First things first
- services we provide;
- information we process;
- purposes we answer;
- data subjects’ rights we help exercise; and
- protective measures we take.
Services we provide
Our products offer Partners a broad set of features across the sales funnel, from acquisition to activation, retention, and revenue, including: (a) automated personalization, (b) dynamic A/B testing to optimize yield, (c) full set of features to help optimize website conversions and maximize revenues, (d) targeted and omnichannel personalized messaging platform directed to End Users, and (e) flexible data architecture to allow for powerful integrations with any enterprise system.
We provide our products on a SaaS basis and so we perform our services and process underpinning data on Partners’ instructions.
Information we process
In order to deliver on our promise to leverage real-time predictive segmentation powered by artificial intelligence and machine learning capabilities, we cannot do without data, including:
- personal data, meaning any information relating to identified or identifiable individuals, End Users, such as:
- contact information, where Partners send us – directly, by using their email service providers (“ESPs”) or our products
- technical information, in particular IP addresses End Users’ devices by the Partners, when they access or visit Partners’ websites (“Websites”).
- non-personal data that does not fall within the meaning of personal data as defined by, and thus is not subject to, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; “GDPR”) which may be made available to us or gathered via End Users’ use of the Websites, and include:
- your referring URL, timestamp, browser type and language, device types, GSM operations, operating system, screen parameters, color depth, whether a computer is Java enabled, Internet connection type, browser cookie settings, pages viewed on the Websites, last login time for Websites, last updated date for mobile apps, time of visit, products viewed, placed in the cart, and purchased on the Websites, quantity, price, and purchase ID of products placed in the cart or purchased on the Websites, and custom page data, as defined by our Partners – automatically collected by us and our technology providers when End Users visit or access the Websites;
- inferred information where – based on the information we collect from End Users’ Website activity, search terms entered through End Users’ browsers, and information gleaned from previous our cookies and local storage (as detailed below) – we may infer other information, such as zip code, country, state, time zone, weather, temperature, heat index, wind chill, or proximity to a shipping location.
As long as we keep and use personal data with non-personal data combined, our processing of the same will remain compliant with the GDPR and all data subjects’ rights will be protected accordingly.
Purposes we answer
We use and share personal data also for the following purposes:
- to provide Services to our Partners – for example, when we receive End Users’ personal data, we may analyze such data and may instruct our Partners or their ESPs what content to insert into marketing or other communications which are directed to End Users. We, our Partners or their ESPs, as applicable, will then send End Users a tailored e-mail based on our suggestions;
- to send to our Partners relevant information and updates related to the Services;
- to generally understand the respective needs and interests of Partners and End Users;
- to conduct anonymous analytics in order to improve and customize our Services and products;
- to support and troubleshoot our Services;
- to investigate and resolve disputes in connection with our Services;
- to investigate violations and enforce our policies, and as required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process or respond to a government request; and
- to monitor system performance and network capacity, test and fix systems, and develop and implement upgrades to systems.
We do not rent, sell, or share personal data with third parties.
We will not share without your consent your Personal Information except as required by law, such as to comply with a subpoena, court orders and regulations or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud or respond to a government request.
Data subjects’ rights we help exercise
End Users may request that we or Partners give them access, rectify, erase, or port their personal data, or restrict or stop the processing.
End Users can contact us at [firstname.lastname@example.org] or otherwise and we’d be happy to oblige in full compliance with the GDPR. We will use commercially reasonable efforts to process such requests in a timely manner. Alternatively, End Users may use a third-party tag management service to disable our tag on the Websites.
CREATE OPT-OUT URL
1. Enter the webpage URL:
2. Click the link below:https://www.example.com/?INSOPTOUT
End Users also have the opt-out option for mobile devices. Privacy setting of your Android or iOS device have limit ad tracking (for iOS) and opt-out of interest based ads (for Android). End users can change the setting via this features and will not be tracked by us.
We will retain the information we collect for as long as needed to provide our services and to comply with our legal obligations.
Protective measures we take
We have a Security, Privacy and Compliance Committee (“SPCC”) with data protection specialists, legal consultants and security experts helping our company and our products become and remain GDPR-compliant. Our team also includes executive members, such as our co-founders, who are fully committed to improving transparency and trust.
We commit to notify our Partners of any and all privacy incidents. We will keep investing in threat detection and avoidance technologies, and our round-the-clock incident management program to help you respond to security or privacy incidents.
We are constantly improving our documented processes and will continue to train our company on adequate incident response procedures.
We have strong security measures for data processing, including:
- Encryption, and specifically: (i) encryption of your data at rest with AES256 (EBS/S3/Glacier/RDS), (ii) centralized managed Key Management (by AWS Region), (iii) IPsec tunnels into AWS with the VPN-Gateways, (iv) dedicated HSM modules in the cloud;
- Monitoring and Logging, and specifically: (i) Asset Management and Configuration, (ii) auditing and security analytics, (iii) detailed information about flows in the network through VPC-FlowLogs, (iv) rule-based configuration checks and actions, (v) filtering and monitoring of HTTP access to applications;
- Access, and specifically: (i) Multi-Factor-Authentication (MFA), (ii) fine granular access to objects in Amazon S3, Amazon SQS, and Amazon SNS, (iii) API-Request Authentication, (iv) Geo-Restrictions, (v) temporary access tokens;
- Data Privacy, and specifically: (i) we determine where our Partners’ content will be stored, including the type of storage and geographic region of that storage, (ii) we choose the secured state of our Partners’ content, (iii) We use strong encryption for partners’ content in transit or at rest, and manage our own encryption keys, (iv) we manage access to our Partners’ content and AWS services and resources through users, groups, permissions and credentials that we control, (v) we hash all data and transactions, and (vi) we regularly audit and review the stored data and erase the unnecessary parts;