How to Exercise GDPR Rights
Nick Hemenway avatar
Written by Nick Hemenway
Updated over a week ago

The EU General Data Protection Regulation (GDPR) goes into effect on May 25, 2018. This regulation standardizes privacy laws across Europe.

Under the GDPR people residing in the EU at the time of data processing can exercise their data subject rights.

GDPR Overview


  • Data subjects are people whose personal data is used

  • Personal data is information that can be used to identify a data subject (a person) such as a name, location, cookies, IP address, or an email address

  • Data controllers determine how personal data is processed

  • Data processors process data on behalf of data controllers


  • Right of access: Find out what personal information is held about you and get a copy of that information.

  • Right to rectification: Ask for your information to be updated or corrected.

  • Right to erasure: In certain circumstances, you may have your personal information deleted.

  • Right to restriction of processing: Ask for your personal information to stop being used in some cases, including if you believe that the personal information about you is incorrect or the use is against the law.

  • Right to data portability: Receive a copy of your personal data from a company or organization to send to another organization.

  • Right to object: You can object to the use of of your personal information and have it deleted (where an organization is using your information on a legitimate interest basis).


TrustedSite Account Holders are data controllers if they've installed the conversion tracking code, otherwise they're data subjects. Site visitors who aren't account holders are also data subjects.

TrustedSite acts as the data processor when a website account holder has installed the conversion tracking code to log purchases made by their customers in order to provide Shopper Identity Protection or send TrustedSite Reviews automated review request emails.

Exercising your GDPR Rights:

Account Holders

Managing your personal data:

TrustedSite account holders can be either individuals or organizations that own a TrustedSite account and have multiple users.

You can update or correct personal data in your account such as your name, email address, password, or phone number, go to your account.

To request that your personal data be deleted, you can contact support.

To unsubscribe from marketing emails, you can uncheck the mailing lists you'd like to opt out of in your account notifications section. We've also included unsubscribe links on our marketing emails.

If you'd like to stop marketing emails as well as account notifications, contact support to disable or delete your account.

Managing your customer's data:

Account holders with websites and conversion tracking code installed: The account holder is the controller of purchase data we collect when the conversion code is installed (used for Shopper Identity Protection and TrustedSite Reviews automated email requests) and TrustedSite is the processor.

When the conversion page code is installed, you send us purchase data that can include your customer's orderid, email address, first name, last name, and country.

If you receive a request from your customer to exercise their rights under the GDPR and delete their personal data, please contact support.

Site Visitor

A site visitor can be anyone that visits a TrustedSite webpage. Site visitors can opt out of being tracked by our analytics tools by clearing their browser cookies. Here's a link to some of the most popular browsers:

GDPR Requests

We respond to GDPR requests within 30 days, however, it could take longer to complete the request. In these cases, we'll let you know by email if we can't comply within 30 days.

Did this answer your question?