Purement complies with the General Data Protection Regulation (GDPR) and can be used in accordance with the GDPR.
How does Purement work, what data is collected?
When a person calls up the website that has the Purement tracking tool embedded, the visitor's client calls the Purement script, providing its own IP address as the sender. The Purement server sends the Purement script to the visitor's client and it is executed there. If any assets are loaded by the client, the Purement script returns their URL and size to Purement. In each case, the IP address is given as the sender, but this is not stored by Purement.
Apart from the IP address, no other personal data is collected or processed. The IP address is only used for technical transmission. Purement processes the data collected in addition exclusively anonymized, it is not possible to draw conclusions about persons.
Purement uses a web server of the provider Hetzner. There, too, the data is processed anonymously (see https://docs.hetzner.com/general/general-terms-and-conditions/data-privacy-faq/#Auftragsverarbeitung).
Will the data be used elsewhere?
The result data, i.e. the respective carbon footprint of the companies (without personal data) is processed internally at Purement in order to carry out further analyses and product improvements. There is no disclosure to third parties.
Can Purement be used without consent?
Yes. It is also possible to use Purement without data protection consent:
No cookies are set.
The IP address is not stored permanently.
Data analysis is only anonymized.
There is no user analysis.
It is justifiable to use Purement without data protection consent, as there are significant differences between Purement and other analysis tools:
The short-term collection of the IP address for the first communication without its further storage does constitute data processing. However, in accordance with the legal opinion of the LfDI Baden-Württemberg, this is also carried out without consent on the basis of Art. 6 (1) f) of the General Data Protection Regulation (DSGVO).
Also according to the Telecommunications Telemedia Data Protection Act (TTDSG), no consent is required for the use of Purement, since no information is stored on or read from the end devices of the users.
Since Purement also does not aggregate usage data, legitimate interest also comes into play for Purement as a legal basis under Article 6(1)(f) of the General Data Protection Regulation (GDPR).
Do you have further questions about Purement and the GDPR? Then feel free to contact us at [email protected].