Last Updated: 1 March 2020
Thank you for using Postclick!
Postclick complies with the requirements of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively “Privacy Shield”), as set forth by the U.S. Department of Commerce and the Federal Trade Commission (“FTC”), regarding the collection, use, and retention of Personal Information transferred from the European Economic Area and Switzerland to the United States. Postclick has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and Supplemental Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Postclick certification, please visit Privacy Shield. Additionally, Postclick may protect information through other legally valid methods, including international data transfer agreements.
This Policy applies to all Postclick operating divisions, subsidiaries, affiliates, and branches, including its U.S. affiliates certified under the Privacy Shield and any additional subsidiary, affiliate, or branch of Postclick that we may subsequently form.
“Agent” means any Third Party that processes Personal Information pursuant to the instructions of, and solely for, Postclick or to which Postclick discloses Personal Information for use on its behalf.
“Customer Data” means any Personal Data that Postclick processes on behalf of Customer as a Data Processor in the course of providing Services, as more particularly described our DPA.
“Data Controller” means an entity that determines the purposes and means of the processing of Personal Data.
“Data Processor” means an entity that processes Personal Data on behalf of a Data Controller.
“Privacy Shield” means the seven (7) principles of the Privacy Shield Framework: (1) notice, (2), choice, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access, and (7) recourse, enforcement, and liability. Additionally, it includes the fourteen (14) supplemental principles described in the Privacy Shield: (1) sensitive data, (2) journalistic exceptions, (3) secondary liability, (4) performing due diligence and conducting audits, (5) self-certification, (6) verification, (7) access, (8) obligatory contracts for onward transfers, (9) dispute resolution and enforcement, (10) choice – timing of opt-out, (11) travel information, (12) pharmaceutical and medical products, (13) public record and publicly available information, and (14) access requests by public authorities.
“Process” or “Processing” has the meaning given to it in the GDPR and “process,” “processes,” and “processed” shall be interpreted accordingly.
1. Information We Collect
There are three general categories of information we collect.
1.1 Information You Give to Us.
1.1.1 Information that is necessary for the Use of the Postclick Platform.
We ask for and collect the following personal information about you when you use the Postclick Platform. This information is necessary for the adequate performance of the contract between you and us and to allow us to comply with our legal obligations. Without it, we may not be able to provide you with all the requested services.
Account Information. When you sign up for a Postclick Account, we require certain information such as your first name, last name, email address.
Communications with Postclick and other Users. When you communicate with Postclick or use the Postclick Platform to communicate with other Users, we collect information about your communication and any information you choose to provide.
1.1.2 Information You Choose to Give Us.
You may choose to provide us with additional personal information in order to obtain a better user experience when using the Postclick Platform. This additional information will be processed based on your consent.
Additional Profile Information. You may choose to provide additional information as part of your Postclick profile. Some of this information as indicated in your Account settings is part of your personal profile page and will be visible to other users or team members within your Account.
Other Information. You may otherwise choose to provide us information when you fill in a form, conduct a search, update or add information to your Postclick Account, respond to surveys, post to community forums, participate in promotions or referral programs, or use other features of the Postclick Platform.
1.2 Information We Automatically Collect from Your Use of the Postclick Platform and Payment Services.
When you use the Postclick Platform, we automatically collect information, including personal information, about the services you use and how you use them. This information is necessary for the adequate performance of the contract between you and us, to enable us to comply with legal obligations and given our legitimate interest in being able to provide and improve the functionalities of the Postclick Platform and Payment Services.
Geo-location Information. When you use certain features of the Postclick Platform, we may collect information about your precise or approximate location as determined through data such as your I.P. address or mobile device’s GPS to offer you an improved user experience. Most mobile devices allow you to control or disable the use of location services for applications in the device’s settings menu.
Usage Information. We collect information about your interactions with the Postclick Platform such as the pages or content you view, your feature usage, number of pages in use, design, and content of pages, and other actions on the Postclick Platform.
Log Data and Device Information. We automatically collect log data and device information when you access and use the Postclick Platform, even if you have not created a Postclick Account or logged in. That information includes, among other things: details about how you’ve used the Postclick Platform (including if you clicked on links to third-party applications), I.P. address, access dates and times, hardware and software information, device information, device event information, unique identifiers, crash data, cookie data, and the pages you’ve viewed or engaged with before or after using the Postclick Platform.
Payment Transaction Information. Postclick collects information related to your payment transactions through the Postclick Platform, including the payment instrument used, date and time, payment amount, payment instrument expiration date and billing postcode, IBAN information, your address, and other related transaction details. This information is necessary for the adequate performance of the contract between you and Postclick.
1.3 Information We Collect from Third Parties.
Postclick may collect information, including personal information, that others provide about you when they use the Postclick Platform and the Payment Services, or obtain information from other sources and combine that with information we collect through the Postclick Platform and the Payment Services. We do not control, supervise or respond for how the third parties providing your information process your personal data, and any information request regarding the disclosure of your personal information to us should be directed to such third parties. For more information on third parties used, see the Postclick GDPR webpage at Postclick.com/gdpr.
Third-Party Services. If you link, connect, or log in to your Postclick Account with a third-party service (e.g., Google, Facebook), the third-party service may send us information such as your registration and profile information from that service. This information varies and is controlled by that service or as authorized by you via your privacy settings at that service.
Other Sources. To the extent permitted by applicable law, we may receive additional information about you, such as demographic data or fraud detection information, from third-party service providers and/or partners, and combine it with information we have about you. For example, we may receive fraud warnings from service providers like identity verification services for our fraud prevention and risk assessment efforts. We may receive information about you and your activities on and off the Postclick Platform through partnerships, or about your experiences and interactions from our partner ad networks.
2. How We Use Information We Collect
We use, store, and process information, including personal information, about you to provide, understand, improve, and develop the Postclick Platform, create and maintain a trusted and safer environment and comply with our legal obligations.
2.1 Provide, Improve, and Develop the Postclick Platform.
Enable you to access and use the Postclick Platform.
Enable you to communicate with other Team Members.
Operate, protect, improve, and optimize the Postclick Platform and experience, such as by performing analytics and conducting research.
Provide customer service, including logging into a User’s account to troubleshoot with their consent, providing email support, or phone support for Enterprise customers.
Send you service or support messages, updates, security alerts, and account notifications.
To operate, protect, improve, and optimize the Postclick Platform and experience, and personalize and customize your experience (such as making design suggestions or recommending features), we conduct profiling based on your interactions with the Postclick Platform, your profile information and preferences, and other content you submit to the Postclick Platform.
We process this information given our legitimate interest in improving the Postclick Platform and our users’ experience with it, and where it is necessary for the adequate performance of the contract with you.
2.2 Create and Maintain a Trusted and Safer Environment.
Detect and prevent fraud, spam, abuse, security incidents, and other harmful activity.
Conduct security investigations and risk assessments.
Comply with our legal obligations.
Resolve any disputes and enforce our agreements with third parties.
Enforce our Terms of Service and other policies.
In connection with the activities above, we may conduct profiling based on your interactions with the Postclick Platform, your profile information and other content you submit to the Postclick Platform, and information obtained from third parties. In limited cases, automated processes may restrict or suspend access to the Postclick Platform if such processes detect a User or activity that we think poses a safety or other risk to themselves, the Postclick Platform, other Users, or third parties.
We process this information given our legitimate interest in protecting the Postclick Platform, to measure the adequate performance of our contract with you, and to comply with applicable laws.
2.3 Provide, Personalize, Measure, and Improve our Advertising and Marketing.
With your consent, we may send you promotional messages, marketing, advertising, and other information that may be of interest to you based on your preferences (including information about Postclick or partner campaigns and services) and social media advertising through social media platforms such as Facebook or Google).
Personalize, measure, and improve our advertising.
Administer referral programs, rewards, surveys, sweepstakes, contests, or other promotional activities or events sponsored or managed by Postclick or its third-party partners.
Conduct profiling on your characteristics and preferences (based on the information you provide to us, your interactions with the Postclick Platform, information obtained from third parties) to send you promotional messages, marketing, advertising and other information that we think may be of interest to you.
We will process your personal information for the purposes listed in this section given our legitimate interest in undertaking marketing activities to offer you products or services that may be of interest. You can opt-out of receiving marketing communications from us by following the unsubscribe instructions included in our marketing communications or changing your notification settings within your Postclick Account.
2.4 How the Payments Data Controller uses the Information Collected.
Detect and prevent fraud, abuse, security incidents, and other harmful activity.
Conduct security investigations and risk assessments.
Conduct checks against databases and other information sources.
Comply with legal obligations (such as anti-money laundering regulations).
With your consent, send you promotional messages, marketing, advertising, and other information that may be of interest to you based on your preferences.
The Payments Data Controller processes this information given its legitimate interest in improving the Payment Services and its users’ experience with it, and where it is necessary for the adequate performance of the contract with you and to comply with applicable laws.
3. Sharing & Disclosure
3.1 With Your Consent.
Where you have provided consent, we share your information, including personal information, as described at the time of consent, such as when you authorize a third-party application or website to access your Postclick Account or when you participate in promotional activities conducted by Postclick partners or third parties.
3.2 Compliance with Law, Responding to Legal Requests, Preventing Harm and Protection of Our Rights.
Postclick may disclose your information, including personal information, to courts, law enforcement or governmental authorities, or authorized third parties, if and to the extent we are required or permitted to do so by law or if such disclosure is reasonably necessary: (i) comply with our legal obligations, (ii) to comply with legal process and to respond to claims asserted against Postclick, (iii) to respond to verified requests relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you or any other of our users to legal liability, (iv) to enforce and administer our Terms of Service, or other agreements with Users, or (v) to protect the rights, property or personal safety of Postclick, its employees, its Users, or members of the public.
Where appropriate, we may notify Users about legal requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon Postclick’s property, its Users and the Postclick Platform. In instances where we comply with legal requests without notice for these reasons, we will attempt to notify that user about the request after the fact where appropriate and where we determine in good faith that we are no longer prevented from doing so.
3.3 Service Providers.
Postclick uses a variety of third-party service providers to help us provide services related to the Postclick Platform and the Payment Services. Service providers may be located inside or outside of the European Economic Area (“EEA”). In particular, our service providers are based in Europe, India, Asia Pacific, and North and South America.
the service providers that prohibit them from using or sharing Personal Information except as necessary to perform the contracted services on our behalf or to comply with applicable legal requirements. Click here to view our list of subprocessors.
Postclick will need to share your information, including personal information, in order to ensure the adequate performance of our contract with you.
3.4 Corporate Affiliates.
To enable or support us in providing the Postclick Platform, we may share your information, including personal information, within our corporate family of companies that are related by common ownership or control.
• Sharing with Postclick, Inc. even if your Country of Residence is not the United States, your information may be shared with Postclick, Inc. which provides the technical infrastructure for the Postclick Platform, product development and maintenance, customer support, trust and safety, and other business operation services to other Postclick entities. The data sharing is necessary for the performance of the contract between you and us and is based on our legitimate interests in providing the Postclick Platform globally.
Additionally, we share your information, including personal information, with our corporate affiliates in order to support and integrate, promote, and to improve the Postclick Platform and our affiliates’ services.
3.5 Social Media Platforms.
Where permissible according to applicable law we may use certain limited personal information about you, such as your email address, to hash it and to share it with social media platforms, such as Facebook or Google, to generate leads, drive traffic to our websites or otherwise promote our products and services or the Postclick Platform. These processing activities are based on our legitimate interest in undertaking marketing activities to offer you products or services that may be if your interest.
The social media platforms with which we may share your personal data are not controlled or supervised by Postclick. Therefore, any questions regarding how your social media platform service provider processes your personal data should be directed to such a provider.
Please note that you may, at any time ask Postclick to cease processing your data for these direct marketing purposes by sending an e-mail to dpo@Postclick.com.
3.6 Business Transfers.
3.7 Privacy Shield.
With respect to onward transfers to Agents under Privacy Shield, Privacy Shield requires that Postclick remain liable should its Agents Process Personal Information in a manner inconsistent with the Privacy Shield Principles.
3.8 Aggregated Data.
We may also share aggregated information (information about our users that we combine together so that it no longer identifies or references an individual user) and other anonymized information for regulatory compliance, industry and market analysis, demographic profiling, marketing and advertising, and other business purposes.
4. Other Important Information
4.1 Analyzing your Communications.
We may use technologies considered automated decision making or profiling. We will not make automated decisions about you that would significantly affect you unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are required by law to use such technology.
We may review, scan, or analyze your communications on the Postclick Platform for fraud prevention, risk assessment, regulatory compliance, investigation, product development, research, and customer support purposes.
For example, as part of our fraud prevention efforts, we scan and analyze messages to mask contact information and references to other websites.
In some cases, we may also scan, review, or analyze messages to debug, improve, and expand product offerings.
We use automated methods where reasonably possible. However, occasionally we may need to manually review some communications, such as for fraud investigations and customer support, or to assess and improve the functionality of these automated tools.
We will not review, scan, or analyze your communications to send third party marketing messages to you, and we will not sell reviews or analyses of these communications.
These activities are carried out based on Postclick’s legitimate interest in ensuring compliance with applicable laws and our Terms of Service, preventing fraud, promoting safety, and improving and ensuring the adequate performance of our services.
4.2 Linking Third-Party Accounts.
You may link your Postclick Account with your account at a third party social networking service. When you create this link:
the information you provide to us from the linking of your accounts may be stored, processed and transmitted for fraud prevention and risk assessment purposes; and
the publication and display of information that you provide to Postclick through this linkage is subject to your settings and authorizations on the Postclick Platform and the third-party site.
We only collect your information from linked third party accounts to the extent necessary to ensure the adequate performance of our contract with you, or to ensure that we comply with applicable laws, or with your consent.
5. Third-Party Partners & Integrations
The Postclick Platform may contain links to third-party websites or services, such as third-party integrations, co-branded services, or third party-branded services (“Third Party Partners”). Postclick doesn’t own or control these Third-Party Partners. When you interact with them, you may be providing information directly to the Third-Party Partner, Postclick, or both. These Third-Party Partners will have their own rules about the collection, use, and disclosure of information. We encourage you to review the privacy policies of the other websites you visit.
6. Your Rights
Under Privacy Shield, you may exercise any of the rights described in this section by sending an email to dpo@Postclick.com. Please note that we may ask you to verify your identity before taking further action on your request.
6.1 Managing Your Information.
You may access and update some of your information through your Account settings. If you have chosen to connect your Postclick Account to a third-party application, like Facebook or Google, you can change your settings and remove permission for the app by changing your Account settings. You are responsible for keeping your personal information up-to-date.
6.2 Rectification of Inaccurate or Incomplete Information.
You have the right to ask us to correct personal information concerning you that is inaccurate, incomplete, or has been processed in violation of the Privacy Shield Principles.
6.3 Data Access and Portability.
In some jurisdictions, applicable law may entitle you to request copies of your personal information held by us. You may also be entitled to request copies of personal information that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible).
6.4 Data Retention and Erasure.
We generally retain your personal information for as long as is necessary for the performance of the contract between you and us and to comply with our legal obligations. If you no longer want us to use your information to provide the Postclick Platform to you, you can request that we erase your personal information and close your Postclick Account. Please note that if you request the erasure of your personal information:
We may retain some of your personal information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety. For example, if we suspend a Postclick Account for fraud or safety reasons, we may retain certain information from that Postclick Account to prevent that User from opening a new Postclick Account in the future.
We may retain and use your personal information to the extent necessary to comply with our legal obligations. For example, Postclick may keep some of your information for tax, legal reporting and auditing obligations.
Information you have shared with others (e.g., forum postings) may continue to be publicly visible on the Postclick Platform, even after your Postclick Account is canceled. However, the attribution of such information to you will be removed. Additionally, some copies of your information (e.g., log records) may remain in our database but are disassociated from personal identifiers.
Because we maintain the Postclick Platform to protect from accidental or malicious loss and destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time.
6.5 Withdrawing Consent and Restriction of Processing.
Where you have provided your consent to the processing of your personal information by Postclick you may withdraw your consent at any time by changing your Account settings or by sending a communication to dpo@Postclick.com specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal. Additionally, in some jurisdictions, applicable law may give you the right to limit the ways in which we use your personal information, in particular, where (i) you contest the accuracy of your personal information; (ii) the processing is unlawful and you oppose the erasure of your personal information; (iii) we no longer need your personal information for the purposes of the processing, but you require the information for the establishment, exercise or defense of legal claims; or (iv) you have objected to the processing pursuant to Section 6.6 and pending the verification, whether the legitimate grounds of Postclick override your own.
6.6 Objection to Processing.
In some jurisdictions, applicable law may entitle you to require Postclick and Postclick Payments not to process your personal information for certain specific purposes (including profiling) where such processing is based on legitimate interest. If you object to such processing Postclick and/or Postclick Payments will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the establishment, exercise or defense of legal claims.
Where your personal information is processed for direct marketing purposes, you may, at any time ask Postclick to cease processing your data for these direct marketing purposes by opting out from your account settings.
7. Operating Globally
7.1 International Data Transfers
7.2 Other Means to Ensure an Adequate Level of Data Protection.
If your information is shared with corporate affiliates or third-party service providers outside the EEA, we have – prior to sharing your information with such corporate affiliate or third-party service provider – established the necessary means to ensure an adequate level of data protection. This may be an adequacy decision of the European Commission confirming an adequate level of data protection in the respective non-EEA country or an agreement on the basis of the E.U. Model Clauses (a set of clauses issued by the European Commission). For more information, please see our Information Security Policy by sending a request to dpo@Postclick.com or at Postclick.com/security.
7.3 California & Vermont Residents.
Postclick Payments will not share information it collects about you with its affiliates or third parties (both financial and non-financial), except as required or permitted by your state’s law.
7.4 California Privacy Rights.
California law permits Users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information, disclosed to those third parties. See Section 12 “Contact Us” for where to send such requests. Postclick and Postclick Payments do not share personal information with third parties for their own direct marketing purposes without your prior consent. Accordingly, you can prevent disclosure of your personal information to third parties for their direct marketing purposes by withholding consent.
We are continuously implementing and updating administrative, technical, and physical security measures to help protect your information against unauthorized access, loss, destruction, or alteration. Some of the safeguards we use to protect your information are firewalls and data encryption, and information access controls. If you know or have reason to believe that your Postclick Account credentials have been lost, stolen, misappropriated, or otherwise compromised or in case of any actual or suspected unauthorized use of your Postclick Account, please contact us following the instructions in Section 12 below.
9. Redress/Compliance and Accountability
This Policy shall be implemented by Postclick and all its operating divisions, subsidiaries and affiliates. Postclick has put in place mechanisms to verify ongoing compliance with Privacy Shield Principles and this Policy. Any Employee that violates these privacy principles will be subject to disciplinary procedures. If you are an E.U. or Swiss citizen and feel that Postclick is not abiding by the terms of this Policy, or is not in compliance with the Privacy Shield Principles, please contact Postclick at the information provided in Section 12 “Contact Us” section below.
In addition, Postclick has agreed to refer unresolved complaints related to Personal Information to JAMS Privacy Shield Dispute Resolution Program. For more information and to submit a complaint regarding Individual data to JAMS, a dispute resolution provider which has locations in the United States and E.U., visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim.
You may also have a right, under certain conditions, to invoke binding arbitration under Privacy Shield; for additional information, see https://www.privacyshield.gov/article?id=ANNEX-I-introduction. The FTC has jurisdiction over Postclick’s compliance with the Privacy Shield.
11. Contact Us
303 Second Street, Suite 901 South Tower San Francisco, CA 94107