What is GDPR?

GDPR was approved by EU Parliament in April 2016. It mandates higher standards for how marketers can use personal data. The new law requires companies to set up more rigorous systems for data usage.

Why Does It Matter?

GDPR strengthens the rights that individuals have over their information. It gives European citizens higher transparency, control, and safety.

How Should You Prepare?

Organizations need to create a data policy that makes it easy for ‘Data Subjects’ to retain control over the information that they choose to share. Talk to legal counsel, martech providers, and integration partners to ensure compliance.

Our Team's Approach to GDPR

Refining Internal Processes Icon Refining Internal Processes

We’ve refined our own internal processes for protecting data privacy and auditing information flows.

Clarifying Data Usage Icon Clarifying Data Usage

We’ve made it easier for our customers to understand how we collect and store data.

Making Compliance Straightforward Icon Making Compliance Straightforward

We’ve built and refined tools within the Uberflip platform that make it easy for marketers to stay GDPR compliant.

How Our Platform Is Changing to Become GDPR Compliant Image

We’ve appointed a Data Protection Officer for organizational oversight. We’re making GDPR an all-hands effort across product, marketing, success, and sales. We’re committed to sharing our own best practices for reviewing partners, communicating with EU citizens and sharing our flow steps for removing or coordinating the removal of data from our systems.

Collin Coller Image
Colin Coller CTO
Colin Coller Image
The GDPR Backstory Image
GDPR for Marketers at a Glance Image

Frequently Asked Questions

We see the GDPR as an opportunity for companies to build more transparent customer relationships. The GDPR introduces new complexities to marketing, but Uberflip enjoys figuring them out.

What type of data are you collecting?

Uberflip is considered a Data Processor in the eyes of GDPR. We allow marketing teams to add any and all fields from their Marketing Automation Platform (MAP) including fields that would collect PHI or PCI information. However, no matter the amount or type of field the Uberflip Client uses in our platform, Uberflip does NOT collect that data for internal usage. Any PII/PHI/PCI is passed through the API of the MAP and is not stored in any way by Uberflip.

How do you transfer the data?

Uberflip transfers the data to the MAP through the MAP’s APIs. This is set up by the Client. Data is encrypted in transit using TLS.

Can Data Subjects withdraw their consent?

Yes. Uberflip will act in two ways when a Data Subject asks to withdraw his or her consent:

  • Processor – Through the front end of the application, a Data Subject will have a privacy page that will outline details on the Uberflip Client policies and procedures. From that page, a Data Subject will have the ability to disable consent for any and all of the privacy groups and contact the Client directly to ask to have their data removed or inspected.
  • Controller – Uberflip as a business collects PII data from our prospects and clients, and will have the same page outlined above in our application. However, internally we will also have policies and procedures including a dedicated Data Protection Officer (DPO) and team to make sure once a Data Subject asks for any information related to that Data Subject, we are able to comply through email correspondence with that Data Subject and grant their request.

Does Uberflip inform the Data Subject on the identity of the Data Controller?

Yes. The Data Subject will know who the Controller is on the application front end, and be able to coordinate the requests through that Controller.

Can Data Subjects cease the use of cookies?

As part of our ongoing GDPR initiative, this will be an option provided to visitors and customers. However, it is the MAP’s cookie that will be removed. The opt-out will be available on the Uberflip platform to remove the cookie.

How do you store personal data?

We do NOT store personally identifiable information about visitors. We may temporarily queue form (call-to-action) data submitted by visitors, but only for as long as it takes to submit this data to your MAP. We may also temporarily cache this data during the visitor session for progressive profiling. However, we do NOT store this data long-term or maintain a visitor database.


All of the information above is not to be understood as legal advice. Every company and marketing technology stack is different. A lawyer can help you better understand your risks and build a strategy unique to your business. Learn about GDPR directly from European regulators, here.