1. What is GDPR?
The General Data Protection Regulation (“GDPR”) is the primary law regulating how companies protect EU citizens’ personal data which went into effect on May 25th, 2018. The GDPR:
- Strengthens and regulates user data privacy across the EU.
- Gives citizens broader rights and control over their data.
- Requires compliance from all organizations that handle EU citizens’ personal data, regardless of which country the organizations are registered.
2. Is Linkfire GDPR compliant?
Yes. Linkfire had been preparing for GDPR almost two years prior to the deadline and was fully compliant before May 25th. Linkfire has distributed updated Terms & Conditions explaining how we use and protect Personally Identifiable Information (PII) while fulfilling our duties as a Data Processor. For more information, please view our Privacy Portal or contact firstname.lastname@example.org.
3. How has Linkfire prepared for GDPR?
Linkfire is committed to protecting customer data and privacy. We take our obligations regarding data compliance seriously and transparently. Like many cloud service providers, we have reviewed our data protection program and made adjustments to ensure compliance with GDPR prior to May 25th, 2018. Linkfire’s ongoing commitment to data protection is evidenced in a variety of ways: Security
- Linkfire only uses trusted and certified compliant data-centers. Both AWS and Azure carry with them certifications, including ISO 27001 and SOC.
- Linkfire is continually investing in our own and our partners’ security infrastructure.
- Linkfire is currently in the process of obtaining a SOC-2, Type II report, anticipated to be completed within 2020.
- Linkfire is and has been certified with the EU-US Privacy Shield since 2017.
- All data is encrypted in transit using TLS 1.2, and at rest using industry-standard AES-256.
- FAQs for everything privacy related.
- Centralized Opt-Out from all data collection.
- Dedicated privacy support contact.
- Children’s data policy.
- Cross-border data transfer policy.
- Third party independent dispute resolution.
- Our Data Protection Officer.
- All Pixel partners working with Linkfire.
Read our Technical and Operational Measures.
4. How does Linkfire account for consent?
Linkfire has redesigned the consent method to collect and treat personal data to comply with the latest regulations. The new consent flow empowers users with:
- Giving or withdrawing consent to tracking.
- Granular control over which tracking entities are accepted.
- Additional disclosures over what the cookies used for and by whom.
The new consent flow features:
- A dynamic display of different disclosures and user flows according to the country the user is navigating from.
- Advanced logging for consent given and withdrawn in compliance with GDPR’s data subject rights.
- Subject Access Request system allowing users to exercise their GDPR rights.
Explore more within the Privacy Portal
5. What types of customer data could be collected?
Personally Identifiable Information (PII) is information that can be used on its own or with other information to identify, contact or locate a single person, or to identify an individual in context.General examples of PII are:
- First and last names
- Email addresses
- Financial records
- Credit card numbers
- National insurance/SSN numbers
6. Does Linkfire offer a protection agreement between processors and controllers?
Data Protection Agreement
For more information, please contact email@example.com.
Additional California privacy disclosures
Effective as of January 1, 2020
If you are a California resident, the processing of certain personal data about you may be subject to the California Consumer Privacy Act (“CCPA”) and other applicable California state privacy laws. Beginning January 1, 2020, the CCPA gives you certain rights with respect to the processing of your personal data (known as “personal information”, as described in under the CCPA).
Personal information collected and processed
Requests to exercise your rights
Right to know request
Under the CCPA, you have a right to request information about our collection, use, and disclosure of your personal information over the prior 12 months, and ask that we provide you with the following information:
- Categories of and specific pieces of personal information we have collected about you.
- Categories of sources from which we collect personal information.
- Purposes for collecting, using, or selling personal information.
- Categories of third parties with which we share personal information.
- Categories of personal information disclosed about you for a business purpose.
- If applicable, categories of personal information sold about you and the categories of third parties to which the personal information was sold, by category or categories of personal information for each third party to which the personal information was sold.
Right to delete request
You also have a right to request that we delete personal information, subject to certain exceptions.
Right to say no to the sale of personal data
You have the right to request that we do not sell any of your personal data that may or not have been collected or submitted. Please submit a DO NOT SELL request using our DSAR form on the privacy portal.
How to request
In order to enable you to exercise these rights with ease and to record your preferences in relation to how Linkfire uses your personal data, we provide you with access to the following settings via the following:
- Privacy Settings – allows you to control some of the categories of data collection; and,
- Data Subject Access Request (DSAR) Form – allows you to access a copy of your data, exercise your right to rectify, restrict, erase, and or port your data to another service, including a “DO NOT SELL” option.
Disclosures of personal information for a business purpose
- User Data
- Usage Data
- Plan Verification Data
- Payment and Purchase Data
Sale of personal information
Lei Geral de Proteção de Dados Disclosures
Effective as of September 18th, 2020
Definitions and Interpretation
In this LGPD Processor Addendum:
“Brazilian Customer Personal Data” means personal data that is processed by Linkfire on behalf of Customer.
The terms “controller”, “data subject”, “personal data”, “processing” and “processor” as used in this LGPD Disclosure have the meanings given in the LGPD.
If this LGPD Disclosure is translated into any other language, and there is a discrepancy between the English text and the translated text, the English text will govern.
Personal information collected and processed
While both the GDPR and the LGPD protect any information relating to an identified or identifiable natural person, unlike the GDPR, the LGPD does not give a detailed definition of what kind of information it refers to, making its scope very broad.
Processing of Data
Linkfire’s Compliance with Instructions. Linkfire will comply with the data controller’s written instructions unless applicable laws to which Linkfire is subject require other processing of Brazilian Customer Personal Data by Linkfire.
Both the GDPR and the LGPD have an extraterritorial reach: they apply to all companies offering goods or services to data subjects in the EU or Brazil, regardless of where they are located.
The LGPD will also not apply to data flows that originate outside of Brazil and are merely transmitted, but not further processed in the country.
Data Subject Rights
Responses to Data Subject Requests. If Linkfire receives a request from a data subject in relation to Brazilian Customer Personal Data, Linkfire will:
(a) if the request is made via a Data Subject Access Request, respond directly to the data subject’s request in accordance with the standard functionality of that Data Subject Access Request; or
(b) if the request is not made via a Data Subject Access Request, advise the data subject to submit his/her request to Customer, and Customer will be responsible for responding to such request.
Changes to this LGPD Disclosure
Linkfire may change this LGPD Disclosure from time to time, without notice, if the change is required to comply with applicable law, applicable regulation, a court order or guidance issued by a governmental regulator or agency.