GDPR Compliance

What is GDPR?

The General Data Protection Regulation (EU) 2016/679 (GDPR), is a legal framework that aims to protect the data privacy of individuals who live in the European Union (EU) and European Economic Area (EEA). Tutela fully supports this law and other laws that protect digital privacy.

Is Tutela GDPR Compliant?

Yes! As a company whose livelihood depends on data and its proper treatment, Tutela takes data privacy and security very seriously. We take proactive steps to go above and beyond basic privacy and data protection requirements.

The following information will focus on how Tutela is GDPR compliant when it comes to the personal data that our software (SDK) collects while running in the background of popular mobile apps and games. While we’re not in a position to offer legal advice, we invest heavily in compliance and work with PwC and others to review our privacy practices on a regular basis.

What counts as “personal data” under GDPR?

Under GDPR, “personal data” is defined as any information that is related to an identified or identifiable natural person. GDPR uses a very broad definition of personal data that includes direct identifiers like name, identification numbers, and email address, but also extends to things like IP Addresses, Geolocation data, and even personal data which have undergone pseudonymisation.

However, the GDPR regulations do not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable.

Are businesses allowed to collect personal data?

Yes. The purpose of the GDPR is to make it easier for data subjects to understand how their data is being used, and give them more control over the personal data that businesses collect about them. So as long as a business abides by the GDPR regulations and respects the privacy rights of data subjects, collecting personal data is completely fine.

What personal data does Tutela process under GDPR?

We go into detail on this in our Privacy Charter, but some key pieces for GDPR are as follows:

1. We process location data in a pseudonymous or anonymous form in order to aggregate and plot network performance on a map to convey network coverage in a given area. This helps telecoms companies build better networks in the areas that need it most.
   
   

2. We do not collect any personal data that is directly attributable to individuals, and we take appropriate technical and organizational measures to ensure our datasets cannot be used by Tutela, our partners, or our customers, to identify individuals.

What does Tutela do to ensure GDPR compliance?

1. We have a lawful basis for the processing that we perform. Tutela is unable to collect data without having end users consent by accepting the application-level permissions and any other consent configured by our app partners. Our experience shows that users are happy to provide network experience data if it helps to reduce advertisements, support their favourite apps, improve mobile signals, and does not affect their in-app experience or device performance. Our partnerships team helps apps ensure that all appropriate consents are obtained through collaborative discussion and our Privacy & Compliance Checklist.

2. We are proactive about data minimization. Collecting less data is one of the easiest ways to reduce the risk to consumers. We only collect the data that is necessary for us to help telecoms companies around the world understand and improve network speeds and network coverage.

a. We do not collect any direct identifiers (including no user IDs, names, addresses, or emails)
b. We do not collect any persistent device-based IDs (including no mobile advertising identifiers)

3. We make it easy for data subjects to exercise their GDPR rights. More info on how we respond to data subject access, erasure, and opt-out requests can be found below.

4. We run privacy impact assessments, and regularly consult with legal advisors who are experts in Privacy and Data Security.

How does Tutela respond to GDPR privacy requests?

Subject to various conditions and exceptions, GDPR provides data subjects with certain legal rights in respect of their personal data. Our app partners are welcome to direct GDPR-related user questions or requests regarding Tutela to our Privacy Charter or our Data Protection Officer at data.protection.officer@tutela.com. Here is how Tutela responds to data privacy requests:

Information and/or Deletion Requests:

The measures we take to prevent user identification make discerning personal data either impossible or no longer possible without disproportionate effort. As a result, we are unable to fulfill Right to Access or Right to Erasure requests (we don’t know if we’ve ever collected data from their phone, because our data does not identify any person or device).

Instead we respond by informing data subjects of these measures, and directing them to the information on Tutela’s general collection, use, and sharing of personal data contained in our Privacy Charter.

Opt-out Requests:

We provide procedures to support data subjects' right to opt out at any time, as outlined in the Tutela Privacy Charter and at tutela.com/opt-out.

Our SDK also provides API methods for starting and stopping data collection, which our app partners can choose to associate with in-app functionality, for example CMP preference callbacks or custom functions.

In Summary

We’ve built our business with the intent to be GDPR compliant, we help our app partners ensure GDPR compliance with respect to Tutela through collaborative discussion and our Privacy & Compliance Checklist, and we take the privacy of all mobile application users very seriously. Tutela’s business model is to help organizations in the mobile industry understand and improve the world’s networks, not to exploit personal data. This makes us the perfect partner for apps looking to supplement revenue while respecting user privacy.

Disclaimer: The information on this page is not legal advice, nor is it a replacement or substitute for your own review, and we cannot assume any legal liability. We have received our own legal advice, and this page is our interpretation of the law. If you have any concerns regarding GDPR compliance, please forward this page to your legal team or contact us at partners@tutela.com.

Check out more from Tutela on compliance

• Privacy & Compliance Checklist
• Google Play Compliance
• CCPA Compliance
• App Store Compliance
• Tutela Privacy Charter

Earn GDPR-compliant revenue from your mobile apps

Applications are currently open to join Tutela’s App Partner Program. Revenue made with Tutela is ad-free, respects user privacy, and is fully compatible with your existing app monetization strategies.

Interested? Contact partners@tutela.com or visit tutela.com/app-developers to learn more, supplement revenue, and help improve mobile internet in the regions your app is popular.