For data you record using FullStory on your site, FullStory will be the Data Processor. Before allowing FullStory to process any personal data, you must ensure you have proper legal basis as the Data Controller.
According to the GDPR, personal data is any information relating to an identified or identifiable individual, which could mean any information that could be used either on it’s own or in conjunction with other data, to identify an individual.
Sensitive personal data, such as social security numbers, passwords, health information, or information that suggests a person’s racial or ethnic origin will require even greater protection under the GDPR. This kind of sensitive personal data should never be captured by FullStory (it’s against our Acceptable Use Policy) and we have provided some easy-to-use tools that allow you to exclude sensitive data from ever being recorded by FullStory.
There are two types of personal data you can send to FullStory.
FullStory hosts data as part of the service it provides to its customers, but doesn’t make any claim to said data, similar to the way a bank provides safe deposit boxes. Websites using FullStory have sole ownership of and access to recorded data.
Use the data download option for a user when / if you are asked to provide personal that FullStory may have processed for your users.
The FullStory team awaits your every question.Contact Us