Version #1.0.2
This policy protects ACTV8,Inc personal data by:
This policy applies to all personal data stored on systems and media that are owned, leased, or otherwise provided by ACTV8, Inc, regardless of location.
Personal information we may need (and why we need it):
We may collect and process these examples of personal information (at times we may also need to collect other personal information that isn't listed here):
We may use/process this information to:
ACTV8, Inc has appropriate technical and organizational measures in place to protect your information. We will handle and protect your information in line with these data protection principles:
In order to protect personal and sensitive data, ACTV8, Inc keeps an accurate inventory of all personal or sensitive data that is collected, processed or stored and transferred by ACTV8, Inc.
Systems that handle sensitive data are classified at the sensitivity level of the data they handle. Systems handling sensitive data not being used regularly, or being kept up-to-date will be powered down or virtualized. When these systems are no longer needed or the data on them has exceeded the need for retention, those systems will be forensically wiped and then will be disposed of in a responsible manner, according to local laws and regulations.
Often shortened to DLP; Data Loss Prevention is a strategy, program, or set of procedures which are designed to detect, prevent and log unauthorized use, duplication or transmission of sensitive or personal information. DLP is required to avoid data loss or data leak of confidential information being copied or transmitted outside the boundaries of ACTV8, Inc by an internal or external entity.
DLP begins with knowing what sensitive or personal information you have to protect. This fact makes the task of inventorying all sensitive or personal information that much more critical as DLP relies on an accurate and complete inventory.
Data Loss Prevention strategy in place at ACTV8, Inc is as follows:
Any third parties that come in contact with or handle sensitive information on behalf of ACTV8, Inc have agreed to take the same level of care as the terms of this policy, as stated in a signed Data Protection Agreement.
These third parties that have Data Protection Agreements with ACTV8, Inc are assessed periodically for compliance to the terms of the agreement.
Should a third party be found non-compliant to any of the terms of a Data Protection Agreement, corrective actions must be performed promptly to resolve the non-compliance. Continued unresolved non-compliance will have consequences, up to and including termination of the business relationship.
Mobile devices issued or used to process and handle data relevant to ACTV8, Inc will be equipped with mechanisms in place such as a Mobile Device Management (MDM) program or equivalent which offers encryption and controlled access to sensitive data.
Mobile Devices not equipped with mechanisms such as MDM approved for use at ACTV8, Inc, are not authorized to handle sensitive data or personally identifiable information relevant to ACTV8, Inc.
When an employee’s mobile device is lost or stolen which contains sensitive data relevant to ACTV8, Inc, the mobile device will be “bricked”until the device is either found or recovered by the proper authorities.
Data subjects are entitled to ask for a copy of the personal information that we hold about them and to have any inaccuracies in their personal information corrected. When a data subject submits a SAR, they are entitled to:
The process for submitting a Subject Access Request is as follows:
Per our understanding, legitimate interests can be relied upon as a legal basis to process personal data considering the rights and interests of the individual. Furthermore, we understand that legitimate interests cannot be used as a basis for setting cookies and that the processing of personal data is dependent on non-essential cookies, which require consent. To use a legal basis, we must carry out a balancing test, weighing its interest in processing personal data against the individual's interests, fundamental rights, and freedoms. Article 6 of the GDPR offers six possible legal bases under which personal data can be lawfully processed. In general, for our industry, only two are likely to be relevant: consent and legitimate interests.
Our platform lets marketers deliver personalized advertising to end users through our web application. This web application collects and processes the device metadata available at the browser level, specifically the user agent, device locale, screen dimensions, device type, operating system, device manufacturer, and device model. Using these data, we generate a unique identifier and store this value in a cookie for future reference. We also collect and process the IP address of each client/server request and perform a GeoIP lookup to calculate the device's approximate location. In use cases where precise location is required, our platform prompts the user to opt-in to this feature. This processing is necessary to achieve benefits such as direct marketing, targeted and relevant advertising/offers, reduced ad spend, and ultimately decreasing prices for users while providing a seamless digital experience that reduces the cost of physical marketing and the related waste, eco-friendly marketing, and fraud and security protections for the user, our partners and stakeholders. Due to the nature of the data collected and processed, we believe the risk or likelihood of a severe impact a data breach may cause on the user is considered low. Thus we acknowledge our legitimate interests outweigh those impacts.