Meta Company GDPR FAQ

Last Updated: May 25, 2018

  1. What is the GDPR? The General Data Protection Regulation (GDPR) is a new law passed by the European Union in 2016, and is designed to ensure the security of personal data and granting individuals various rights over their data. Compliance with GDPR goes into effect May 25, 2018.

  2. Key terms under the GDPR
  • Controller: The data controller is the entity which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processor: The data processor is the entity which processes data on behalf of the controller.
  • Personal Data: Under the GDPR, personal data is any information relating to an identified or identifiable individual. This can include information that is used independently or in combination with other information to identify a person. Certain categories of data are given heightened protection due to their sensitive nature.
  1. Who is affected by GDPR? The GDPR protects personal data of all European Union data subjects, whether or not the companies controlling or processing the data reside in the European Union. Furthermore, the GDPR applies to organizations residing in the European Union as well as organizations outside the European Union if they offer goods and services to European Union data subjects.

  2. What are the rights of individuals under the GDPR? Individuals in the European Union are afforded certain rights under the GDPR. These rights include:
  • The Right to be Informed. Under the GDPR, data subjects in the European Union have the right to be provided, in a concise and clear way, information about a controller’s processing activities, their personal data and how it might be used. This right is afforded so that individuals may make more informed decisions about the scope and consequences of the data they provide.
  • The Right to Access. Data subjects must be afforded the right to access their personal data so as to better understand why it is being processes and to confirm it is being processed.
  • The Right to Revision. Data subjects may request to have their information updated if it is inaccurate or incomplete.
  • The Right to Erasure. Data subjects have the right to be forgotten under the GDPR. It is not absolute, but does allow individuals to request that their information be deleted if there is no longer a compelling reason to process such information.
  • The Right to Restrict Processing. In certain circumstances, data subjects may restrict the processing of their personal data.
  • The Right to Data Portability. Data subjects may ask data controllers to copy and transfer the data subject’s information to another service provider.
  • The Right to Object. Data subjects are permitted to object to processing activities such as processing activities related to direct marketing purposes.
  1. What are the legal bases under the GDPR for processing an EU data subject’s personal data? Article 6(1)(a) to (f) of the GDPR list various bases which allow an individual to process a data subject’s data. These include:
  • Consent – the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • Contract – processing is necessary for performance of the contract;
  • Legal Obligation – processing is required to comply with a legal obligation to which a controller is subject;
  • Vital Interests – processing data is necessary to a protect a vital interest of the data subject (such as to protect someone’s life);
  • Public Task – processing data is necessary to perform a task carried out in the public interest or in the exercise of official authority;
  • Legitimate Interests – processing data is necessary for the legitimate interest pursued by an entity, except when such interest are overridden by the interest or fundamental rights afforded to a data subject; and
  • Special Category Data – To lawfully process special category data (such as race, politics, religion, biometrics for identification purposes), separate conditions are required as stated in Article 9 of the GDPR.
  1. Meta and the GDPR
  • What Data does Meta Collect? Meta collects various forms of data its users and those visiting the website. This includes information provided directly by a purchaser (such as one’s first and last name, shipping address, payment information), account subscriber (such as account information, name, age, address, birth date, occupation), or to customer support; information on the use of a Meta Product (such as Product UD, computer IP addresses, settings related to a user’s device such as interpupillary distance, location data, information on the use of your product); information gathered through the use of our website (such as browser type, computer or mobile IP address, pages viewed, time spent on each page, error logs, clicks registered, and location from where the site was accessed); information for marketing services (such as data related to your online transactions, purchase history, and website usage); aggregate data. For more information on the data collected by Meta, please see our updated Privacy Policy.
  • What Does Meta do with that Data? Meta uses the data it collects to provide, maintain, improve and develop its products and services. Meta also uses the data it collects to market, advertise and promote products it believes you may be interested in. Lastly, Meta uses the data it compiles when necessary to comply with its legal obligations or exercise its legal rights. For more information on how personal data is used by Meta, please see our updated Privacy Policy, available here:
  1. How can I get in touch with Meta’s Data Protection Officer? To learn more about Meta’s compliance with the GDPR please email to get in touch with Meta’s Data Protection Officer.

  2. What are some external resources to learn more about the GDPR?
More information

by selecting this option, I affirmatively consent to Meta's use of cookies.