What is GDPR?

GDPR was approved by EU Parliament in April 2016. It mandates higher standards for how marketers can use personal data. The new law requires companies to set up more rigorous systems for data usage.

Why Does It Matter?

GDPR strengthens the rights that individuals have over their information. It gives European citizens higher transparency, control, and safety.

How Should You Prepare?

Organizations need to create a data policy that makes it easy for ‘Data Subjects’ to retain control over the information that they choose to share. Talk to legal counsel, martech providers, and integration partners to ensure compliance.

Our Team's Approach to GDPR

Refining Internal Processes Icon Refining Internal Processes

We’ve refined our own internal processes for protecting data privacy and auditing information flows.

Clarifying Data Usage Icon Clarifying Data Usage

We’ve made it easier for our customers to understand how we collect and store data.

Making Compliance Straightforward Icon Making Compliance Straightforward

We’ve built and refined tools within the Uberflip platform that make it easy for marketers to stay GDPR compliant.

How Our Platform Is Changing to Become GDPR Compliant Image

We’ve appointed a Data Protection Officer for organizational oversight. We’re making GDPR an all-hands effort across product, marketing, success, and sales. We’re committed to sharing our own best practices for reviewing partners, communicating with EU citizens and sharing our flow steps for removing or coordinating the removal of data from our systems.

Yoav Schwartz Headshot
Yoav Schwartz CEO / Co-Founder
The GDPR Backstory Image
GDPR for Marketers at a Glance Image

Frequently Asked Questions

We see the GDPR as an opportunity for companies to build more transparent customer relationships. The GDPR introduces new complexities to marketing, but Uberflip enjoys figuring them out.

What type of data are you collecting?

Uberflip is considered a Data Processor in the eyes of GDPR. Our customers are able to use our platform to add any and all fields from their Marketing Automation Platform (MAP), including fields that would collect personal data. For our customers, this typically includes personal data like names, emails, phone numbers and company name. Depending on which features the customer enables in their Hub, we may also collect additional personal data of visitors including analytics, third party tracking, and visitor profiles.

How do you transfer the data?

Uberflip transfers the data to the MAP through the MAP’s APIs. This is set up by the Client. Data is encrypted in transit using TLS. Uberflip Analytics data is kept under Uberflip’s control, and is sent to our sub-processors via TLS.

Can Data Subjects withdraw their consent?

Yes. Uberflip will act in two ways when a data subject asks to withdraw his or her consent:

  • Processor – Through the front end of the application, a data subject will have a privacy page that will outline details on the Uberflip customer policies and procedures. From that page, a data subject will have the ability to disable consent for any and all of the privacy groups and contact the customer directly to ask to have their data removed or inspected.
  • Controller – Uberflip as a business collects PII data from our prospects and clients, and will have the same page outlined above in our application. However, internally, we will also have policies and procedures including a dedicated Data Protection Officer (DPO) and team to make sure that once a data subject asks for any information related to that data subject, we are able to comply through email correspondence with that data subject and grant their request.

Does Uberflip inform the Data Subject on the identity of the Data Controller?

Yes. The data subject will know who the Controller is on the application front end, and be able to coordinate the requests through that Controller.

Can Data Subjects cease the use of cookies?

As part of our ongoing GDPR initiative, this will be an option provided to visitors and customers. It is the MAP’s cookie that will be removed. The opt-out will be available on the Uberflip platform.

How do you store personal data?

We may temporarily queue form (call-to-action) data submitted by visitors, but only for as long as it takes to submit this data to the Customer’s MAP. We may also temporarily cache this data during the visitor session for progressive profiling.

If the customer has enabled analytics enrichment, this MAP data may be re-imported and stored in order to provide additional insights. If this feature is not explicitly enabled, no MAP data will be stored for the long term.

Data collected as part of Analytics is stored for the length of the service contract. It is always stored encrypted, used to provide insights to customers, and used internally to enhance the performance of Uberflip. Internally, data is used on an aggregated and anonymized basis and will never be sold.


All of the information above is not to be understood as legal advice. Every company and marketing technology stack is different. A lawyer can help you better understand your risks and build a strategy unique to your business. Learn about GDPR directly from European regulators, here.