Recherche avancée

Sur d’autres sites (4297)

• avformat/dashdec : Check whitelist

  15 janvier, par Michael Niedermayer

  avformat/dashdec : Check whitelist
  Fixes : CVE-2023-6602, V. DASH Playlist SSRF
  Found-by : Harvey Phillips of Amazon Element55 (element55)
  
  Signed-off-by : Michael Niedermayer <michael@niedermayer.cc>
  

  • [DH] libavformat/dashdec.c

• A Guide to GDPR Sensitive Personal Data

  13 mai 2024, par Erin

  The General Data Protection Regulation (GDPR) is one of the world’s most stringent data protection laws. It provides a legal framework for collection and processing of the personal data of EU individuals.

  The GDPR distinguishes between “special categories of personal data” (also referred to as “sensitive”) and other personal data and imposes stricter requirements on collection and processing of sensitive data. Understanding these differences will help your company comply with the requirements and avoid heavy penalties.

  In this article, we’ll explain what personal data is considered “sensitive” according to the GDPR. We’ll also examine how a web analytics solution like Matomo can help you maintain compliance.

  What is sensitive personal data ?

  The following categories of data are treated as sensitive :

  1. 1. Personal data revealing :
        • Racial or ethnic origin ;
        • Political opinions ;
        • Religious or philosophical beliefs ;
        • Trade union membership ;
     2. Genetic and biometric data ;
     3. Data concerning a person’s :
        • Health ; or
        • Sex life or sexual orientation.

  

  Sensitive vs. non-sensitive personal data : What’s the difference ?

  While both categories include information about an individual, sensitive data is seen as more private, or requiring a greater protection. 

  Sensitive data often carries a higher degree of risk and harm to the data subject, if the data is exposed. For example, a data breach exposing health records could lead to discrimination for the individuals involved. An insurance company could use the information to increase premiums or deny coverage. 

  In contrast, personal data like name or gender is considered less sensitive because it doesn’t carry the same degree of harm as sensitive data. 

  Unauthorised access to someone’s name alone is less likely to harm them or infringe on their fundamental rights and freedoms than an unauthorised access to their health records or biometric data. Note that financial information (e.g. credit card details) does not fall into the special categories of data.

  

  Legality of processing

  Under the GDPR, both sensitive and nonsensitive personal data are protected. However, the rules and conditions for processing sensitive data are more stringent.

  Article 6 deals with processing of non-sensitive data and it states that processing is lawful if one of the six lawful bases for processing applies. 

  In contrast, Art. 9 of the GDPR states that processing of sensitive data is prohibited as a rule, but provides ten exceptions. 

  It is important to note that the lawful bases in Art. 6 are not the same as exceptions in Art. 9. For example, while performance of a contract or legitimate interest of the controller are a lawful basis for processing non-sensitive personal data, they are not included as an exception in Art. 9. What follows is that controllers are not permitted to process sensitive data on the basis of contract or legitimate interest. 

  The exceptions where processing of sensitive personal data is permitted (subject to additional requirements) are : 

  • Explicit consent : The individual has given explicit consent to processing their sensitive personal data for specified purpose(s), except where an EU member state prohibits such consent. See below for more information about explicit consent. 
  • Employment, social security or social protection : Processing sensitive data is necessary to perform tasks under employment, social security or social protection law.
  • Vital interests : Processing sensitive data is necessary to protect the interests of a data subject or if the individual is physically or legally incapable of consenting. 
  • Non-for-profit bodies : Foundations, associations or nonprofits with a political, philosophical, religious or trade union aim may process the sensitive data of their members or those they are in regular contact with, in connection with their purposes (and no disclosure of the data is permitted outside the organisation, without the data subject’s consent).
  • Made public : In some cases, it may be permissible to process the sensitive data of a data subject if the individual has already made it public and accessible. 
  • Legal claims : Processing sensitive data is necessary to establish, exercise or defend legal claims, including legal or in court proceedings.
  • Public interest : Processing is necessary for reasons of substantial public interest, like preventing unlawful acts or protecting the public.
  • Health or social care : Processing special category data is necessary for : preventative or occupational medicine, providing health and social care, medical diagnosis or managing healthcare systems.
  • Public health : It is permissible to process sensitive data for public health reasons, like protecting against cross-border threats to health or ensuring the safety of medicinal products or medical devices. 
  • Archiving, research and statistics : You may process sensitive data if it’s done for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

  In addition, you must adhere to all data handling requirements set by the GDPR.

  Important : Note that for any data sent that you are processing, you always need to identify a lawful basis under Art. 6. In addition, if the data sent contains sensitive data, you must comply with Art. 9.

  Explicit consent

  While consent is a valid lawful basis for processing non-sensitive personal data, controllers are permitted to process sensitive data only with an “explicit consent” of the data subject.

  The GDPR does not define “explicit” consent, but it is accepted that it must meet all Art. 7 conditions for consent, at a higher threshold. To be “explicit” a consent requires a clear statement (oral or written) of the data subject. Consent inferred from the data subject’s actions does not meet the threshold. 

  The controller must retain records of the explicit consent and provide appropriate consent withdrawal method to allow the data subject to exercise their rights.

  Examples of compliant and non-compliant sensitive data processing

  Here are examples of when you can and can’t process sensitive data :

  • When you can process sensitive data : A doctor logs sensitive data about a patient, including their name, symptoms and medicine prescribed. The hospital can process this data to provide appropriate medical care to their patients. An IoT device and software manufacturer processes their customers’ health data based on explicit consent of each customer. 
  • When you can’t process sensitive data : One example is when you don’t have explicit consent from a data subject. Another is when there’s no lawful basis for processing it or you are collecting personal data you simply do not need. For example, you don’t need your customer’s ethnic origin to fulfil an online order.

  Other implications of processing sensitive data

  If you process sensitive data, especially on a large scale, GDPR imposes additional requirements, such as having Data Privacy Impact Assessments, appointing Data Protection Officers and EU Representatives, if you are a controller based outside the EU.

  Penalties for GDPR non-compliance

  Mishandling sensitive data (or processing it when you’re not allowed to) can result in huge penalties. There are two tiers of GDPR fines :

  • €10 million or 2% of a company’s annual revenue for less severe infringements
  • €20 million or 4% of a company’s annual revenue for more severe infringements

  In the first half of 2023 alone, fines imposed in the EU due to GDPR violations exceeded €1.6 billion, up from €73 million in 2019.

  Examples of high-profile violations in the last few years include :

  • Amazon : The Luxembourg National Commission fined the retail giant with a massive $887 million fine in 2021 for not processing personal data per the GDPR. 
  • Google : The National Data Protection Commission (CNIL) fined Google €50 million for not getting proper consent to display personalised ads.
  • H&M : The Hamburg Commissioner for Data Protection and Freedom of Information hit the multinational clothing company with a €35.3 million fine in 2020 for unlawfully gathering and storing employees’ data in its service centre.

  One of the criteria that affects the severity of a fine is “data category” — the type of personal data being processed. Companies need to take extra precautions with sensitive data, or they risk receiving more severe penalties.

  What’s more, GDPR violations can negatively affect your brand’s reputation and cause you to lose business opportunities from consumers concerned about your data practices. 76% of consumers indicated they wouldn’t buy from companies they don’t trust with their personal data.

  Organisations should lay out their data practices in simple terms and make this information easily accessible so customers know how their data is being handled.

  Get started with GDPR-compliant web analytics

  The GDPR offers a framework for securing and protecting personal data. But it also distinguishes between sensitive and non-sensitive data. Understanding these differences and applying the lawful basis for processing this data type will help ensure compliance.

  Looking for a GDPR-compliant web analytics solution ?

  At Matomo, we take data privacy seriously. 

  Our platform ensures 100% data ownership, putting you in complete control of your data. Unlike other web analytics solutions, your data remains solely yours and isn’t sold or auctioned off to advertisers. 

  Additionally, with Matomo, you can be confident in the accuracy of the insights you receive, as we provide reliable, unsampled data.

  Matomo also fully complies with GDPR and other data privacy laws like CCPA, LGPD and more.

  Start your 21-day free trial today ; no credit card required. 

  Disclaimer

  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to GDPR. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns.

  Try Matomo for Free

  21 day free trial. No credit card required.

  
  

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I accept the terms and conditions and data processing agreement (DPA)

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  
  

  Start improving your websites now

  

• 10 Customer Segments Examples and Their Benefits

  9 mai 2024, par Erin

  Now that companies can segment buyers, the days of mass marketing are behind us. Customer segmentation offers various benefits for marketing, content creation, sales, analytics teams and more. Without customer segmentation, your personalised marketing efforts may fall flat. 

  According to the Twilio 2023 state of personalisation report, 69% of business leaders have increased their investment in personalisation. There’s a key reason for this — customer retention and loyalty directly benefit from personalisation. In fact, 62% of businesses have cited improved customer retention due to personalisation efforts. The numbers don’t lie. 

  Keep reading to learn how customer segments can help you fine-tune your personalised marketing campaigns. This article will give you a better understanding of customer segmentation and real-world customer segment examples. You’ll leave with the knowledge to empower your marketing strategies with effective customer segmentation. 

  What are customer segments ?

  Customer segments are distinct groups of people or organisations with similar characteristics, needs and behaviours. Like different species of plants in a garden, each customer segment has specific needs and care requirements. Customer segments are useful for tailoring personalised marketing campaigns for specific groups.

  Personalised marketing has been shown to have significant benefits — with 56% of consumers saying that a personalised experience would make them become repeat buyers. 

  Successful marketing teams typically focus on these types of customer segmentation :

  

  1. Geographic segmentation : groups buyers based on their physical location — country, city, region or climate — and language.
  2. Purchase history segmentation : categorises buyers based on their purchasing habits — how often they make purchases — and allows brands to distinguish between frequent, occasional and one-time buyers. 
  3. Product-based segmentation : groups buyers according to the products they prefer or end up purchasing. 
  4. Customer lifecycle segmentation : segments buyers based on where they are in the customer journey. Examples include new, repeat and lapsed buyers. This segmentation category is also useful for understanding the behaviour of loyal buyers and those at risk of churning. 
  5. Technographic segmentation : focuses on buyers’ technology preferences, including device type, browser type, and operating system. 
  6. Channel preference segmentation : helps us understand why buyers prefer to purchase via specific channels — whether online channels, physical stores or a combination of both. 
  7. Value-based segmentation : categorises buyers based on their average purchase value and sensitivity to pricing, for example. This type of segmentation can provide insights into the behaviours of price-conscious buyers and those willing to pay premium prices. 

  Customer segmentation vs. market segmentation

  Customer segmentation and market segmentation are related concepts, but they refer to different aspects of the segmentation process in marketing. 

  Market segmentation is the broader process of dividing the overall market into homogeneous groups. Market segmentation helps marketers identify different groups based on their characteristics or needs. These market segments make it easier for businesses to connect with new buyers by offering relevant products or new features. 

  On the other hand, customer segmentation is used to help you dig deep into the behaviour and preferences of your current customer base. Marketers use customer segmentation insights to create buyer personas. Buyer personas are essential for ensuring your personalised marketing efforts are relevant to the target audience. 

  10 customer segments examples

  Now that you better understand different customer segmentation categories, we’ll provide real-world examples of how customer segmentation can be applied. You’ll be able to draw a direct connection between the segmentation category or categories each example falls under.

  One thing to note is that you’ll want to consider privacy and compliance when you are considering collecting and analysing types of data such as gender, age, income level, profession or personal interests. Instead, you can focus on these privacy-friendly, ethical customer segmentation types :

  1. Geographic location (category : geographic segmentation)

  The North Face is an outdoor apparel and equipment company that relies on geographic segmentation to tailor its products toward buyers in specific regions and climates. 

  For instance, they’ll send targeted advertisements for insulated jackets and snow gear to buyers in colder climates. For folks in seasonal climates, The North Face may send personalised ads for snow gear in winter and ads for hiking or swimming gear in summer. 

  The North Face could also use geographic segmentation to determine buyers’ needs based on location. They can use this information to send targeted ads to specific customer segments during peak ski months to maximise profits.

  2. Preferred language (category : geographic segmentation)

  Your marketing approach will likely differ based on where your customers are and the language they speak. So, with that in mind, language may be another crucial variable you can introduce when identifying your target customers. 

  Language-based segmentation becomes even more important when one of your main business objectives is to expand into new markets and target international customers — especially now that global reach is made possible through digital channels. 

  Coca-Cola’s “Share a Coke” is a multi-national campaign with personalised cans and bottles featuring popular names from countries around the globe. It’s just one example of targeting customers based on language.

  3. Repeat users and loyal customers (category : customer lifecycle segmentation)

  Sephora, a large beauty supply company, is well-known for its Beauty Insider loyalty program. 

  It segments customers based on their purchase history and preferences and rewards their loyalty with gifts, discounts, exclusive offers and free samples. And since customers receive personalised product recommendations and other perks, it incentivises them to remain members of the Beauty Insider program — adding a boost to customer loyalty.

  By creating a memorable customer experience for this segment of their customer base, staying on top of beauty trends and listening to feedback, Sephora is able to keep buyers coming back.

  

  4. New customers (category : customer lifecycle segmentation)

  Subscription services use customer lifecycle segmentation to offer special promotions and trials for new customers. 

  HBO Max is a great example of a real company that excels at this strategy : 

  They offer 40% savings on an annual ad-free plan, which targets new customers who may be apprehensive about the added monthly cost of a recurring subscription.

  This marketing strategy prioritises fostering long-term customer relationships with new buyers to avoid high churn rates. 

  5. Cart abandonment (category : purchase history segmentation)

  With a rate of 85% among US-based mobile users, cart abandonment is a huge issue for ecommerce businesses. One way to deal with this is to segment inactive customers and cart abandoners — those who showed interest by adding products to their cart but haven’t converted yet — and send targeted emails to remind them about their abandoned carts.

  E-commerce companies like Ipsy, for example, track users who have added items to their cart but haven’t followed through on the purchase. The company’s messaging often contains incentives — like free shipping or a limited-time discount — to encourage passive users to return to their carts. 

  Research has found that cart abandonment emails with a coupon code have a high 44.37% average open rate. 

  6. Website activity (category : technographic segmentation)

  It’s also possible to segment customers based on website activity. Now, keep in mind that this is a relatively broad approach ; it covers every interaction that may occur while the customer is browsing your website. As such, it leaves room for many different types of segmentation. 

  For instance, you can segment your audience based on the pages they visited, the elements they interacted with — like CTAs and forms — how long they stayed on each page and whether they added products to their cart. 

  Matomo’s Event Tracking can provide additional context to each website visit and tell you more about the specific interactions that occur, making it particularly useful for segmenting customers based on how they spend their time on your website. 

  Try Matomo for Free

  Get the web insights you need, while respecting user privacy.

  Start for free

  No credit card required

  Amazon segments its customers based on browsing behaviour — recently viewed products and categories, among other things — which, in turn, allows them to improve the customer’s experience and drive sales.

  7. Traffic source (category : channel segmentation) 

  You can also segment your audience based on traffic sources. For example, you can determine if your website visitors arrived through Google and other search engines, email newsletters, social media platforms or referrals. 

  In other words, you’ll create specific audience segments based on the original source. Matomo’s Acquisition feature can provide insights into five different types of traffic sources — search engines, social media, external websites, direct traffic and campaigns — to help you understand how users enter your website.

  You may find that most visitors arrive at your website through social media ads or predominantly discover your brand through search engines. Either way, by learning where they’re coming from, you’ll be able to determine which conversion paths you should prioritise and optimise further. 

  8. Device type (category : technographic segmentation)

  Device type is customer segmentation based on the devices that potential customers may use to access your website and view your content. 

  It’s worth noting that, on a global level, most people (96%) use mobile devices — primarily smartphones — for internet access. So, there’s a high chance that most of your website visitors are coming from mobile devices, too. 

  However, it’s best not to assume anything. Matomo can detect the operating system and the type of device — desktop, mobile device, tablet, console or TV, for example. 

  By introducing the device type variable into your customer segmentation efforts, you’ll be able to determine if there’s a preference for mobile or desktop devices. In return, you’ll have a better idea of how to optimise your website — and whether you should consider developing an app to meet the needs of mobile users.

  Try Matomo for Free

  Get the web insights you need, while respecting user privacy.

  Start for free

  No credit card required

  9. Browser type (category : technographic segmentation)

  Besides devices, another type of segmentation that belongs to the technographic category and can provide valuable insights is browser-related. In this case, you’re tracking the internet browser your customers use. 

  Many browser types are available — including Google Chrome, Microsoft Edge, Safari, Firefox and Brave — and each may display your website and other content differently. 

  So, keeping track of your customers’ preferred choices is important. Otherwise, you won’t be able to fully understand their online experience — or ensure that these browsers are displaying your content properly. 

  

  10. Ecommerce activity (category : purchase history, value based, channel or product based segmentation) 

  Similar to website activity, looking at ecommerce activity can tell your sales teams more about which pages the customer has seen and how they have interacted with them. 

  With Matomo’s Ecommerce Tracking, you’ll be able to keep an eye on customers’ on-site behaviours, conversion rates, cart abandonment, purchased products and transaction data — including total revenue and average order value.

  Considering that the focus is on sales channels — such as your online store — this approach to customer segmentation can help you improve the sales experience and increase profitability. 

  Start implementing these customer segments examples

  With ever-evolving demographics and rapid technological advancements, customer segmentation is increasingly complex. The tips and real-world examples in this article break down and simplify customer segmentation so that you can adapt to your customer base. 

  Customer segmentation lays the groundwork for your personalised marketing campaigns to take off. By understanding your users better, you can effectively tailor each campaign to different segments. 

  If you’re ready to see how Matomo can elevate your personalised marketing campaigns, try it for free for 21 days. No credit card required.

  Try Matomo for Free

  21 day free trial. No credit card required.

  
  

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I accept the terms and conditions and data processing agreement (DPA)

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  
  

  Start improving your websites now