Consumer Privacy Controls

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA. The GDPR aims to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU [1].

Simply put, the law is meant to ensure that citizens are informed of and provide clear consent for the data that is collected about them.

Most of the ground covered by GDPR does not apply to Candid because Candid does NOT collect any highly personal information such as names, IP addresses, health records, financial or social security data. Most of the data Candid collects is classified as public, or covered by the End User License Agreements (EULAs) that are already implemented by the platforms that we collect data from. What's more, we do not sell data to anyone, which is another important component of GDPR. Our business model since inception has always revolved around both functional and pricing transparency.

It is nonetheless important to understand the different categories of data that Candid collects and how that impacts GDPR compliance:

Type #1: Information about how Candid customers use the platform


  • Google Analytics - Usage Analytics
  • Olark - Customer Service Chat (GDPR Compliance)
  • LeadBoxer - B2B Lead Generation (GDPR Compliance)
  • LeadForensics - B2B Lead Generation (GDPR Compliance + Policy)

    This data is compliant with GDPR covered by Candid's privacy policy

Type #2: Candid Account Data


  • Your name
  • Your email addresses
  • Your selected password (if you have an email/password based login)
  • Your preferred timezone (to calibrate performance reports)
  • A short bio (so other users on your collection can better understand your role)
  • The company you work for

    This data is compliant with GDPR because consent is covered by Candid's privacy policy which Candid users agree to when they sign up for a SaaS license

Type #3: Consumer Analytics (Performance Tracking)


  • View through rates or click through rates for various Candid embeds
  • Conversion follow-through for specific assets

This is a sensitive category as it applies broadly to consumers accessing websites that have Candid installed. We don't track IP which reduces the GDPR impact. We do rely on first-party cookies implemented by websites that use Candid to enable aggregated performance tracking and rely on our customers to inform and obtain consent from visitors. Candid customers can also choose an installation configuration that does not send any performance data to Candid and they may optionally choose to send that performance data to other analytics suits such as Google Analytics.

Type #:4: Content Aggregation From Social Networks


  • Public Twitter, Instagram or Facebook Posts

This collection does fall under personal data regulations in GDPR but is covered by the end-user agreements of the underlying social networks that have the relationship with the consumer who posted the content. Our role is to in turn maintain compliance with the integration policies of the social networks to ensure that are usage of their APIs is consistent with their platform policies.

For any additional questions or clarifications on GDPR, please contact us at