GDPR Policy Notice

The General Data Protection Regulation (“GDPR”) is a comprehensive new data protection law passed by the European Union (EU) that became effective on May 25, 2018. This legislation is designed to strengthen the data protection rights for individuals located within the EU. PeopleMetrics has taken the proper measures to be GDPR compliant. At PeopleMetrics, we are fully committed to privacy, security and data protection for all our customers’ data.

The following information outlines certain key principles of GDPR and what we have done to prepare ourselves to meet GDPR requirements. Please note that this document does not provide legal advice and should not be used as such.


GDPR replaces Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data (PII (US)) and on the free movement of such data) is a European Union directive adopted in 1995 which regulates the processing of personal data within the European Union.

The European Union (EU) enacted GDPR to govern the collection, processing, use and storage of personal data of these protected individuals in a manner designed to unify data privacy requirements across the EU. The EU designed the legislation to provide EU citizens with greater protections and rights as individuals and PeopleMetrics fully supports these new, comprehensive safeguards.


  1. “Data subject” is defined under GDPR for personal as “any information concerning an identified or identifiable natural person.” This includes the name, identification number, online identifier, location, and an individual’s economic, cultural, social, physical, physiological, genetic, and mental identity.

  2. “Processer” (PeopleMetrics) includes a legal or natural person, agency, public authority, or other body that processes personal data on the behalf of a Controller.

  3. “Controller” (PeopleMetrics customers utilizing our SaaS Platform to ingest personal data of persons located within the EU) includes any agency, public authority, legal person, or other body responsible for determining the reasons and means for processing personal data.

  1. PeopleMetrics conducts an annual review of data privacy requirements as set forth by our SOC 2/SSAE-18. As part of this, PeopleMetrics reviews all data security requirements including those set forth by GDPR on an annual basis, or at point of hire as needed. 
  2. Partnership between Controllers and Processors is key to the effective adherence to the guidelines set forth in the GDPR. As PeopleMetrics acts as  Processor in almost all cases, employees and governing processes are based around ensuring PeopleMetrics compliance with Processor guidelines as set forth in the GDPR. 


  1. Where is data stored, processed or accessed?

    All PeopleMetrics data is stored, processed and accessed in Amazon Web Services and EvolveIP datacenters.

  2. Will PeopleMetrics (Processor) use personal data for any purpose other than providing your Services?

    No, PeopleMetrics only processes data as directed by the Controller and does not use personal data for any other purpose.


PeopleMetrics welcomes your comments regarding GDPR. Please contact PeopleMetrics at, or write to us via US mail at the following address:

PeopleMetrics, Inc.
Two Logan Square
Suite 820
Philadelphia, PA 19103
Corporate Headquarters – USA


Read our Privacy Policy


written by CEM experts who live and breathe customer experience every day.

Read our Blog