Data Protection Policy

Version #1.0.2

  • Created: Thu, 14 Nov 2019 16:36:18-0500
  • Last Modified: Wed, 30 Jun 2023 15:00:00-0400

Introduction

This policy protects ACTV8,Inc personal data by:

  • Specifying guidelines for protecting personal data
  • Clarifying how we protect personal data
  • Explaining why and how we collect personal data
  • Explaining how to request and access your personal data

This policy applies to all personal data stored on systems and media that are owned, leased, or otherwise provided by ACTV8, Inc, regardless of location.

Personal information we may need (and why we need it):

We may collect and process these examples of personal information (at times we may also need to collect other personal information that isn't listed here):

  • Name
  • Job Title
  • Contact information (for example address, telephone numbers, email addresses)
  • Information about your age, ethnicity, gender, nationality, disability status
  • Occupation
  • Place of work
  • Interests

We may use/process this information to:

  • Handle complaints
  • Conduct investigations
  • Conduct research
  • Understand people's views and opinions
  • Improve our services
  • Carry out administrative functions (for example, HR)
  • Share it with third parties for the purpose of obtaining professional advice and in complying with our contractual obligations
  • Send you information that we think might be of interest to you
  • Comply with our legal and regulatory obligations

Protecting your information

ACTV8, Inc has appropriate technical and organizational measures in place to protect your information. We will handle and protect your information in line with these data protection principles:

  • Personal data must be processed fairly and lawfully.
  • Personal data must be obtained only for one or more specified and lawful purpose(s) and will not be processed in a manner that is not compatible with that purpose(s).
  • Personal data must be adequate, relevant and not excessive in relation to the purpose(s) for which they are processed.
  • Personal data must be accurate and kept up to date when necessary. Personal data must not be kept for longer than is required.
  • Personal data must be processed in accordance with the data subject's rights.
  • Appropriate technical and organizational measures must be in place to protect personal data from unauthorized or unlawful processing and from accidental loss, damage or destruction.
  • Personal data must not be transferred to a country or territory outside of your country unless we can be assured there is an adequate level of protection for the rights and freedoms of the data subjects.
  • Any changes, updates or discontinuance of any controls in place to protect data will be communicated to users of systems that handle personal information

Inventory Sensitive Data

In order to protect personal and sensitive data, ACTV8, Inc keeps an accurate inventory of all personal or sensitive data that is collected, processed or stored and transferred by ACTV8, Inc.

Systems that handle sensitive data are classified at the sensitivity level of the data they handle. Systems handling sensitive data not being used regularly, or being kept up-to-date will be powered down or virtualized. When these systems are no longer needed or the data on them has exceeded the need for retention, those systems will be forensically wiped and then will be disposed of in a responsible manner, according to local laws and regulations.

Data Loss Prevention

Often shortened to DLP; Data Loss Prevention is a strategy, program, or set of procedures which are designed to detect, prevent and log unauthorized use, duplication or transmission of sensitive or personal information. DLP is required to avoid data loss or data leak of confidential information being copied or transmitted outside the boundaries of ACTV8, Inc by an internal or external entity.

DLP begins with knowing what sensitive or personal information you have to protect. This fact makes the task of inventorying all sensitive or personal information that much more critical as DLP relies on an accurate and complete inventory.

Data Loss Prevention strategy in place at ACTV8, Inc is as follows:

  • ACTV8, Inc has a DLP strategy in place to detect, prevent and log unauthorized transmission or duplication of sensitive or personal information.

Data Protection with Third Parties

Any third parties that come in contact with or handle sensitive information on behalf of ACTV8, Inc have agreed to take the same level of care as the terms of this policy, as stated in a signed Data Protection Agreement.

These third parties that have Data Protection Agreements with ACTV8, Inc are assessed periodically for compliance to the terms of the agreement.

Should a third party be found non-compliant to any of the terms of a Data Protection Agreement, corrective actions must be performed promptly to resolve the non-compliance. Continued unresolved non-compliance will have consequences, up to and including termination of the business relationship.

Data Protection of Mobile Device Data

Mobile devices issued or used to process and handle data relevant to ACTV8, Inc will be equipped with mechanisms in place such as a Mobile Device Management (MDM) program or equivalent which offers encryption and controlled access to sensitive data.

Mobile Devices not equipped with mechanisms such as MDM approved for use at ACTV8, Inc, are not authorized to handle sensitive data or personally identifiable information relevant to ACTV8, Inc.

When an employee’s mobile device is lost or stolen which contains sensitive data relevant to ACTV8, Inc, the mobile device will be “bricked”until the device is either found or recovered by the proper authorities.

Subject Access Requests (SAR)

Data subjects are entitled to ask for a copy of the personal information that we hold about them and to have any inaccuracies in their personal information corrected. When a data subject submits a SAR, they are entitled to:

  • Know what personal information ACTV8, Inc is processing or has processed.
  • Know the reason(s) and purpose(s) for the processing of their personal information.
  • Know if their personal information has been shared and if so with whom and for what purpose(s).

Process for submitting a Subject Access Request

The process for submitting a Subject Access Request is as follows:

Legitimate Interest Claim

Per our understanding, legitimate interests can be relied upon as a legal basis to process personal data considering the rights and interests of the individual. Furthermore, we understand that legitimate interests cannot be used as a basis for setting cookies and that the processing of personal data is dependent on non-essential cookies, which require consent. To use a legal basis, we must carry out a balancing test, weighing its interest in processing personal data against the individual's interests, fundamental rights, and freedoms. Article 6 of the GDPR offers six possible legal bases under which personal data can be lawfully processed. In general, for our industry, only two are likely to be relevant: consent and legitimate interests.

Our platform lets marketers deliver personalized advertising to end users through our web application. This web application collects and processes the device metadata available at the browser level, specifically the user agent, device locale, screen dimensions, device type, operating system, device manufacturer, and device model. Using these data, we generate a unique identifier and store this value in a cookie for future reference. We also collect and process the IP address of each client/server request and perform a GeoIP lookup to calculate the device's approximate location. In use cases where precise location is required, our platform prompts the user to opt-in to this feature. This processing is necessary to achieve benefits such as direct marketing, targeted and relevant advertising/offers, reduced ad spend, and ultimately decreasing prices for users while providing a seamless digital experience that reduces the cost of physical marketing and the related waste, eco-friendly marketing, and fraud and security protections for the user, our partners and stakeholders. Due to the nature of the data collected and processed, we believe the risk or likelihood of a severe impact a data breach may cause on the user is considered low. Thus we acknowledge our legitimate interests outweigh those impacts.

contact

Request Demo

Want to work on a project, have questions or press inquiries?

Contact Us