PURPOSE OF THIS DOCUMENT
The purpose of Interactive Ads Ai Oy Data Protection Policy is to describe how Interactive Ads approaches protecting our customers and users data and privacy, and how we’re complying with GDPR & the national data protection policies & laws.
DEFINITIONS OF KEY TERMS
Data Privacy Officer (DPO)
An expert on data privacy who works independently to ensure that an entity is adhering to the policies and procedures set forth in the GDPR.
Data Controller (DC)
The entity that determines the purposes, conditions and means of the processing of personal data.
Data Processor (DP)
The entity that processes data on behalf of the Data Controller.
Data Subject (DS)
A natural person whose personal data is processed by a controller or processor.
Any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person.
Right to Access
Also known as Subject Access Right, it entitles the data subject to have access to and information about the personal data that a controller has concerning them.
The processing of personal data such that it can no longer be attributed to a single data subject without the use of additional data, so long as said additional data stays separate to ensure non-attribution.
Any automated processing of personal data intended to evaluate, analyse, or predict data subject behaviour.
PRINCIPLES OF DATA PROCESSING
Interactive Ads will never disclose nor sell the gathered personal data for third parties without an explicit consent from all of the data subjects being affected. Personal Data processing activities within Interactive Ads can be broken down into 2 separate categories as follows:
1 Processing performed by Interactive Ads
Interactive Ads authorised personnel will be processing the personal data gathered solely for the purpose of helping our customers do better marketing in a more cost effective manner, and within the boundaries of implementing the contracts between Interactive Ads and our customer companies.
Interactive Ads can perform automated machine learning powered analysis on the gathered data, in order to gain better understanding of the users of our platform and to better connect them with possibly interesting companies using our services.
Interactive Ads will never use the gathered data for anything else except for activities driven by the purpose of advancing our customers marketing process & it’s efficiency directly or indirectly.
2 Processing performed by Interactive Ads customer companies
Interactive Ads customers shall only be performing data processing activities for the following purposes:
1. Gathering & nurturing companies own lead & customer database for more efficient marketing activities
2. Discovering their gathered leads from the database based on given criteria
3. Educate, help and engage potential website visitors and customers.
All data subjects have a legal Right to Access and Right to be Forgotten as per GDPR. Due to this data subjects are able to request a record of all data Interactive Ads has about them via email, or can request an erasure of stored data regarding them. In order to fulfil this request the requester has to be able to identify themselves via the same email address they’re requesting the data about.
KEY REQUIREMENTS AND CONTROL PROCEDURES
All customer facing communication with Interactive Ads servers are protected via (HTTPS) encrypted connections to prevent accidental disclosure of confidential data by our users when using eg. a public wi-fi access point.
All production servers are being hardened and maintained according to industry’s best security practises to minimise the chance of accidental data breaches and incidents. Data is regularly, redundantly and automatically being backed up into multi-location storage solutions for incident recovery situations. Backups are being stored for a maximum duration of 12 months from their creation date.
Interactive Ads data is protected by an Access Control List (ACL) layer integrated into our web application that makes sure only authorised personnel are allowed to process certain personal data objects belonging to their company. All data processing activities are being automatically logged for later auditing purposes to ensure processing to be always lawful.
All data is being physically processed and stored within the borders of EU nations (Finland, Ireland, Germany, Netherlands), and will not be transfer-red outside of EU without a prior consent and notice of all data subjects being affected.
Interactive’s DPO co-operates regularly with the local supervising data privacy authority to ensure compliance with the latest laws and regulations, and to ensure safety and privacy of our users.