General Data Protection Regulation
Personal Data Protection Policy for Users
This document is the Personal Data Protection Policy (hereinafter the “Policy”) of the company Outpush (eLabz SRL). As part of a requirement for transparency, this policy has been written to be understandable and easily accessible in order to translate our commitments under the European Regulation (EU) 2016/679 on the protection of personal data (Hereinafter “RGPD/GDPR” or “GDPR”) as well as the amended Data Protection Act.
The data protection policy is intended for all individuals who are in contact with our company, at the time of any collection of personal data, as well as for any person wishing to know more about the services and activities carried out by our company, Outpush (eLabz SRL) having an activity of data-driven Marketing Solutions agency operating an platform connection publishers and advertisers.
Outpush (eLabz SRL)’s activities lead it to carry out data processing services in partnership with third parties operating e-commerce activities (Publisher Sites) or wishing to broadcast online advertising (Advertisers). We therefore invite you to contact these third parties directly to find out about their data protection policies or to submit any request relating to the processing of your data.
The first part of this document presents as general information the principles and requirements of the RGPD that Outpush (eLabz SRL) commits to respect during any data collection and processing. In the second and third parts, details are provided respectively on the processing carried out by Outpush (eLabz SRL) in clearly identified situations as well as the rights of the persons that our company commits to respect. The last part specifies the means available to people to answer any question about the Policy on the protection of personal data.
Under the GDPR, personal data is defined as any information relating to an identified or identifiable natural person, directly or indirectly. Processing is an operation applied to data that is part of the situations and purposes specified in the second part of this policy. Outpush processes data in order to fulfil lawful, explicit and legitimate objectives and purposes, according to fair procedures, in order to operate services on its own behalf or on behalf of clients in the context of the activity of data-driven Marketing Solutions.
Taking into account the general requirements of the GDPR, in case of data processing:
- We ensure that we collect and process data within the strict scope of the provision of the relevant services and benefits, for lawful, explicit, legitimate purposes and objectives, according to fair processes, in order to provide services and benefits;
- Where we collect personal data directly, we shall specify whether the provision of such data is required by law or contract, or is based on our legitimate interest, or is a condition for the provision of a service or the conclusion of a contract, and whether the data subject is obliged to provide the personal data, as well as specifying the possible consequences of not providing the data and providing individuals with information enabling them to understand the circumstances of the processing operations and the rights they have; Where personal data have not been obtained from the data subject, we shall endeavour to provide individuals with similar information to that which we provide in the case of direct collection, as well as specify the source of the data; this information shall be provided within a reasonable period of time, but also at the time of the first communication with the individuals when the data are intended for that use, or at the latest when the personal data are first communicated to another recipient if such use is envisaged;
- Where appropriate, we shall indicate the existence of automated decision-making, including profiling, with relevant information about the underlying logic, as well as the significance and the expected consequences of such processing for the data subject;
If we intend to carry out any further processing of personal data for a purpose other than that for which the data was collected, we shall provide individuals with prior information about that other purpose and any other information that will enable them to understand it in a transparent manner;
- We disclose restricted data to authorised recipients, including authorised departments of our company and stakeholders involved in the provision of services;
- We are committed to ensuring transparency of processing with appropriate information to individuals in all cases of collection, where data is received from individuals themselves or possibly from third parties or technologies; to learn more about the transparency measures adopted by Outpush as part of the WPN service, as well as the resulting rights of Internet users, please refer to Part III of this policy ;
We undertake to:
- to minimise processing,
- to ensure the regular updating of data,
- to retain data proportionately according to criteria determined in particular with regard to the purpose of the processing, contractual or operational requirements or to meet our regulatory obligations, in compliance with the applicable law,
- to manage relations with data recipients and subcontractors by all means necessary to ensure compliance with our legal obligations,
- in the event of a possible transfer of data to a country outside the European Union, to take all possible measures, in accordance with the requirements of the RGPD, to ensure compliance with the regulations applicable in Europe,
- to make employees aware of the need to protect personal data and their confidentiality
- to ensure the security of processing and data,
- to take into account all the rights granted to individuals under the applicable regulations
Within Outpush, taking into account the principles and requirements of the law on the protection of personal data is accompanied by organisational and technical measures, particularly from the design stage (privacy by design) and by default (privacy by default) in order to effectively apply the provisions of the RGPD in accordance with the commitments and to provide operational guarantees.
In order to ensure that the RGPD is constantly applied in line with the challenges of the regulation, Outpush has appointed a Data Protection Officer (DPO), who is involved in all processing projects, as well as in taking into account the rights of individuals and, more generally, in disseminating a culture of data protection among the company’s internal employees and partners.
The processing of personal data carried out by Outpush falls within clearly identified situations
Processing related to the management of the commercial relationship with customers and prospects
Outpush collects data in the context of entering into relations with clients and prospects interested in its activities. This is a corporate purpose that allows us to maintain and manage contractual relations and to maintain contact with people interested in the company’s services.
As part of the implementation of the company’s showcase website accessible at https://Outpush.com, Outpush may deploy data collection forms within the contact sections as well as cookie technology, the purpose of which is to understand the expectations of site visitors and to improve the content offered to them. To learn more about cookie technology, please refer to the details provided in part 3 below.
Processing related to the agency activity of Data-driven Marketing Solutions
As part of its activity as a data-driven Marketing Solutions agency, Outpush operates an advertising platform for e-commerce sites and advertisers called Delivery Platform (DP) based on Web Push Notification (WPN) technology. The WPN technology equips Internet browsers and the operating systems of Internet users’ fixed and mobile equipment and makes it possible, without the constraint of surfing the web, to relay information or advertisements in the form of Notifications to Internet users who have expressly agreed to receive notifications on the basis of consent (optin).
The WPN platform is based on the processing of non-personal data using advertising cookies accepted by Internet users and the management of message flows in WPN mode. Further details are provided below on the notion of cookie as well as that of WPN. Outpush’s know-how produces information strictly for the purpose of personalising, selecting, and distributing information and advertising campaigns in WPN intended to respond strictly to the centres of interest of Internet users in line with the prospecting objectives of Publishers and Advertisers. Outpush uses non-nominative profiling methods that allow it to adapt the nature of the WPN information messages sent to Internet users. Profiling is a data processing method that is permitted by the RGPD. It is defined by the RGPD as a form of automated processing of personal data consisting in using these data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict elements concerning the personal preferences, interests, behaviour, location or movements of this person. Profiling makes it possible to select and disseminate appropriate information messages, and then to evaluate their dissemination and effectiveness in the light of non-identifying knowledge of how people react to the messages transmitted.
Processing related to advertising cookies and WPN
Outpush uses advertising cookies containing a non-nominative identifier that makes it possible to follow the browsing path of an Internet user for the sole purpose of providing the Internet user with the WPN service of sending information that may be of interest. These cookies are used in compliance with the applicable legal rules and within the framework of the recommendations and standards (framework) developed by the advertising industry in coordination with the authorities responsible for the protection of personal data. Your web browser will keep the Outpush cookie for a certain period of time, and will send it back to the web server concerned each time you connect to the site again.
WPN (Web Push Notification) is a standard technology that is provided by all of the web browser software companies that you use. It is a standard technology. The web browser creates a non-identifying identifier associated with your browser so that you can only receive notification messages from websites that you have approved. You remain in control of receiving WPN messages. You can allow websites to ask if they can send push notifications. When you visit a website that can send you notifications, a dialog box will appear asking you if you want to receive them. Similarly, browsers offer a feature that allows you to access the full list of sites that send you notifications later and change your choices. The easiest way to find out more about setting up your own browser is to consult the help section of your browser.
Processing of online applications
The Outpush website allows job seekers to respond to an offer posted in the “Join Us” section or to submit an unsolicited application. The information received in this context is subject to the processing of personal data by Outpush in its capacity as data controller for the purpose of managing applications. The information is intended solely for the authorised internal or external contacts in charge of recruitment.
The information communicated by the candidates will be kept for the duration of the examination of the applications and subsequently, in the event of non-recruitment, for several months while awaiting a position that may be suitable for the candidate, with the possibility for the latter to assert the rights granted to him/her by the RGPD and, in particular, to oppose the processing of his/her data.
We acknowledges the application of the rights resulting from the RGPD and undertakes to take into account any request as soon as possible
In this respect, individuals have a set of rights that apply on a case-by-case basis, taking into account the circumstances of the processing and their relationship with Outpush. These rights are as follows:
Right to information when personal data is collected directly or indirectly;
Right of access, to obtain from the controller confirmation as to whether or not personal data relating to them are being processed and, where they are, access to such personal data;
Right of rectification and erasure, allowing the rectification of inaccurate personal data as soon as possible and, having regard to the purposes of the processing, the right to have the data completed, including by providing a supplementary statement, as well as the right to erasure, allowing the erasure of personal data as soon as possible when certain grounds are met;
Right to the limitation of processing for a certain period of time when certain elements apply, such as a possible challenge to the accuracy of personal data, unlawful processing to which a person objects, or where the processing of the data subject’s data is necessary for the establishment, exercise or defence of legal claims, or in the event of verification of the possible prevalence of the legitimate grounds pursued by the controller over those of the data subject;
Right to data portability when processing is based on a person’s consent or a contract;
Right to object, to a certain extent in accordance with the applicable texts, to any automated individual decision based on the specific situation of a person;
Right not to be processed for the purpose of canvassing.
Within the framework of the WPN service, Outpush relies on the following technical measures that allow you to exercise your rights directly within the framework of the Web push notification (WPN) technologies:
The WPN technology used by Outpush is under your control. Outpush relies on the Web Push Notification consent management standards that are integrated in Internet browsers. You can thus authorize Outpush to send you WPN messages for a website or partners, as well as you can refuse and continue to browse the e-commerce site you have just visited. When you visit a website that can send you WPNs, a dialog box is displayed to ask you for your consent. In the same way, your browsers offer you a functionality that allows you to access the complete list of sites that send you notifications and to modify your choices. This means that you can freely change your mind if the notifications you receive do not match your interests. To find out more about configuring your own browser software, the easiest way is to consult the browser’s help section
How to exercise your rights with Outpush? How to contact us about this Policy?
Outpush undertakes to examine any request in order to facilitate the exercise of the rights recognised by the RGPD. Answers will be provided to you in a concise, transparent, understandable and easily accessible manner, in clear and simple terms.
In addition, information may be provided to you in writing or by other means, including electronically, if appropriate or if your request is made in that form.
At your request, information may be provided orally, provided that your identity can be demonstrated by other means.
Requests relating to your rights and/or the processing operations we carry out, the application of the RGPD/GDPR, the amended Data Protection Act or the application of this Policy, as well as any question relating to personal data, may be addressed, depending on your choice, in writing or orally, using the following contact details so that we can respond as soon as possible:
By email to: firstname.lastname@example.org