Snitcher can be used legally under the General Data Protection Regulation (GDPR) on the basis of "legitimate interest".
We recommend that you state your usage of Snitcher in any places you list your use of other tracking software, such as Google Analytics.
Snitcher's tracker collects data of your website's visitors to our infrastructure hosted on AWS (Amazon Web Services). All collected data is encrypted both on transfer and while at rest.
We collect behavioral data of all your website's visitors. This includes; the pages they viewed, by which source they were referred, and how much time they spent on your site.
We process your visitors' IP addresses which we match against our proprietary database to check the company behind the visit and their geographic location. All visitor data is then aggregated at the company level.
Snitcher also enriches the profiles of the identified companies with contact data for individuals from publicly available data sources. Our data partners for contact data include Full Contact and Hunter.
Our legal justification falls under legitimate interest. We do not share a visitor's IP address and provide our customers only with publicly accessible corporate data, which is exempt from GDPR.
"processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child."
See Art. 6(f) GDPR - Lawfulness of processing for reference.
When it comes to B2B marketing and analytics, legitimate interest is the most suitable basis, and commonly used. The justification of "legitimate interest" is based on the simple ground that the individual whose visit data is processed could have a legitimate interest in what you're offering them.
Furthermore, Snitcher's focus is on providing business identifications rather than data on a personal level. For that reason, Snitcher uses personal data to a minimal extent.
The Snitcher tracker sets a cookie in the visitor's browser for it to be able to distinguish between different visitors on the same network:
Purpose: A unique identifier to distinguish between different visitors
Lifetime: Two years
If you use Snitcher and need to comply with GDPR, we recommend you do the following:
Update your privacy statement to inform visitors about your usage of Snitcher.
Update your cookie notice to notify visitors about cookies set by Snitcher.
GDPR requires you to inform visitors about what happens to their personal data. Hence, you need to add a note in your privacy statement that explains that you are gathering information and for what purpose. You'll also need to update your cookie notice to notify visitors about the cookie set by Snitcher.
Here's an exemplary text snippet you can include:
"We use Snitcher to measure the business usage of our website. This service shows us the company names and addresses based on the IP addresses of our visitors. For Snitcher to distinguish between different visitors on our website, it sets a cookie named 'SNID' with a lifetime of two years."