Uberflip and GDPR

While some companies fear regulations, we say, “challenge accepted.” We see the General Data Protection Regulation (GDPR) as an opportunity to reinforce Uberflip’s mission to fuel engaging, personalized content experiences. This is the most significant data protection regulation to emerge from the EU in more than 20 years. Here’s how Uberflip has approached the new law as a strategic marketing advantage.

What is GDPR?

GDPR was approved by EU Parliament in April 2016. It mandates higher standards for how marketers can use personal data. The new law requires companies to set up more rigorous systems for data usage.

Why Does It Matter?

GDPR strengthens the rights that individuals have over their information. It gives European citizens higher transparency, control, and safety.

How Should You Prepare?

Organizations need to create a data policy that makes it easy for ‘Data Subjects’ to retain control over the information that they choose to share. Talk to legal counsel, martech providers, and integration partners to ensure compliance.

Our Team’s Approach to GDPR

Refining Internal Processes

We’ve refined our own internal processes for protecting data privacy and auditing information flows.

Clarifying Data Usage

We’ve made it easier for our customers to understand how we collect and store data.

Making Compliance Straightforward

We’ve built and refined tools within the Uberflip platform that make it easy for marketers to stay GDPR compliant.

How Our Platform Is Changing to Become GDPR Compliant

As a company that touches personal data, we see GDPR as an opportunity to better personalize your marketing. We’ve built the following features to make compliance more natural to your user flows.

  • Conditional CTA fields
    With this feature, audiences can self-identify as being an EU citizen. Uberflip users can better organize their database.
  • A templated privacy page
    This feature gives Uberflip customers the ability to add a privacy page to their hub that includes custom consent groups to clarify data usage.
  • More customization for the privacy page and terms of service
    Your lawyer will tell you what your company needs to do and say on these key pages. We give you the tools to do it.
  • Easy to deploy privacy banner
    This feature enables Uberflip customers to display a privacy banner at the bottom of a Content Hub to accept consent and link visitors to a privacy page.
Marketing Stream with a CTA highlighted and a checkbox with EU Citizen checked

The GDPR Backstory

GDPR changes how companies can and will interact with personal data. In the EU and many other parts of the world, data is owned by the subject—the person who chooses to share that data. It protects information as a fundamental human right that an individual owns, controls, and licenses to businesses. GDPR enforces that the person who owns the data retains control of the data.

GDPR for Marketers at a Glance

Rules and Regulations

Increased Territorial Scope
If you are marketing to customers in the EU, you need to comply regardless of where you’re based.

Breach Penalties
If you misuse personal data, your organization can be fined up to 4% of annual revenue or €20 Million (whichever is greater).

Clear and Obvious Consent
You can’t do whatever you want with the data that you have. You need to be clear about your data usage and policies.

Fundamental Human Rights
These include the right to be forgotten, to receive the personal data concerning the individual (data portability), to privacy inherent by design, and to data protection officers.

Frequently Asked Questions

We see the GDPR as an opportunity for companies to build more transparent customer relationships. The GDPR introduces new complexities to marketing, but Uberflip enjoys figuring them out.

What type of data are you collecting?

Uberflip is considered a Data Processor in the eyes of GDPR. Our customers are able to use our platform to add any and all fields from their Marketing Automation Platform (MAP), including fields that would collect personal data. For our customers, this typically includes personal data like names, emails, phone numbers and company name. Depending on which features the customer enables in their Hub, we may also collect additional personal data of visitors including analytics, third party tracking, and visitor profiles.

How do you transfer the data?

Uberflip transfers the data to the MAP through the MAP’s APIs. This is set up by the Client. Data is encrypted in transit using TLS. Uberflip Analytics data is kept under Uberflip’s control, and is sent to our sub-processors via TLS.

Can Data Subjects withdraw their consent?

Yes. Uberflip will act in two ways when a data subject asks to withdraw his or her consent:

  • Processor – Through the front end of the application, a data subject will have a privacy page that will outline details on the Uberflip customer policies and procedures. From that page, a data subject will have the ability to disable consent for any and all of the privacy groups and contact the customer directly to ask to have their data removed or inspected.
  • Controller – Uberflip as a business collects PII data from our prospects and clients, and will have the same page outlined above in our application. However, internally, we will also have policies and procedures including a dedicated Data Protection Officer (DPO) and team to make sure that once a data subject asks for any information related to that data subject, we are able to comply through email correspondence with that data subject and grant their request.

Does Uberflip inform the Data Subject on the identity of the Data Controller?

Yes. The data subject will know who the Controller is on the application front end, and be able to coordinate the requests through that Controller.

Can Data Subjects cease the use of cookies?

As part of our ongoing GDPR initiative, this will be an option provided to visitors and customers. It is the MAP’s cookie that will be removed. The opt-out will be available on the Uberflip platform.

How do you store personal data?

We may temporarily queue form (call-to-action) data submitted by visitors, but only for as long as it takes to submit this data to the Customer’s MAP. We may also temporarily cache this data during the visitor session for progressive profiling.

If the customer has enabled analytics enrichment, this MAP data may be re-imported and stored in order to provide additional insights. If this feature is not explicitly enabled, no MAP data will be stored for the long term.

Data collected as part of Analytics is stored for the length of the service contract. It is always stored encrypted, used to provide insights to customers, and used internally to enhance the performance of Uberflip. Internally, data is used on an aggregated and anonymized basis and will never be sold.

Additional Resources


All of the information above is not to be understood as legal advice. Every company and marketing technology stack is different. A lawyer can help you better understand your risks and build a strategy unique to your business. Learn about GDPR directly from European regulators, here.