Privacy policy | Opinary (original) (raw)
Privacy Policy
Last updated: 16 September 2024
Overview
This Privacy Policy describes how we collect, use, and disclose information and what choices you have concerning the information when you use our platform and our services or visiting our websites. It is our policy to respect your privacy regarding any information we may collect while using our services and websites. For the purposes of this Policy, the term “Websites” shall refer collectively to as well as “pressekompass.net”.
We are aware of the importance of the processing of personal data for the user and, accordingly, comply with all relevant legal requirements. The protection of your privacy is of utmost importance to us. Please read this entire document to fully understand our actions.
1. Services
Opinary instantly recognizable voting tools have innovated and changed the way global brands and respected publishers reach their target audiences. The Company offers a platform that enables publishers to enrich their content and make it interactive, engage and retain users, and monetize engaged traffic.
2. Information we collect
Personal data is any information relating to an identified or identifiable individual. This includes the following categories of personal data that we process
2.1 Processing via our Own Online Presence
2.1.1 Information collected automatically:
When you access our website, the browser used on your device automatically sends information to the server of our website and temporarily stores it in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
– the IP address of your device,
– the date and time of access,
– the name and URL of the file accessed,
– the website/application from which the access was made (referrer URL),
– the browser you use and, if applicable, the operating system of your device as well as the name of your access provider.
2.1.2 Information provided by you:
We collect personal data when you use our website/services or provide the personal data directly to us.
2.1.2 a) For creation of user accounts
– Name
– Email address
– Password
– Telephone number
– Correspondence address
– Billing details
2.1.2 b) Contact
If you contact us e.g. by phone, email, post, by using our contact forms on our website or in any other way with a request or if we contact you, we do process your personal data, e.g. your name, address, telephone number as well as the content of the message.
2.1.2 c) Webinars
You can register for webinars on our website. For this purpose, the following personal data is required: first name, last name, company, email address, position.
2.1.2 d) Case Studies
You can download different case studies from our website. Before the download link is released, the following personal data is requested: first name, last name, company, email address, position.
2.1.2 e) User Testing
You can apply to participate in our user testing (via our website). If you are selected for such testing, we will approach you in order to have a conversation with you about our polling tools, what you like and what you might change about them.
For this purpose, we will process your email address, first name, gender (optional) and documentation of our conversation with you. If you are not selected for a user test, your application details will be deleted after 6 months.
2.1.2 f) Newsletter
On our website we offer you the possibility to sign up for our newsletter. We want to ensure the authenticity of your email address, so once you sign up for our newsletter an email is sent out to you which includes a link to click and confirm the subscription. Only after the confirmation click is completed will you officially be added to our mailing list.
2.1.2 g) Comment Function on Our Blog
You can write and publish comments under the blog posts on our website. We request your name or a pseudonym for you to be able to publish your comment. As an option, you can also enter your website. In addition, your IP address and email address will be recorded and queried. We request this information to enable transparent and individual communication between authors and commentators.
The storage of the IP address as well as the email address is necessary in order to be able to defend ourselves against liability claims in case of a possible publication of illegal content. We also need your email address in case we need to contact you if a third party objects to your comment as illegal. In addition, the IP and email address are stored in order to avoid spam.
2.2 Data Collection and Processing via our Tools that were integrated on Publishers’ Websites
Opinary offers a service that allows users to vote on editorial as well as sponsored polls that were integrated on publisher websites. In such cases, Opinary and its publisher partners share joint responsibility for processing of personal data. We have determined respective roles and responsibilities pursuant to GDPR Art. 26.
In this context, our service automatically stores the user’s IP address as well as a cookie on the user’s computer, which allows us to summarize voting results in a statistically meaningful way and to optimize our service and the information presented in the interests of the user. This cookie is based on a randomized online identifier.
The legal basis for the processing of your personal data is your consent, which you have declared to the publisher using their privacy manager/consent management tools.
The data collected will be used, amongst others, for the following purposes:
– delivery of sponsored polls
– delivery of editorial polls
– prevention of manipulation
If you still wish to opt-out from the data processing listed in this section, please follow this link.
2.2.1 Sponsored Polls
Opinary is registered with IAB Europe for TCF v2.0. Our vendor ID is 488.
Opinary further works with partners, e.g. ad tracking companies, in order to help their brands partners to retarget potential clients. We allow our brands partners to add cookie pixels for tracking and potentially further processing purposes. Opinary does not have any control on or stake in the processing of the data through their brand partners.
Through cookies, our brand partners can also connect data from sponsored polls (user ID, poll ID and answer given on that poll) with existing data that they already have about that user.
Our partners for tracking and potential partners include Data Management Platforms, Online Marketing Platforms, Social media platforms, Audience data providers for marketing and advertising, Programming Advertising Technology Providers, and Cloud Service Providers.
3. How We Use Your Data
How we use your personal data will depend on which Services you use and how you use those Services.
We may use the information we collect via our online presence to provide our services, send our newsletters and to communicate with you by responding to your requests, comments, and questions:
We may use the information we collect via our Services/Tools to:
– ensuring a smooth connection setup,
– ensuring a comfortable use of our website/application,
– evaluation of system security and stability.
– for handle your request from online contact
– for the implementation of the webinar
– to learn more about our users
– for personalized content creation
– delivery of sponsored polls and polls for advertising purposes, these are for example paid questions of an advertising partner and marked as such
– delivery of editorial polls, these are polls from editorial teams with added content value for the user
– prevention of manipulation, this means, for example, that we make sure to only count human votes
We may combine or aggregate any of the information we collect through our Services for any of these purposes.
In addition, we may use information that we collect when we believe in good faith that disclosure is necessary (a) to protect our rights, the integrity of our Services, or your safety or the safety of others, or (b) to detect, prevent, or respond to fraud, intellectual property infringement, violations of Terms of Use related to the Service, or violations of law. For EU area users, our legal basis for use of information under these circumstances is the legitimate interest of Opinary or our business partners. Such use is compatible with your legal rights, as no additional personal information is processed, and there is no effect on your web or app experience, or other intrusive processing.
4. Lawful basis for processing
We process your personal data only when we have a lawful basis. We process your personal data only when we have a lawful basis.
Presently, we use the following:
Consent – We process your data if you have given your consent freely for the same. Where we rely on your consent to use your personal data, you have the right to withdraw that consent at any time. Please contact us using the details in the ‘Contact us’ section of this notice.To revoke the consent of receiving business offers after webinars, Please send an email to compliance@affinity.com. To revoke the consent of receiving business offers after case studies please contact .
Performance of contract – We process your data when it’s necessary for the performance of the contract. For example, if the processing is necessary to fulfil our commitments under the applicable terms of service.
The fulfilment of legal obligations – We will also process your data in accordance with our obligations under legal regulations.
Legitimate Interest – We may also process your data on the grounds of legitimate interest for a particular processing activity. When processing your data, we pursue the following legitimate interests:
– The improvement of our offer,
– The protection of our systems against misuse,
– The production of statistics,
– The storage of our correspondence with you,
– In corresponding with you for business purposes,
– For personalized content creation regarding newsletter.
5. Users under the age of 16
The Sites and Services do not knowingly collect personal information from users under the age of 16.
If you are under the age of 16, you are not permitted to use the Sites and Services or to disclose Personal Information. If we learn we have collected or received Personal Information from a child under 16, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us.
6. Cookies
In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on our pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies to recognise your browser on your next visit (so-called long-term cookies). Cookies cannot be used to access other files on your computer or to determine your email address.
The cookies listed in our are used on this website.
Insofar as we use cookies that are absolutely necessary for the provision of our websites, the legal basis for the processing of personal data using these cookies is Art. 6 (1)(f) GDPR.
A processing of personal data by cookies for marketing purposes or for the creation of statistics only takes place if you have given us your consent for this. The legal basis for this is Art. 6 (1)(a) GDPR.
You can revoke your consent at any time without giving reasons using the Consent Management Tool and adjusting the respective categories.
Cookies are stored on your device, and you have full control over their use. You can deactivate or restrict the transmission of cookies by changing the settings of your internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our websites, you may no longer be able to use all the functions of the websites to their full extent.
For more details about how we use these technologies, please see our Cookie Policy
7. Data Retention Policy
– if you have consented to the processing, at most until you revoke your consent;
– if we need the data for the execution of a contract, at most for as long as the contractual relationship with you exists;
– if we use the data on the basis of a legitimate interest, at most for as long as your interest in deletion or anonymisation does not outweigh the data;
– insofar as statutory storage obligations exist, until the end of the storage periods.
8. Your information shared with others
8.1 Recipients of your data
Service Providers:
Opinary may share your data with our third-party service providers. The categories of service providers to whom we entrust personal information include IT and related services such as cloud-based data centres, Ad-server, DSP, API providers, analytics service providers, fraud detection service providers, video conferencing solutions, Web analytics tool providers, CRM, and email marketing services.
Disclosures to Protect Us or Others.
We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: , such as a court order or subpoena; protect your, our or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
Disclosures in the Event of Merger, Sale, or Other Asset Transfers.
If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.
Links to other sites
Our website may contain links to the websites of other organizations. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. This Privacy Policy does not cover how those organizations process your personal information. We encourage you to read the Privacy Policies on the other websites you visit.
Cross-Border Data Transfers
As a matter of principle, your personal data will not be transferred to third parties unless we are legally obliged to do so, or the transfer of data is necessary for the implementation of our contractual relationship, or you have previously expressly consented to the transfer of your data. In such cases, the data may be transferred to USA.
External service providers or subcontracted processors such as server providers may receive your personal data. In these cases, however, the scope of the transmitted data is limited to the necessary minimum. Insofar as subcontractors process your personal data on our behalf, we ensure compliance pursuant to Art. 28 GDPR. The respective subcontractor is responsible for the content of third-party services, though we check them for compliance with regards to legal requirements within the scope of reasonableness.
We attach importance to processing your data within the EU / EEA. However, it may happen that we use service providers who process data outside the EU / EEA. In these cases, we ensure an adequate level of data protection comparable to the standards within the EU or where we can ensure the careful handling of personal data by means of contractual agreements or other suitable guarantees. This can be achieved, for example, via EU standard contractual clauses, binding corporate rules, etc.
Affinity Global Inc. has been certified and is now acting as an active participant in the EU-US Data Privacy Framework as set forth in the Commission’s Implementing Decision of July 10, 2023, pursuant to the GDPR on the adequate level of protection of personal data between EU and U.S.. Detailed information can be found by searching for Affinity Global Inc. on the website https://www.dataprivacyframework.gov/list or in the Annexure of Affinity Global Inc. privacy notice).
9. Security Measures to Protect Your Data
Security Measures
We implement security controls to prevent breaches and unauthorised access to your data.
We maintain reasonable and appropriate security measures to protect Website user’s data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Examples of security measures include physical access control, role-based access to data, monitoring for threats and vulnerabilities etc.
Protection of personal information
Our Sites and Services uses commercial efforts to maintain safeguards for protection of your Personal Information.
Opinary takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally identifying and personally identifying information.
10. Your Rights
Data Subjects have certain rights in respect of their personal data. The rights given with respect to your personal data include:
– The Right of Access: You have the right to access personal data and supplementary information. You can ask us for a copy of your personal information.
– The Right to Rectification: You can ask us to change, update or fix your data in certain cases, particularly if it is inaccurate.
– The Right to Erasure: You can ask us to erase or delete all or some of your personal information (e.g., if it is no longer necessary to provide Services to you) without undue delay.
– The Right to Restriction of Processing: You can ask us to stop using all or some of your personal information (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if you think your personal information is inaccurate or unlawfully held).
– The Right to Data Portability: You have the right to data portability which provides the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to transmit the same to another controller.
– The Right to Object: The data subject has the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her.
– Automated individual decision-making, including profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you (data subject).
– The right to withdraw consent: You have the right to withdraw your consent at any time with effect for the future. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
– The right to lodge a complaint: You have the right to lodge a complaint with the supervisory authority if you are dissatisfied with the way we handle or process your personal data.
Whenever you use our services, we aim to provide you with easy means to access, modify, delete, object to or restrict the use of your personal information.
We strive to give you ways to access, update/modify your data quickly, or delete it unless we have to keep that information for legal purposes. These rights can be exercised by contacting us using the details set out in the “Contact Information” section below.
Account Closure
We keep some personal data even after account closure. Once you choose to close your account, we generally delete your personal information within 3 years of closure of your account. Some information that is necessary for statutory obligations such as records of payment processing, invoicing data will be retained as necessary.
11. Contact Information
You can contact us about this privacy policy or use of our services.
If you have any questions or concerns about this privacy policy and practices, please contact us by email at compliance@affinity.com or by mail at:
Affinity Global GmbH
Engeldamm 62-64
10179 Berlin
Germany
We have appointed a Data Protection Officer to help us ensure and enforce our privacy policy.
Should you have any questions about our data protection measures, the processing of your data or the protection of your rights as a data subject, you can contact us and our data protection officer as follows:
External Data Protection Officer:
ePrivacy GmbH
represented by Prof. Dr. Christoph Bauer
Burchardstraße 14, 20095 Hamburg
If you have any questions or concerns regarding your information, please contact compliance@affinity.com. If you wish to communicate directly with our data protection officer (because you have a particularly sensitive matter for example), please contact them by post, as communication by e-mail could always have security gaps.
We have further appointed a representative of controllers or processors not established in the UK (Article 27 UK-GDPR):
UK Representative
Service for GDPR Ltd. 10
7 Savoy Court
London WC2R 0EX
United Kingdom
www.eprivacy.eu/en/legal
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are aware of how and why we are using such information.
If you are a resident of the European Economic Area and we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you have additional rights. If you are not satisfied with the resolution, you can also lodge a complaint with the Supervisory Authority in the country of your residence.
12. Privacy policy change
We reserve the right to change this Privacy Policy at any time with future effect. You will always find the current version on this website. You should therefore visit this website regularly to find out about the current status of our privacy policy.
13. ANNEXURE:
Jurisdiction-specific provision:
13.1 California Privacy Rights Act (CPRA)
This CPRA Privacy Policy describes Opinary practices regarding the collection, use, and disclosure of the personal information of California residents, describes the rights of California residents under the California Privacy Rights Act (“CPRA”), and explains how California residents may contact Opinary to exercise those rights. This CPRA Privacy Policy only applies to the personal information of California residents.
CPRA Categories of Personal Data:
| Categories of Personal data | Personal data collected |
|---|---|
| Identifiers | Personal Data was collected by the contact us form on the website. Data Collected: your name, address, telephone number Personal Data was collected by the case study download form on the website. Data Collected: first name, last name, company, email address, position. Through Instagram: Demographic and statistical data Personal Data was collected by the webinar form on the website. Data Collected: first name, last name, company, email address, position. IP Address is collected. |
| Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | First name, last name, email address. |
| Financial Information | N/A – We do not collect this information |
| Commercial Information | N/A – We do not collect this information |
| Protected Classification characteristics under California or federal law. | N/A – We do not collect information such as Gender, Age, national origin, marital status etc. |
| Biometric information | N/A – We do not collect Biometric information |
| Internet or other similar network activity. | Log data, session information, and Cookie Id are only for our Opinary website visitors. |
| Geolocation data | Such as your location information generated based on your IP address etc. · IP address · Location information such as country code we infer from your device’s IP address · We do not collect the precise location of the Website visitors |
| Sensory data. | N/A – We do not collect this information |
| Professional or employment-related information. | |
| Inferences drawn from other personal information. | N/A |
| Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | N/A – We do not collect this information |
No Sale of Personal Data:
Opinary has not sold Personal Data in the preceding twelve (12) months.
Right to Opt-Out of the Sale of Personal Data:
Opinary does not sell your personal data.
If in case, Opinary ever changes its policy and choose to sell personal data, you would have the right to opt-out of the sale of your personal data by clicking on the “Do not sell my personal data” link.
Sensitive data:
We do not generally seek to collect sensitive data through this site or otherwise. In the limited cases where we do seek to collect such data, we will do this in accordance with California Privacy Rights Act(“CPRA”) requirements. If in case, Opinary ever chooses to use Sensitive Personal Data, you would have the right to limit the use of your sensitive personal Data.
The term “sensitive data” refers to the various categories of personal data identified by CPRA as requiring special treatment, including in some circumstances the need to obtain explicit consent from you. These categories include racial or ethnic origin, political opinions, religious, philosophical, or other similar beliefs, membership of a trade union, physical or mental health, biometric or genetic data, sexual life or orientation, or criminal convictions and offences (including information about suspected criminal activities).
Disclosures of Personal Data for a Business Purpose:
In the preceding twelve (12) months, Opinary has not disclosed Personal Data for business purposes.
Your Rights
The CPRA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CPRA rights and explains how to exercise those rights.
Access to Specific Information
You have the right to request that Affinity disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
– The categories of personal information we collected about you.
– The categories of sources for the personal information we collected about you.
– Our business or commercial purpose for collecting or selling that personal information.
– The categories of third parties with whom we share that personal information.
– The specific pieces of personal information we collected about you (also called a data portability request).
– If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
sales, identifying the personal information categories that each category of recipient purchased; and
disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request Affinity delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
– Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
– Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
– Exercise free speech, ensure the right of another consumer to exercise their free speech rights or exercise another right provided for by law.
– Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
– Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
– Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
– Comply with a legal obligation.
– Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Right to Correct Inaccurate Personal Information
You have a right to request for correction of Inaccurate personal information. We shall use commercially reasonable efforts to correct the inaccurate personal information as directed by the consumer.
Right to Know What Personal Information is Sold or Shared and to Whom
You have a right to request us information about what personal information is sold or shared by us and with whom. Once request received, we shall disclose the following:
– The category or categories of consumers’ personal information it has sold or shared, or if we have not sold or shared consumers’ personal information, it shall disclose that fact.
– The category or categories of consumers’ personal information it has disclosed for a business purpose, or if we have not disclosed consumers’ personal information for a business purpose, it shall disclose that fact.
Right to Opt Out of Sale or Sharing of Personal Information
You have a right to opt out of sale or sharing of personal information if we sell or share such personal information. We shall prohibit from selling or sharing the consumer’s personal information after its receipt of the consumer’s direction, unless the consumer subsequently provides consent, for the sale or sharing of the consumer’s personal information.
Right to Limit Use and Disclosure of Sensitive Personal Information
You have a right to request us to limit Use and Disclosure of Sensitive Personal Information. Upon such request we shall prohibit, from using or disclosing the consumer’s sensitive personal information for any other purpose after its receipt of the consumer’s direction unless the consumer subsequently provides consent for the use or disclosure of the consumer’s sensitive personal information for additional purposes.
Right of No Retaliation Following Opt-Out or Exercise of Other Rights – Non-Discrimination
We will not discriminate against you for exercising any of your CPRA rights. Unless permitted by the CPRA, we will not:
– Deny you goods or services.
– Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
– Provide you a different level or quality of goods or services.
– Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
– Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
– Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Response Timing and Format
We endeavour to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
CONTACT FOR MORE INFORMATION
If you have any questions or concerns about Opinary’s privacy policy and practices, please contact us by email at compliance@affinity.com , or by mail at:
20 N. Wacker Drive, 12th Floor,
Chicago, IL 60606
Privacy policy change
We will review and update this CPRA Privacy Policy periodically and will note the date of its most recent revision at the top of this CPRA Privacy Policy. If we make material changes to this Policy, we will post the revised Policy on our website and may take additional measures to inform you about such changes prior to such changes taking effect, if required by applicable data protection laws. We encourage you to review this Policy frequently to be informed of how Opinary is protecting your information.