GDPR
Additional California privacy disclosures
Lei Geral de Proteção de Dados Disclosures
GDPR
1. What is GDPR?
The General Data Protection Regulation (“GDPR”) is the primary law regulating how companies protect EU citizens’ personal data which went into effect on May 25th, 2018. The GDPR:
- Strengthens and regulates user data privacy across the EU.
- Gives citizens broader rights and control over their data.
- Requires compliance from all organizations that handle EU citizens’ personal data, regardless of which country the organizations are registered.
2. Is Linkfire GDPR compliant?
Yes. Linkfire had been preparing for GDPR almost two years prior to the deadline and was fully compliant before May 25th. Linkfire has distributed updated Terms & Conditions explaining how we use and protect Personally Identifiable Information (PII) while fulfilling our duties as a Data Processor. For more information, please view our Privacy Center or contact privacy@linkfire.com.
3. How has Linkfire prepared for GDPR?
Linkfire is committed to protecting customer data and privacy. We take our obligations regarding data compliance seriously and transparently. Like many cloud service providers, we have reviewed our data protection program and made adjustments to ensure compliance with GDPR prior to May 25th, 2018. Linkfire’s ongoing commitment to data protection is evidenced in a variety of ways: Security
- Linkfire only uses trusted and certified compliant data-centers. Both AWS and Azure carry with them certifications, including ISO 27001 and SOC.
- Linkfire is continually investing in our own and our partners’ security infrastructure.
- Linkfire is currently in the process of obtaining a SOC-2, Type II report, anticipated to be completed within 2024.
Data Handling
- Linkfire is and has been certified with the EU-US Privacy Shield since 2017.
- All data is encrypted in transit using TLS 1.2, and at rest using industry-standard AES-256.
Disclosure
Linkfire published an extensive Privacy Policy in 2017 covering:
- FAQs for everything privacy related.
- Centralized Opt-Out from all data collection.
- Dedicated privacy support contact.
- Children’s data policy.
- Cross-border data transfer policy.
- Third party independent dispute resolution.
- Our Data Protection Officer.
- All Pixel partners working with Linkfire.
Read our Technical and Operational Measures.
4. How does Linkfire account for consent?
Linkfire has redesigned the consent method to collect and treat personal data to comply with the latest regulations. The new consent flow empowers users with:
- Giving or withdrawing consent to tracking.
- Granular control over which tracking entities are accepted.
- Additional disclosures over what the cookies used for and by whom.
The new consent flow features:
- A dynamic display of different disclosures and user flows according to the country the user is navigating from.
- Advanced logging for consent given and withdrawn in compliance with GDPR’s data subject rights.
- Subject Access Request system allowing users to exercise their GDPR rights.
Explore more within the Privacy Center
5. What types of customer data could be collected?
Personally Identifiable Information (PII) is information that can be used on its own or with other information to identify, contact or locate a single person, or to identify an individual in context. General examples of PII are:
- First and last names
- Email addresses
- Financial records
- Credit card numbers
- National insurance/SSN numbers
Data collected by Linkfire can be found in our Privacy Policy.
6. Does Linkfire offer a protection agreement between processors and controllers?
We have a standard Data Protection Agreement that we enforce in connection with our MSA, Privacy Policy, and TOMs. Review each here:
Data Protection Agreement
For more information, please contact privacy@linkfire.com.
Additional advertising disclosure
All or partial advertising on this Website or App is managed by Playwire LLC. If Playwire publisher advertising services are used, Playwire LLC may collect and use certain aggregated and anonymized data for advertising purposes.
To learn more about the types of data collected, how data is used and your choices as a user, please visit Playwire's privacy policy.
Additional California privacy disclosures
Effective as of January 1, 2020
If you are a California resident, the processing of certain personal data about you may be subject to the California Consumer Privacy Act (“CCPA”) and other applicable California state privacy laws. Beginning January 1, 2020, the CCPA gives you certain rights with respect to the processing of your personal data (known as “personal information”, as described in under the CCPA).
This supplement provides additional privacy disclosures and informs you of your additional rights as a California resident, and should be read in conjunction with our Privacy Policy.
Personal information collected and processed
Section 5 of our Privacy Policy sets forth the categories of personal information that Linkfire collects and processes about you, a description of each category, and the sources from which we obtain each category.
Requests to exercise your rights
Right to know request
Under the CCPA, you have a right to request information about our collection, use, and disclosure of your personal information over the prior 12 months, and ask that we provide you with the following information:
- Categories of and specific pieces of personal information we have collected about you.
- Categories of sources from which we collect personal information.
- Purposes for collecting, using, or selling personal information.
- Categories of third parties with which we share personal information.
- Categories of personal information disclosed about you for a business purpose.
- If applicable, categories of personal information sold about you and the categories of third parties to which the personal information was sold, by category or categories of personal information for each third party to which the personal information was sold.
Right to delete request
You also have a right to request that we delete personal information, subject to certain exceptions.
Right to say no to the sale of personal data
You have the right to request that we do not sell any of your personal data that may or not have been collected or submitted. Please submit a DO NOT SELL request using our DSAR form on the privacy portal.
How to request
In order to enable you to exercise these rights with ease and to record your preferences in relation to how Linkfire uses your personal data, we provide you with access to the following settings via the following:
- Privacy Settings – allows you to control some of the categories of data collection; and,
- Data Subject Access Request (DSAR) Form – allows you to access a copy of your data, exercise your right to rectify, restrict, erase, and or port your data to another service, including a “DO NOT SELL” option.
Disclosures of personal information for a business purpose
In the preceding 12 months, Linkfire may have disclosed certain data from the following categories of personal information to the categories of recipients listed in Section 6 of our Privacy Policy for one or more business purposes:
- User Data
- Usage Data
- Plan Verification Data
- Payment and Purchase Data
Sale of personal information
Under the CCPA, a “sale” means providing to a third party personal information for valuable consideration. It does not necessarily mean money was exchanged for the transfer of personal information. We have taken substantial steps to identify whether any of our data sharing arrangements would constitute a “sale” under the CCPA. Due to the complexities and ambiguities in the CCPA, we will continue to evaluate some of our third party relationships as we wait for final implementing regulations and guidance. For example, it is currently unclear whether the use of certain types of advertising partners would be considered a sale under CCPA. We provide Usage Data to advertising partners, which enables us to provide you with interest-based advertising. If you prefer not to receive interest-based advertising, please opt out by going to your privacy settings and opt out toggle. For more information on interest-based advertising, please see our Privacy Policy and Cookie Policy. We will continue to update our business practices as regulatory guidance becomes available and provides clarity on what constitutes a sale transaction, particularly in the advertising ecosystem.
Contact us
You may contact us by emailing us at privacy@linkfire.com or using the ‘Contact Us’ details in our Privacy Policy.
Lei Geral de Proteção de Dados Disclosures
Effective as of September 18th, 2020
Introduction
This LGPD Disclosure reflects the parties’ agreement on the terms governing the processing of certain data in connection with the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais) (“LGPD”). The provisions of this LGPD Disclosure are effective solely to the extent the LGPD applies, anything not declared here are subject to Linkfire’s Privacy Policy.
Definitions and Interpretation
In this LGPD Processor Addendum:
“Brazilian Customer Personal Data” means personal data that is processed by Linkfire on behalf of Customer.
The terms “controller”, “data subject”, “personal data”, “processing” and “processor” as used in this LGPD Disclosure have the meanings given in the LGPD.
Capitalized terms used but not defined in this LGPD Disclosure will have the meanings set out in the Privacy Policy.
If this LGPD Disclosure is translated into any other language, and there is a discrepancy between the English text and the translated text, the English text will govern.
Personal information collected and processed
Section 5 of our Privacy Policy sets forth the categories of personal information that Linkfire collects and processes about you, a description of each category, and the sources from which we obtain each category.
While both the GDPR and the LGPD protect any information relating to an identified or identifiable natural person, unlike the GDPR, the LGPD does not give a detailed definition of what kind of information it refers to, making its scope very broad.
Processing of Data
Linkfire’s Compliance with Instructions. Linkfire will comply with the data controller’s written instructions unless applicable laws to which Linkfire is subject require other processing of Brazilian Customer Personal Data by Linkfire.
Territorial scope
Both the GDPR and the LGPD have an extraterritorial reach: they apply to all companies offering goods or services to data subjects in the EU or Brazil, regardless of where they are located.
The LGPD will also not apply to data flows that originate outside of Brazil and are merely transmitted, but not further processed in the country.
Data Subject Rights
Responses to Data Subject Requests. If Linkfire receives a request from a data subject in relation to Brazilian Customer Personal Data, Linkfire will:
(a) if the request is made via a Data Subject Access Request, respond directly to the data subject’s request in accordance with the standard functionality of that Data Subject Access Request; or
(b) if the request is not made via a Data Subject Access Request, advise the data subject to submit his/her request to Customer, and Customer will be responsible for responding to such request.
Changes to this LGPD Disclosure
Linkfire may change this LGPD Disclosure from time to time, without notice, if the change is required to comply with applicable law, applicable regulation, a court order or guidance issued by a governmental regulator or agency.