General Data Protection Regulation

Personal Data Protection Policy for Users

This document is the Personal Data Protection Policy (hereinafter the “Policy”) of the company Outpush (eLabz SRL). As part of a requirement for transparency, this policy has been written to be understandable and easily accessible in order to translate our commitments under the European Regulation (EU) 2016/679 on the protection of personal data (Hereinafter “RGPD/GDPR” or “GDPR”) as well as the amended Data Protection Act.

The data protection policy is intended for all individuals who are in contact with our company, at the time of any collection of personal data, as well as for any person wishing to know more about the services and activities carried out by our company, Outpush (eLabz SRL) having an activity of data-driven Marketing Solutions agency operating an platform connection publishers and advertisers.

Outpush (eLabz SRL)’s activities lead it to carry out data processing services in partnership with third parties operating e-commerce activities (Publisher Sites) or wishing to broadcast online advertising (Advertisers). We therefore invite you to contact these third parties directly to find out about their data protection policies or to submit any request relating to the processing of your data.

 

The first part of this document presents as general information the principles and requirements of the RGPD that Outpush (eLabz SRL) commits to respect during any data collection and processing. In the second and third parts, details are provided respectively on the processing carried out by Outpush (eLabz SRL) in clearly identified situations as well as the rights of the persons that our company commits to respect. The last part specifies the means available to people to answer any question about the Policy on the protection of personal data.

 

Under the GDPR, personal data is defined as any information relating to an identified or identifiable natural person, directly or indirectly. Processing is an operation applied to data that is part of the situations and purposes specified in the second part of this policy. Outpush processes data in order to fulfil lawful, explicit and legitimate objectives and purposes, according to fair procedures, in order to operate services on its own behalf or on behalf of clients in the context of the activity of data-driven Marketing Solutions.

 

Taking into account the general requirements of the GDPR, in case of data processing:

  1. We ensure that we collect and process data within the strict scope of the provision of the relevant services and benefits, for lawful, explicit, legitimate purposes and objectives, according to fair processes, in order to provide services and benefits;
  2. Where we collect personal data directly, we shall specify whether the provision of such data is required by law or contract, or is based on our legitimate interest, or is a condition for the provision of a service or the conclusion of a contract, and whether the data subject is obliged to provide the personal data, as well as specifying the possible consequences of not providing the data and providing individuals with information enabling them to understand the circumstances of the processing operations and the rights they have; Where personal data have not been obtained from the data subject, we shall endeavour to provide individuals with similar information to that which we provide in the case of direct collection, as well as specify the source of the data; this information shall be provided within a reasonable period of time, but also at the time of the first communication with the individuals when the data are intended for that use, or at the latest when the personal data are first communicated to another recipient if such use is envisaged;
  3. Where appropriate, we shall indicate the existence of automated decision-making, including profiling, with relevant information about the underlying logic, as well as the significance and the expected consequences of such processing for the data subject;

If we intend to carry out any further processing of personal data for a purpose other than that for which the data was collected, we shall provide individuals with prior information about that other purpose and any other information that will enable them to understand it in a transparent manner;

  1. We disclose restricted data to authorised recipients, including authorised departments of our company and stakeholders involved in the provision of services;
  2. We are committed to ensuring transparency of processing with appropriate information to individuals in all cases of collection, where data is received from individuals themselves or possibly from third parties or technologies; to learn more about the transparency measures adopted by Outpush as part of the WPN service, as well as the resulting rights of Internet users, please refer to Part III of this policy ;

 

We undertake to:

  • to minimise processing,
  • to ensure the regular updating of data,
  • to retain data proportionately according to criteria determined in particular with regard to the purpose of the processing, contractual or operational requirements or to meet our regulatory obligations, in compliance with the applicable law,
  • to manage relations with data recipients and subcontractors by all means necessary to ensure compliance with our legal obligations,
  • in the event of a possible transfer of data to a country outside the European Union, to take all possible measures, in accordance with the requirements of the RGPD, to ensure compliance with the regulations applicable in Europe,
  • to make employees aware of the need to protect personal data and their confidentiality
  • to ensure the security of processing and data,
  • to take into account all the rights granted to individuals under the applicable regulations

 

Within Outpush, taking into account the principles and requirements of the law on the protection of personal data is accompanied by organisational and technical measures, particularly from the design stage (privacy by design) and by default (privacy by default) in order to effectively apply the provisions of the RGPD in accordance with the commitments and to provide operational guarantees.

 

In order to ensure that the RGPD is constantly applied in line with the challenges of the regulation, Outpush has appointed a Data Protection Officer (DPO), who is involved in all processing projects, as well as in taking into account the rights of individuals and, more generally, in disseminating a culture of data protection among the company’s internal employees and partners.

The processing of personal data carried out by Outpush falls within clearly identified situations

 

Processing related to the management of the commercial relationship with customers and prospects

Outpush collects data in the context of entering into relations with clients and prospects interested in its activities. This is a corporate purpose that allows us to maintain and manage contractual relations and to maintain contact with people interested in the company’s services.

 

As part of the implementation of the company’s showcase website accessible at https://Outpush.com, Outpush may deploy data collection forms within the contact sections as well as cookie technology, the purpose of which is to understand the expectations of site visitors and to improve the content offered to them. To learn more about cookie technology, please refer to the details provided in part 3 below.

 

Processing related to the agency activity of Data-driven Marketing Solutions

As part of its activity as a data-driven Marketing Solutions agency, Outpush operates an advertising platform for e-commerce sites and advertisers called Delivery Platform (DP) based on Web Push Notification (WPN) technology. The WPN technology equips Internet browsers and the operating systems of Internet users’ fixed and mobile equipment and makes it possible, without the constraint of surfing the web, to relay information or advertisements in the form of Notifications to Internet users who have expressly agreed to receive notifications on the basis of consent (optin).

 

The WPN platform is based on the processing of non-personal data using advertising cookies accepted by Internet users and the management of message flows in WPN mode. Further details are provided below on the notion of cookie as well as that of WPN. Outpush’s know-how produces information strictly for the purpose of personalising, selecting, and distributing information and advertising campaigns in WPN intended to respond strictly to the centres of interest of Internet users in line with the prospecting objectives of Publishers and Advertisers. Outpush uses non-nominative profiling methods that allow it to adapt the nature of the WPN information messages sent to Internet users. Profiling is a data processing method that is permitted by the RGPD. It is defined by the RGPD as a form of automated processing of personal data consisting in using these data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict elements concerning the personal preferences, interests, behaviour, location or movements of this person. Profiling makes it possible to select and disseminate appropriate information messages, and then to evaluate their dissemination and effectiveness in the light of non-identifying knowledge of how people react to the messages transmitted.

 

The non-nominative information processed within the framework of the WPN service is solely intended for Outpush’s services and is shared in a strictly non-nominative manner with the Publishers and Advertisers partners for the sole purpose of adapting the relevance of WPN campaigns to the centres of interest of Internet users who have accepted the use of the service. The WPN system allows the person concerned to know in a permanent and transparent way, directly in his Internet browser or in his notification management device integrated in the operating system, the list of partners authorized to transmit messages to him within the framework of the WPN subscription. This also allows the subscriber to revoke at any time the authorization to send information messages to each identified partner.  The information of the WPN platform is processed for the duration of the consent given by the Internet users to the use of cookies as well as to the reception of WPN messages and for a limited technical validity period. For more information on cookie mechanisms and WPN, please refer to section 3 below.

 

Processing related to advertising cookies and WPN

Outpush uses cookies. A cookie is a standard technology that can be used for a variety of purposes. It can be used to memorise a customer identifier on a commercial site, the current contents of a shopping basket, or contain an identifier that allows the user’s browsing path to be followed for statistical or advertising purposes, etc. A cookie is a computer file containing a series of information, generally small in size and identified by a name, which may be transmitted to the Internet user’s browser by a website to which the latter has connected. The content of the cookie therefore varies according to its purpose. E-commerce websites that use Outpush cookies must offer you a cookie banner that allows you to accept or refuse Outpush cookies. Once you have accepted cookies from Outpush, you can always manage your preferences or delete them as described below in this Policy when we inform you of your rights.

 

Outpush uses advertising cookies containing a non-nominative identifier that makes it possible to follow the browsing path of an Internet user for the sole purpose of providing the Internet user with the WPN service of sending information that may be of interest. These cookies are used in compliance with the applicable legal rules and within the framework of the recommendations and standards (framework) developed by the advertising industry in coordination with the authorities responsible for the protection of personal data.  Your web browser will keep the Outpush cookie for a certain period of time, and will send it back to the web server concerned each time you connect to the site again.

 

WPN (Web Push Notification) is a standard technology that is provided by all of the web browser software companies that you use. It is a standard technology. The web browser creates a non-identifying identifier associated with your browser so that you can only receive notification messages from websites that you have approved. You remain in control of receiving WPN messages. You can allow websites to ask if they can send push notifications. When you visit a website that can send you notifications, a dialog box will appear asking you if you want to receive them. Similarly, browsers offer a feature that allows you to access the full list of sites that send you notifications later and change your choices. The easiest way to find out more about setting up your own browser is to consult the help section of your browser.

 

Processing of online applications

The Outpush website allows job seekers to respond to an offer posted in the “Join Us” section or to submit an unsolicited application.  The information received in this context is subject to the processing of personal data by Outpush in its capacity as data controller for the purpose of managing applications. The information is intended solely for the authorised internal or external contacts in charge of recruitment.

 

The information communicated by the candidates will be kept for the duration of the examination of the applications and subsequently, in the event of non-recruitment, for several months while awaiting a position that may be suitable for the candidate, with the possibility for the latter to assert the rights granted to him/her by the RGPD and, in particular, to oppose the processing of his/her data.

 

We acknowledges the application of the rights resulting from the RGPD and undertakes to take into account any request as soon as possible

In this respect, individuals have a set of rights that apply on a case-by-case basis, taking into account the circumstances of the processing and their relationship with Outpush. These rights are as follows:

 

Right to information when personal data is collected directly or indirectly;

Right of access, to obtain from the controller confirmation as to whether or not personal data relating to them are being processed and, where they are, access to such personal data;

Right of rectification and erasure, allowing the rectification of inaccurate personal data as soon as possible and, having regard to the purposes of the processing, the right to have the data completed, including by providing a supplementary statement, as well as the right to erasure, allowing the erasure of personal data as soon as possible when certain grounds are met;

Right to the limitation of processing for a certain period of time when certain elements apply, such as a possible challenge to the accuracy of personal data, unlawful processing to which a person objects, or where the processing of the data subject’s data is necessary for the establishment, exercise or defence of legal claims, or in the event of verification of the possible prevalence of the legitimate grounds pursued by the controller over those of the data subject;

Right to data portability when processing is based on a person’s consent or a contract;

Right to object, to a certain extent in accordance with the applicable texts, to any automated individual decision based on the specific situation of a person;

Right not to be processed for the purpose of canvassing.

Within the framework of the WPN service, Outpush relies on the following technical measures that allow you to exercise your rights directly within the framework of the Web push notification (WPN) technologies:

 

Outpush’s cookie is placed under your control at two levels. Outpush relies on industry standards as well as on the recommendations of control authorities in order to inform Internet users and allow them to exercise their rights at the level of the Cookies banner (CMP) and through Internet browsers. The existence of Outpush cookies is first brought to your attention within the framework of the Consent Management Platform or CMP or Tag Manager devices (Cookie banners and interfaces appearing when the Internet user connects to a Publisher site). Outpush cannot use cookies concerning you if this step under your control is not respected. The CMP devices are necessarily offered to you by the websites offering Outpush cookies. In constant improvement, these devices aim to be economical and fair. They offer dialogue zones or interfaces that allow you to refuse or accept cookies and to modify your preferences at a later date according to the type of cookies you want. The cookies are in any case placed under your control by means of the internal functionalities integrated into your Internet browser software. This allows you to manage your preferences to accept or refuse them on a case-by-case basis or to refuse them completely. Please note that the cookies you have accepted have a maximum duration of operation in all cases. After a period of 12 months, Outpush can no longer use a cookie that you had previously accepted.

 

The WPN technology used by Outpush is under your control. Outpush relies on the Web Push Notification consent management standards that are integrated in Internet browsers.  You can thus authorize Outpush to send you WPN messages for a website or partners, as well as you can refuse and continue to browse the e-commerce site you have just visited.  When you visit a website that can send you WPNs, a dialog box is displayed to ask you for your consent. In the same way, your browsers offer you a functionality that allows you to access the complete list of sites that send you notifications and to modify your choices. This means that you can freely change your mind if the notifications you receive do not match your interests. To find out more about configuring your own browser software, the easiest way is to consult the browser’s help section

 

How to exercise your rights with Outpush? How to contact us about this Policy?

Outpush undertakes to examine any request in order to facilitate the exercise of the rights recognised by the RGPD. Answers will be provided to you in a concise, transparent, understandable and easily accessible manner, in clear and simple terms.

 

In addition, information may be provided to you in writing or by other means, including electronically, if appropriate or if your request is made in that form.

 

At your request, information may be provided orally, provided that your identity can be demonstrated by other means.

 

Requests relating to your rights and/or the processing operations we carry out, the application of the RGPD/GDPR, the amended Data Protection Act or the application of this Policy, as well as any question relating to personal data, may be addressed, depending on your choice, in writing or orally, using the following contact details so that we can respond as soon as possible:

 

By email to: hello@outpush.co