Privacy Guide

Privacy and Data Protection at Offer18

The protection of your personal data is very important to us. For this reason, Offer18 places a high priority on data protection and data security for customers and users. We are continuously monitoring, updating and improving our policies and privacy practices to ensure that all certification and compliance requirements are met and carried out to the highest standards possible. In particular, personal data are processed by us only as necessary and for the purpose of providing a functional and user-friendly platform, including its contents and the services we offer.

What is the GDPR

On May 25, 2018, the European Union enforces a new data privacy law, the General Data Protection Regulation (GDPR). A primary aim of the GDPR is to harmonise data privacy laws across the European Union, to protect and empower all EU citizens` privacy both online and offline and to reshape the way organisations across the EU approach their customers personal data.

As such, any company that collects or processes personal data of EU citizens falls under the scope of the GDPR, even if the company has no physical presence in the European Union. This means that most businesses with a global or online presence, including Offer18 are required to apply and follow the GDPR to all data processing activities. 

At Offer18, we understand the importance of protecting your data and adapted all services in accordance with the principles set out in the GDPR. In particular, were our clients use our products and services to process end-user data regardless of this being personal data and/ or business personal data. 

What is personal data under the GDPR? 

Personal data is information that makes it possible to identify a natural person. This includes, in particular, name, date of birth, address, telephone number, e-mail address, but also your IP address, your online identifiers, location data, biometrics such as your fingerprint and behavioural and profile data. Anonymous data exists when no personal reference to the user can be made.

What are Technical and organizational measures?

These measures are a requirement for the security of processing. Those measures are integrated into our data protection framework and aim to prevent breaches and ensure privacy by design. Simply put, technical and organisational measures are the functions, processes, controls, systems and procedures used and taken to protect and secure the personal information that we process. Those include; 

• no unauthorized access, usage;
• or transmission of data; 
• data segregation, encryption and separate processing;
• pseudonymization of your data;
• regular backups and safe and secure storage and transfer;
• advanced data loss protection. 

What are the benefits of GDPR compliance?

GDPR compliance benefits include increased trust and credibility, along with a better understanding of the data that's being collected and how it's managed. Those benefits include: 

• store & process customer data locally;
• fulfil deletion and data subject access requests from a simple interface;
• update, delete and confirm measures requested by your users;
• block data collection and issue suppression requests for specific users;
• allow user data collection with a single API;
• compile user data for access and manage portability requests;
• easily organise and integrate raw data or warehouse data of a specific user when you need to respond to a user request;
• automatically update user profiles and accounts when new data becomes available.

What is the CCPA?

The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law.

To whom does the CCPA apply?

The CCPA applies to for-profit businesses that do business in California and meet any of the following:

• have a gross annual revenue of over $25 million;
• buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices; or
• derive 50% or more of their annual revenue from selling California residents’ personal information.

What is considered personal information under the CCPA?

Personal information is information that identifies, relates to, or could reasonably be linked with you or your household. For example, it could include your name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inferences from other personal information that could create a profile about your preferences and characteristics.

What is not considered personal information under the CCPA?

Personal information does not include publicly available information that is from federal, state, or local government records, such as professional licenses and public real estate/property records.

What are the rights under the CCPA?

The CCPA secures new privacy rights for California consumers, including:

• The right to know about the personal information a business collects about them and how it is used and shared;
• The right to delete personal information collected from them (with some exceptions);
• The right to opt-out of the sale of their personal information; and
• The right to non-discrimination for exercising their CCPA rights.

Businesses are required to give consumers certain notices explaining their privacy practices.

Acknowledgement and Disclaimer

This guide does not amount to legal advice and is for informational purposes only. When working with personal data you should always consult your legal counsel and be aware of all personal data protection laws that apply to your specific requirements of your country and the unique requirements of your business and services. For more information on our GDPR and CCPA compliance at Offer18, please contact us at legal [@] offer18.com