Skip to main content
Skip table of contents

Proxy solution (CNIL exemption)

The Commission nationale de l’informatique et des libertés (CNIL) layed down a set of measures that a proxy server must implement to be a valid supplementary measure for international data transfers. Here is a list of the CNIL criteria compared to the technical functionality of the JENTIS SaaS. JENTIS is able to provide optional configuration settings, which match the recommended proxy solution by CNIL. Pseudonymisation capability offered by JENTIS, given that the criteria set by EDPB are observed, can be used as a supplementary measure to prevent singling-out or re-identification of individual users and ensure that your tracking data can no longer be attributed to a specific or identifiable natural person without additional information.

Please mind that a final assessment whether the specific JENTIS Configuration meets the legal criteria is to be made by a professional lawyer.

  1. No transfer of the IP address to the servers of the measurement tool

JENTIS provides for a technical possibility that the IP address of the website visitor can be anonymised, pseudonymised or completely removed before being passed on to third parties. You can nonetheless attribute the country and city of the user before removing its IP address and store it in a geo-database on the web server.  In this way, the original IP address of the user is never shared with the third party.

  1. Replacement of the user ID by the proxy server

JENTIS can be configured in a way that all identifiers from Google and other third parties, such as client/user IDs, which enable a unique attribution of the user device, are not processed within the JENTIS Twin server. Instead, they will be replaced with randomly generated numbers, which are sent to the respective third party as a fictitious ID. Other data parameters enabling unique identification of users, e.g. order IDs, are also generated as a random product. 

Notably, synthetic data can be used as a "supplementary measure" for data transfers outside the European Union according to the European Data Protection Supervisor (EDPS). In such a setup, the JENTIS server using its own user ID (and not the user's client) will make a request to the third party, e.g. Google, for delivery of the Analytics script.

  1. Deletion of referring website information (or referrer) external to the site

The referrer is the URL of the previous page, in the case of Google, for example, a search page, and may contain personal data. Via JENTIS, you can modify the referrers in a way that only allows conclusions to be drawn about the marketing channel, but not the user identity. 

  1. Deletion of any parameter contained in the URLs collected (e.g the UTMs or the URL parameters allowing the internal routing of the site)

If a user clicks on an Adwords ad, the Google ClickID (gclid) is passed to the advertising web shop in the URL as a parameter. This and similar IDs can be consistently filtered or pseudonymized via JENTIS.

  1. Reprocessing of "device fingerprint" information , such as “ user-agents ”, to remove the rarest configurations that can lead to re-identification

With JENTIS you can screen out all metadata that could allow third parties to fingerprint the user device, i.e. to draw conclusions about the user. Since the timestamp could also be used for such fingerprinting, JENTIS created a new method called "Smart-Time-Framing". With JENTIS you can collect hits from a certain number of users until they are forwarded to the third party, e.g. Google, in such a timely manner so that the timestamp can no longer be used to identify the user. As a result, singling-out or re-identification of individual users is no longer possible for tracking providers in a third country.

  1. No collection of identifiers between sites (cross-site) or deterministic (CRM, unique ID )

JENTIS can be configured in a way that does not collect cross-site or deterministic identifiers.  

  1. Deletion of any other data that may lead to re-identification

JENTIS can be configured in a way that deletes any other data parameters that may be attributed to a specific or identifiable natural person.

  1. Adequate proxy hosting conditions

The JENTIS systems are hosted on IONOS cloud. IONOS is a German company with servers located in the EU.  It is ISO 27001 - certified. Data processing outside the EU/EEA is contractually excluded between JENTIS and its cloud providers by default because no data transfer outside the EU/EEA is required for the provision of services. The cloud providers grant us control over the location of our server instances and guarantee that any non-EU/EEA subcontractors become subprocessors only if we select server instances outside the EU/EEA. We select exclusively EU/EEA as a processing location, thereby ensuring that only EU/EEA data centers are used for our data processing activities. Thus, in line with GDPR and the CNIL requirements, all data processing activities are performed exclusively within the EU/EEA. 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close