How do I remain GDPR compliant when using Usage Intelligence?
The Usage Intelligence platform is used by software vendors to collect software usage data from the end users of their software products. From the perspective of the GDPR, our customer, the software vendor, is the data controller and Flexera is the data processor in terms of data collection and hosting the reporting portal.
By default Usage Intelligence does not collect personally identifiable data. Although the IP address is collected, it is only used to determine the software install location (i.e. country or state) to support geographical reports and is then deleted. The software vendor may extend the default data being collected by Flexera, but they have full control of what is collected and how this data is used.
Right to Data Erasure
The GDPR requires that a data subject has the ‘right to erasure’. This right may be applicable to data collected using the Flexera technology if the software vendor, the data controller, has extended the Usage Intelligence configuration to collect personal data. In this scenario, an end user (or data subject) may contact the software vendor to request a copy of all data or request that the data be deleted. If a request is made and the custom data being stored on the Usage Intelligence platform contains personally identifiable data, then the software vendor can comply by sending a request to Flexera that data be deleted on specific Client IDs.
Procedure to Delete Client Data
While data subjects must contact their software vendors, Flexera customers may delete client data by performing the following:
- Log in to Usage Intelligence Dashboard
- Go to the Admin page and under Data Management click on Delete and Block Clients
- Enter the applicable Client ID(s) and select whether you would like to delete the data and allow the client to be tracked in the future or delete the data and block the client from being tracked
- Click the Delete button to process your request
If you're collecting Custom Events or Exceptions, user data may also be present in the downloadable archives. In this case you will need to download the archives locally, remove the client's data from the CSV files and delete the original archives from the server.
If you would like to learn more about how to protect user privacy when using the Usage Intelligence platform, please read our privacy KBase article.