Eagle Point Partners and Device Fingerprinting Technology Policy - Eagle Point Partners

Eagle Point Partners and Device Fingerprinting Technology Policy

What is device fingerprinting?

Device fingerprinting is a method of tracking users that does not employ the use of cookies.

Why is device fingerprinting used?

We use device fingerprinting to help us extend our historical dataset and develop better attribution models. The primary reason for its usefulness is that it allows for tracking even in cases of arbitrary cookie deletion (for example, by users who wish to free up space and improve browser performance). Fingerprint IDs can thus help to bridge the gaps created by cookie deletion and allow us to create a more robust model of attribution. Note: device fingerprinting technology has no similarity to 3rd party cookies. It does not collect any data about a user’s browsing habits beyond the website it is implemented on and this information is of no interest to us.

How does it work?

Device fingerprinting uses open-source Javascript code to collect over a dozen user attributes such as device screen resolution, timezone and browser version to assign a unique ID to a visitor. By combining Fingerprint IDs with Client IDs from Google Analytics, for example, we are able to extend our historical dataset and thus, improve our attribution model. You can find more information about fingerprinting here: https://amiunique.org/faq

Does Device Fingerprinting involve the processing of personal data?

The information collected from device fingerprinting (browser and operating system type and version, screen resolution, lists of fonts, plugins, etc) is combined to generate a unique ID, which represents a single device. This fingerprint ID is not directly personally identifiable. However, it is possible to combine this ID with personally identifiable information from other sources (such as a CRM). Thus, even though the link is indirect, device fingerprinting constitutes personally identifiable information (PII).

Device fingerprinting & GDPR

GDPR compliance is self-certifying and it is up to each company to ensure their own compliance. Based on our own assessment, and from the legal advice we have received, we are confident that our use of device fingerprinting for www.eaglepoint.partners is GDPR compliant, under the basis of legitimate interest. Legitimate interest is one of the 6 legal bases available for the processing of personal information under GDPR (the other 5 being: consent, performance of a contract, legal obligation, vital interests and public interest).

As part of our self-assessment for using device fingerprinting under legitimate interest, we have balanced our business need to better-understand the impact of our marketing channels, along with the rights of the user. Given that this technology is not used to target, track or interrupt the user in any way, and is a technology to assist our understanding of how users arrive on our website, we deem this to be a fair use of the principle of legitimate interest and we use device fingerprinting on our own website.

Eagle Point Partners