GDPR

Background

On the 25th May 2018, the European Union’s (EU) new data protection framework, the General Data Protection Regulation (GDPR), came into effect.

This is a significant piece of data protection legislation that impacts any organization that processes personal data in connection with good/services offered to an EU resident, or monitors the behaviour of persons within the EU.

deltaDNA are fully compliant. We have reviewed our processes in line with the regulation requirements. We identified and implemented a number of minor changes.

Summary of changes

Please take the time to read this through as you might need to take some action to maintain your full functionality of your account on the platform.

If you have any queries about GDPR or the steps you need to take, our support team is standing by ready to help, please contact [email protected]

What does this mean?

1. S3 Archive 
Event ordering within files is changing. Archive files continue to be saved in the same compressed .csv format but are no longer guaranteed to maintain eventID ordering. This has now taken effect.

2. S3 Archive
Start using your bucket rather than deltaDNA’s. Storage Location: From March 31, 2018 deltaDNA is no longer storing your event archives in an S3 bucket on the deltaDNA Amazon account, but will send them directly to your own Amazon S3 bucket, which you’ll be responsible for maintaining. See [Amazon S3 pricing](https://aws.amazon.com/s3/pricing)

Encryption: Please make sure you have encryption enabled on your S3 bucket
Warning: If you don’t update the storage location, your archive files will be deleted, and no new data will be archived. Any customer archive data in legacy folders has been scheduled for deletion.

3. Collect and engage
Migrate to HTTPS rather than HTTP moving forward and collect/engage HTTPS encryption:

• All deltaDNA SDKs have been updated to ensure that they only send data over secure HTTPS.
• Legacy deltaDNA HTTP endpoints won’t be disabled; data sent to them will still be accepted. However, you’re advised to update your SDK and REST API usage to secure HTTPS as you update or patch your game. Legacy implementations that cannot be updated can continue to send data to HTTP.
• Any 3rd party providers sending attribution or CRM notification data to the deltaDNA Rest API should migrate to HTTPS.

4. Direct Access
Migrate connection to SSL. With Direct Access SSL encryption, connection to Direct Access from 3rd party tools such as R or Tableau un-encrypted connections will be disabled. You’ll need to update your connection setting to use SSL. If you experience any SSL connection issues, contact [email protected] with the name and version of the tool, driver, and the operating system that you are using.

Additional Info

You might also find the following information useful:

• The anonymous userID generated and used by deltaDNA SDKs is not a personal ID. You don’t need consent for running deltaDNA analytics if you use the defaultID.
• deltaDNA makes every effort to ensure that all the data held by deltaDNA is secure and performs regular penetration tests.
• Our servers are located within the EU.
• You must ensure that you are compliant as either a data processor or controller.
• deltaDNA SDKs contain a ForgetMe() API that should be used if a user no longer wants to be tracked and wants to be forgotten. This will stop the SDK from sending/receiving any further information to/from the platform, as well as initiating a data deletion request on behalf of the user. The SDK will continue to work as it normally would, without any additional work required. If the game supports changing of users then calling StartSdk(userID) with a new user ID or ClearPersistentData() restores the previous SDK functionality.
• Data deletion requests will be accepted at [email protected] and you’ll receive a response within 30 days. However, the game client or server is responsible for ensuring that new data from the player does not continue to be sent.

Sub-Processors

Under EU Privacy Law (GDPR), Unity is required to disclose its sub-processors for certain services (including deltaDNA service). A sub-processor is a third party contractually engaged by Unity, who may have access to personal information of our customers to perform services on our behalf.