What is the GDPR?

The GDPR (General Data Protection Regulation) is an EU Regulation which replaces the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It came into force on 25th May 2018 and builds on many of the 1995 Directive’s requirements for data privacy and security, but includes several new provisions to bolster the rights of data subjects and add harsher penalties for violations. The full text of the GDPR can be found here.

Who does the GDPR apply to?

While the current EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU, the territorial scope of the GDPR is far wider in that it also applies to non-EU businesses who a) market their products to people in the EU or who b) monitor the behavior of people in the EU. In other words, even if you’re based outside of the EU but you control or process the data of EU citizens, the GDPR will apply to you. Since every business is different and the GDPR takes a risk-based approach to data protection, companies should work to assess their own data collection and storage practices, seek their own legal advice to ensure that their business practices comply with the GDPR. 

How does TraceParts comply with the GDPR?

Is TraceParts GDPR compliant?

> Yes, TraceParts is GDPR compliant and having been collecting contact details from millions of Designers & Engineers downloading CAD models from our website since 2001, protection of their data privacy has always been our top priority. 

GDPR Requirements

How does TraceParts collect user consent?

> Visitors of website must register in order to be able to use the website and download free CAD models in a huge variety of different formats. TraceParts registration process is referring to detailed General Terms and Conditions of Use which clearly states which data are collected but also how and why. Users’ Privacy Policy also clearly defines their right to access, modify and delete their personal data stored by TraceParts.

Is TraceParts user database opt-in?

> Yes, the TraceParts registered users must voluntarily opt-in to join our list of subscribers

What about TraceParts unsubscribe policy?

> TraceParts has a strict unsubscribe policy: on each email campaign sent by TraceParts, recipients have a clearly visible unsubscribe link and they can decide to unsubscribe for this campaign advertiser only or for all advertisers, in one single click.

Does TraceParts share user data with the advertisers it sends email campaigns on their behalf?

> No, when sending email campaigns on behalf of any third party, TraceParts never shares any of its user data with this third party. If recipients are interested to learn more about third party products or services, they have to voluntarily enter their contact details on the third-party landing page.

How are the personal data used on TraceParts portal protected? How are data leaks detected?

> User data access is restricted both physically and electronically and user passwords are crypted. All accesses to these user data are logged and archived with full details and these logs are periodically reviewed by our Security team, looking for any abnormal usage. Security notification procedures are in place to ensure we meet our enhanced reporting obligations in a timely manner in case of a data breach.

How and where are TraceParts user data stored?

> User data are exclusively saved on TraceParts proprietary servers, hosted in a professional third-party datacenter located in France. Hosting, processing and storage of these data are directly and exclusively managed by TraceParts.

Does TraceParts have a Data Privacy Officer (DPO)?

>Yes, TraceParts has named a Data Privacy Officer to oversee GDPR compliance, coordinate the efforts of our R&D and Sales & Marketing teams and act as a data-privacy expert. 

The interview of TraceParts’ DPO can be found here.