automattic) on what they’re doing about GDPR.
Topaz Labs collects data from you based on the following criteria:
- First Name, Last Name, Email Address, and Billing Address
- First & Last Name: You provide these to us when you purchase something. Until that point, your account does not have to contain any information regarding your real name, whatsoever. Free users can use our products completely anonymously. First & Last Name are required to purchase, upon which point we will only use that information to identify and greet you when you reach out to us on any of our several contact channels
- Email Address: You must provide your email address to us in order to access our website’s member area, also known as the My Account page. Your email address is used as your primary identifier, so we will use this information to:
- Create your account
- Add you to our mailing list for Topaz Labs updates, promotions, and educational content
- Provide our application update service, our notification service(s) inside of our applications (Topaz Studio, e.g.), as well as preset modifications and updates. We need your email address to delivery your products to you, and maintain their operating ability.
- Billing Address: We do not use your billing information for marketing purposes, profiling purposes, or automated decision-making processing.
- Application Usage: We do not currently use any of the anonymized (GUID-based) usage data for marketing purposes, but we will update this section when this policy changes, along with details describing how we are using this data for marketing purposes.
Topaz Studio & Adjustments
Topaz Studio uses your email address to log you into the application, to access our application server. This email address is only referred to at the login point, since this bit of information is converted to an anonymous user GUID for use in our systems. This anonymization protects your privacy. The only time you’ll be identified within the application will occur after you have publicly shared a preset with the Community. For presets shared with the Topaz Studio Community, only your username will be shown. Topaz Studio does not collect any information about you from other applications or web browsers on your machine.
What is a GUID?
GUID (or UUID) is an acronym for ‘Globally Unique Identifier’ (or ‘Universally Unique Identifier’). It is a 128-bit integer number used to identify resources. The term GUID is generally used by developers working with Microsoft technologies, while UUID is used everywhere else.
How unique is a GUID?
128-bits is big enough and the generation algorithm is unique enough that if 1,000,000,000 GUIDs per second were generated for 1 year the probability of a duplicate would be only 50%. Or if every human on Earth generated 600,000,000 GUIDs there would only be a 50% probability of a duplicate.
How are GUIDs used?
GUIDs are used in enterprise software development in C#, Java, and C++ as database keys, component identifiers, or just about anywhere else a truly unique identifier is required. GUIDs are also used to identify all interfaces and objects in COM programming.
Topaz Classic Plugins
Topaz Labs Classic Plugin software does not collect any personally identifiable information whatsoever. These are the products we are referring to:
- Topaz Adjust 5
- Topaz Clean 3
- Topaz Simplify 4*
- Topaz DeNoise 6
- Topaz DeJPEG 4
- Topaz Detail 3*
- Topaz ReMask 5
- Topaz InFocus 1
- Topaz Lens Effects 1
- Topaz B&W Effects 2
- Topaz Star Effects 1
- Topaz photoFXlab 1
- Topaz Clarity 1*
- Topaz ReStyle 1
- Topaz Impression 2*
- Topaz Glow 2*
- Topaz Texture Effects 2*
* These are previous versions of the product. To obtain copies of these versions, please go to the Previous Versions Downloads Page.
Some closing words…
Topaz Labs cares about our customers. We are, and always have been, an extremely small company. We’ve always fought our hardest to win our customers, keep them happy, and continue to provide them with tools and capabilities they can’t find anywhere else. We’re committed to being as transparent as possible as we transition into an era of increased data security, but we will likely need some patience from everyone involved.
We are going to do our best to ensure we comply with the GDPR, and continue our ongoing relationship with our EU customers. Happy editing, y’all!
Update Privacy Options here:
[qodef_button size=”medium” type=”” text=”My Account” custom_class=”” icon_pack=”font_awesome” fa_icon=”fa-user” link=”/my-account” target=”_blank” color=”” hover_color=”” background_color=”” hover_background_color=”” border_color=”” hover_border_color=”” font_size=”” font_weight=”” margin=””]