GDPR compliance


The GDPR (General Data Protection Regulation) is an important piece of legislation designed to strengthen and unify data protection laws for individuals within the European Union. This regulation became effective within the region on 25 May 2018 and has been a strict benchmark for strengthening data laws worldwide.

Our Commitment

Predictable Media's infrastructure was analyzed by Kemp Little to ensure compliance with GDPR standards and regulations. Our team is fully committed to complying with these regulations, and to helping our clients adhere to them as well.

This page provides an overview. For any specific questions, you can contact our Chief Privacy Officer (CPO).


  • Predictable Media's Role
  • Data we store & process
  • How we comply with GDPR
  • Our sub-processors

Predictable Media's Role

Following GDPR regulations, Predictable Media is defined under the role of Data Processor, who acts according to instructions given by the client who takes on the role of Data Controller.

Under this role, Predictable Media has the obligation to give clients a platform complying with GDPR security and privacy standards, giving them the tools to connect, model, and use their data for the purposes and objectives that they determine.

Data we store & process

Predictable Media does not collect data, but processes and consolidates data from the data sources that the client decides to upload or connect to the platform. These can be:

  • E-commerce platforms
  • POS systems (physical point of sale)
  • Customer data systems (ERP, CRM, etc.)
  • Forms
  • Uploading CSV files
  • Accounts on advertising platforms (Facebook Business Manager, Google Ads, Google Analytics)

The client is always the owner of the data uploaded to the platform. Predictable Media does not sell data or use it for its own intents and purposes and eliminates data completely once the service has been completed.

Data loaded onto the platform is sourced from first parties, most common being:

  • Name (First Name, Last Name)
  • Unique number (RUT, SSN, etc)
  • Demographic information (Sex, Age)
  • Contact information (Phone Number, Email, Address)
  • Transactions (Product, Date, Amount, Purchase Channel, Checkout)
  • Products (SKU, Photo, Price)
  • Campaign metrics from marketing platforms

How we comply with GDPR


We have technical and organizational measures to meet the safety requirements of Article 32 of the GDPR.

  1. Infrastructure: Our infrastructure based on Amazon Web Services, has the highest security standards in the market, in addition to world-class service availability.
  2. Data Encryption: All of our clients' data, both in transit and at rest, is encrypted using standards such as AES 256.
  3. Processes: Automated process in data treatment that reduces human access to a minimum.
  4. Emergency protocols: In the event of any data security breach, Predictable Media will immediately notify involved clients and the relevant authorities.


All our client contracts include the signing of an NDA to safeguard confidentiality.

Additionally, all Predictable Media professionals work under contracts with strict confidentiality obligations.


We only hire processing providers who meet the same standards and obligations as we do.


Ensuring compliance with the consumer rights established by the GDPR, Predictable Media may correct, edit, restrict or delete data in the event of receiving a direct request from the customer without the need for instruction from the client.

In case the client is the one who receives this request from his customer and notifies Predictable Media, the platform will assist the client in taking the necessary measures.

Client assistance in adherence to regulations

We keep a record of all data processing activities, which our customers may request at any time for audits or inspections.

We will notify our clients of any request made against the GDPR regulations, avoiding deviations in adherence.

Our sub-processors

In Predictable Media, we're committed to using world-class technologies that allow us to scale and, at the same time, generate a secure ecosystem for data entrusted to us by our clients.

  • We select suppliers who meet the same standards as us in terms of the security and privacy of personal data.
  • For international data traffic, we use the Privacy Shield provided by AWS, which is a mechanism approved by GDPR regulations.
  • We do not add new sub-processors without first informing our clients, who will always have the option to object to the change.