Skyhook & GDPR

Since 2003, Skyhook has helped to unleash the power of location-based services by delivering accurate location, enhanced user experiences, more personalized content, and greater real-world insights to our customers. In developing and building our products and services, we have always been mindful of the need to provide transparency and choice to end users about how their location information is used and shared. Indeed, respect for privacy is an animating principle of Skyhook’s existence – for unless trust is maintained in the provision, use and utility of the location-based services, customers and users will not use or consent to these services and they will cease to provide value.

It is because we understand and acknowledge the criticality of transparency and respect for privacy that lies at the heart of our industry that we welcome the European Union’s General Data Protection Regulation (“GDPR”).  Some commonly asked questions about GDPR, and how Skyhook plans to address those questions are set forth below.  As always, should you have any questions about Skyhook and our approach to privacy, you may contact us at privacy@skyhook.com.

What is considered personal data?

Any information relating to an identified or identifiable natural person in the EU is considered personal data under GDPR. An identifiable person is one who can be identified directly or indirectly, particularly by reference to an identifier such as name, email address, identification number, or location, as well as online identifiers such as an advertising identifier or an IP address.

 

Is Skyhook a data controller or a data processor?

The GDPR applies to both data controllers and data processors. A data controller is the party that collects personal data from the data subject for a stated purpose and with the data subject’s consent. A data processor provides services to the controller according to the controller’s instructions.

Skyhook acts as both as a data processor (e.g., when we process location signals from customer devices to determine a location) and a data controller (e.g., when we collect access point information to update our database, or when we collect device location information for our own purposes), depending on the particular circumstances.  In all cases, we process and control personal data in accordance with instructions and valid legal bases.

 

How is Skyhook complying with GDPR?

We have undertaken a number of actions in connection with our efforts to confirm compliance with the requirements of GDPR, including:

  • Identifying and analyzing the information Skyhook collects to determine whether it constitutes personal data, and ensuring that Skyhook has an adequate legal basis for processing such information.
  • Updating our privacy policies for both our Websites and our Services to clarify the type of data we collect, how we use that information, the legal bases for processing any personal data, and describing any available rights of customers or end users.
  • Ensuring that our opt-out and data deletion practices comply with GDPR requirements for processing personal data.
  • Working with our data partners to ensure that any data which is provided to us is provided in compliance with GDPR and other rules, including by ensuring opt-outs are being passed downstream and strengthening our contractual requirements where necessary. 
  • Entering into Data Processing Amendments where needed. 
  • Reviewing our security practices to ensure that the personal data we process is adequately protected.
  • Maintaining certification with the Privacy Shield program, which serves to ensure that there are adequate safeguards (and remedies) for the transfer of personal data from the EU to the US.

We will continue to update our policies and procedures over time to remain in compliance with GDPR.

 

Where can I find Skyhook's policies or contract addendums?

Skyhook’s Services Privacy Policy can be found here.

Skyhook’s Website Privacy Policy can be found here.

Skyhook’s Privacy Shield Notice can be found here.

Skyhook’s Data Processing Addendum can be found by clicking here, by sending an e-mail to privacy@skyhook.com or by contacting your Account Manager.

You can also find a copy of Skyhook’s Standard Contractual Clauses for the transfer of EU data to countries other than the United States by clicking here, by sending an e-mail to privacy@skyhook.com or by contacting your Account Manager.

 

Where can I find more information?

If you are looking for additional information specific to our privacy policies or GDPR, please e-mail privacy@skyhook.com or contact your Account Manager.