FactFinder Next Generation, GDPR and you: the need to know

graphical user interface

FactFinder Next Generation and GDPR


Frequently asked questions

a rectangular electronic device

GDPR with GPT Synonyms and LLMs

How Next Generation is GDPR compliant

Data processing and storage

We ensure that all data is stored and processed in strict compliance with GDPR. Our data centers are strategically located within Europe to meet rigorous data sovereignty requirements and ensure the utmost protection of your information.

Technical and organizational measures (TOMs)

We've implemented a comprehensive set of robust TOMs, including conducting regular security audits, encrypting data and enforcing strict access control measures. These efforts are designed to prevent any unauthorized access to personal data, ensuring a secure digital environment for our users.

Data minimization and purpose limitation

FactFinder Next Generation adheres to the principles of data minimization and purpose limitation as required by GDPR Art. 5. We collect only the data necessary for the intended purpose, processing it in a manner that respects user privacy and ensures the relevance and efficiency of our services.

User consent and rights

Your control over your data is paramount. We emphasize the importance of user consent for data processing and uphold your rights to access, rectification, deletion and portability. Our policies are crafted to empower you, giving you full authority over how your information is used.

Data protection by design and by default

Integrating data protection into the very fabric of our product development and operations, we minimize data exposure and maximize security. This proactive approach ensures that data protection is not an afterthought but a foundational principle of our service.

Training and awareness

Under GDPR Art. 6, we stive to main informed and vigilant staff, we conduct regular training programs. These sessions ensure our team is not only aware of GDPR requirements but also deeply understands the importance of data protection in every aspect of our operations.


1. Q: Are you GDPR Compliant?

A: Data is stored in compliance with applicable rules and regulations, including GDPR among others. All rules and regulations related to the European Union apply.

2. Q: Data sovereignty: Can you ensure that data is stored in a location that meets legal and regulatory requirements and that the provider can demonstrate data sovereignty?

A: Data is stored in compliance with applicable rules and regulations like the GDPR. All rules and regulations related to the European Union apply.

3. Q: How does Payment Card Industry Data Security Standard (PCI DSS) apply?

A: FactFinder does not store any credit card-related data; therefore, PCI DSS does not apply to FactFinder.

4. Q: To what extent does your product rely on cookies for tracking and functionality?

A: FactFinder does not directly use cookies for tracking or user functionality. Instead, it leverages the individual shop systems of each customer for user identification. This means that while every customer has their own mechanism for managing users, typically through a login system, the reliance on cookies is bypassed, ensuring a consistent approach to user management without the need for direct cookie use.

5. Q: Do you provide a server-side solution for tracking of onsite behavioral data?

A: FactFinder gets the information that it receives from client-side user tracking and builds corresponding behavior information on the server side.

6. Q: What are your policies with respect to data protection privacy and security, and do you meet GDPR standards and guidelines?

A: FactFinder fully adheres to data protection and privacy guidelines in Germany and Europe.

7. Q: Do you process or store any data outside of the EU?

A: No. FactFinder’s data centers are housed within the European Union, specifically Germany and Sweden.

8. Q: What role does your organization have from a personal data processing point of view in relation to our data?

A: Our organization acts as a Processor, handling and processing personal data as per the directives provided by our customers, who are the Data Controllers.

9. Q: Has your organization established a Data Privacy Program?

A: Yes, we have a Data Privacy Program in place, which includes a ticket system for efficiently managing inquiries and GDPR requests, and a dedicated team for GDPR coordination, ensuring comprehensive handling of all data privacy matters.

10. Q: Has your organization assigned a DPO?

A: Yes, aligning with GDPR Art. 37, we have an external DPO supported by an internal data protection coordinator, underscoring our adherence to legal requirements and our dedication to data privacy. They report to the COO, ensuring our compliance and protection strategies are effectively implemented.

GDPR compliance with LLMs

Q: Does GPT Synonyms transmit any personal data?

A: No, the feature does not transmit any personal data.

Q: How do you handle search queries for synonyms?

A: We only transmit the search query along with its specific context to directly request synonyms.

Q: Who controls the context sent with a search query?

A: The customer controls the context they want to send with their search query.

Q: Can customers manage which synonyms are used?

A: Yes, customers can approve every synonym before it becomes part of their search setup.

Q: How do you prepare for changes in AI regulations?

A: We actively work with our data protection team to monitor and comply with governmental decisions on AI, ensuring adherence to future regulations.

Need more information?

If you have questions or concerns about our data protection practices or your data privacy, we're here to help. Reach out to us at any time for further assistance by emailing

Trusted by 2,000+ online shops worldwide

  • quote_logo_douglas_2018.webp
  • shape
  • logo
  • logo
  • logo, icon
  • spar_120x54px.webp
  • obi_logo_2005.webp
  • logo
  • logo
  • toom_baumarkt.svg.webp
  • logo
  • logo
  • elkjop_logo_blue.webp
  • logo
  • logo