When handling personal information we will comply with the New Zealand Privacy Act 2020 (the Privacy Act). Where applicable, we will also comply with data protection laws of other jurisdictions, such as the European General Data Protection Regulation (GDPR).
Company number: 2703642-5
Address: Tammasaarenkatu 1
00180 Helsinki, Finland
WHAT PERSONAL DATA DO WE COLLECT?
Personal data is any information that can be used to identify a living person. It does not include data where the identity has been removed (de-identified information).
Information You Give Us
Information that you may provide directly to us through the Services or otherwise communicate with us.
Personal and Business Contact information provided via registration forms or through chat with our expert, such as your first name, last name, email address, telephone number, your role (such as Marketing Freelancer, Marketing Agency representative, Small Business owner/manager, etc.), other data additionally provided by you.
Account information provided if you create an account, such as Personal and Business Contact information, username, password.
User Content you post on our Site, such as text, images, photographs, messages, comments, or any other kind of content.
Feedback and correspondence, such as information you provide in your responses to surveys, when you participate in market research activities, report a problem with our Site, receive customer support or otherwise correspond with us.
Transaction information, such details about subscription to our Services you make through the Site and billing details. If you give us credit card or other payment means information, we use it solely to check your financial qualifications and collect payment from you.
Marketing information, such as your preferences for receiving marketing communications and details about how you engage with them.
Testimonials you post on our Site or provided to us via email, such as your full name, position, company, photo and review.
Information We Receive
We also receive personal data indirectly from social networks.
From Social Networking Sites. You may choose to connect to our Services via your Facebook social media account. Exactly what information we receive from your social media will depend on your social media privacy settings, but it would typically include your basic public profile information such as your username; profile picture; age range; gender; date of birth.
From Connected Social Media Accounts. PromoRepublic may allow you to connect a Social Media Account page or profile like Facebook, Twitter, Instagram, LinkedIn, Pinterest to your PromoRepublic account, in which case we will access certain information from this Social Media regarding your account. In particular, we may collect profile image, display name, username / page ID or profile ID, access tokens, and sent posts. This includes the content of your post and engagement data (such as click rates, likes, re-shares, impressions, as well as general engagement counts), to the extent permitted by applicable law. This data will only be used by PromoRepublic to provide you with the Service you expect and will not be shared with any third parties.
From PromoRepublic Social Pages. We collect information such as following / subscriptions, likes, comments, reposts / retweets, tags or any other information about your interactions and activity on PromoRepublic Social Pages (Facebook, Twitter, Instagram, LinkedIn).
Information Automatically Collected
When you access and use our Services, we automatically collect technical information (log and usage data, device data, location data).
Technical information. We log your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the Site you visited before browsing to our Site, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Site as well as broad geographic location (e.g. country or city-level location) based on your IP address and GPS location where you provide your consent. We collect this information about you using Cookies and Similar Technologies.
Information Provided to Us by Third Parties
We obtain information about you from third-party sources as required or permitted by applicable law, such as public databases, business partners, and other third parties.
Publicly Available Information. When you contact us on behalf of the organization interested in our Services, we may conduct an independent search and analysis of information about the organization from public databases. We may collect the following data: company’s legal name, country of incorporation, characteristics of services and products provided; information about you is available on the organization’s site, public pages on social networks concerning your position, work experience, career, etc.
Information Related to Legal Requirements. We collect such information to comply with our legal obligations, such as anti-money laundering (AML) laws, which is our lawful basis for processing, and to provide you with our Services.
No special categories of information
We do not request or intend to collect any “special categories of information”.
We do not request or intend to collect any sensitive data such as any information on health, race, religion, political opinions or philosophical beliefs, sexual preferences, or orientation.
Changes to your personal data
It is important that the personal data we hold about you is accurate.
If your personal data changes during your relationship with us, update your account or contact us at email@example.com.
LEGAL BASES AND PURPOSES FOR THE PROCESSING
Our processing activities have lawful bases and fit the purpose for which personal data is gathered.
The main lawful bases we rely on for processing this data are consent, contract, legal obligation, and legitimate interests. We will only process data that is necessary for the purpose for which it has been collected.
Consent and related purposes
Consent is a freely given, informed, and unambiguous indication of your wishes to process your personal data for a specific purpose.
Where you have provided your consent, we may use and process your data to contact you about offers, promotions, events, services or information which we think will be of interest to you.
If you do withdraw your consent, and if we do not have another legal basis for the processing of your data, then we will stop the processing of your personal data and will erase it in specific situations, including in case if you request the deletion of your personal data and we are obliged to erase your personal data according to the applicable law.
If we have another legal basis for the processing of your data, then we will continue to do so, subject to your legal interests and rights.
Contract and related purposes
Contract is a legal basis for the personal data processing necessary for us to perform a contract or the Terms of Service.
We use and process your personal data where this is necessary to perform a contract or the Terms of Service to which you are a party or in order to take steps at your request prior to entering into the contract or the Terms of Service and to deliver the Services.
Legal Obligations and related purposes
Legal obligations is a legal basis for personal data processing when there is an obligation to comply with a legal obligation to which we are subject.
We will process your personal data to comply with our legal or regulatory requirements, for example, anti-money laundering (AML) and know your client (KYC) rules.
Applicable laws have other legal bases for the processing and when they are applicable we will rely on such bases.
Legitimate Interests and related purposes
Legitimate Interest is a legal basis for personal data processing when it is based on our legitimate interests or the legitimate interests of a third party.
We use and process your personal data as set out below where it is necessary for us to carry out activities for which it is in our legitimate interests as a business to do so. Those interests are not outweighed by your rights and interests and those interests have a specific purpose, they are necessary, and they are balanced.
Users support: to respond to your feedback and correspondence and fulfill your requests; to help you through support chat.
Promotion of our business: to contact you with marketing information in certain cases; to contact you with targeted advertising delivered online through social media, search engines, third-party sites, and applications, and other platforms operated by other companies unless you object or such activity requires your consent.
Communication with you: to manage legal and regulatory requests and requirements; to respond to queries, complaints, or claims; to enforce or protect our legal rights or to establish, bring or defend legal claims.
Administrative and technical aspects: to verify the accuracy of the information that we hold about you; for network and information security purposes; to comply with a request from you in connection with the exercise of your rights; to inform you of updates to our terms and policies; for essential cookies.
COOKIES AND SIMILAR TRACKING TECHNOLOGY
We use “cookies” and other tracking technologies to process your data. A “cookie” is a small file stored by your device when told to do so by a Site.
The Services use “cookies” and other technologies such as pixel tags, local shared objects, hardware-based device identifiers, flash cookies, operating system-based identifiers, clear GIFs, and web beacons.
PromoRepublic’s cookies are typically used to quickly identify your device and to “remember” your device during subsequent visits for purposes of functionality, preferences, and Site performance.
You can disable cookies on your device or set your device to alert you when cookies are being sent to your device; however, disabling cookies may affect your ability to use the Services.
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
To conduct our business and provide our Services we share your personal data with the following categories of recipients.
- Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary as a matter of applicable law or regulation.
- Any other person with your consent to the disclosure.
The main service providers we currently use are here.
Aggregated or de-identified information. We may disclose or use aggregated or de-identified information for any purpose. For example, we may share aggregated or de-identified information with prospects, partners, or sponsors for business or research purposes.
HOW DO WE STORE YOUR PERSONAL DATA?
We implement data storage security policies to keep your data secure.
The personal data collected by PromoRepublic is processed at the company’s offices in the European Economic Area (EEA) and in any data processing facilities operated by the service providers.
TRANSFERRING DATA OVERSEAS
Your personal data may be transferred to, and processed in, countries other than the country in which you are resident.
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.
By providing your data to us you agree to these transfers taking place.
DATA RETENTION PERIODS
We will not retain your personal data longer than necessary to achieve the purposes for which it is processed or to comply with legal requirements.
Contact information — until the purpose of collecting is reached; e.g. if you register for the webinar or event, we will erase your personal data within 3 months unless there is a legal basis for future processing.
Account information and User Content — as long as you have a user account: we will erase uncommitted and inactive accounts after 12 months since the last authorization; after deactivation of account we will erase your personal data within 3 months.
Feedback and correspondence — until the purpose of communication is reached.
Transaction information and Information Related to Legal Requirements — up to 6 years to comply with applicable legal, tax or accounting requirements.
Marketing information — as long as our relations continue.
Information Collected from Connected Social Media Sites and Accounts — as long as such accounts and pages are connected to your PromoRepublic account.
Information Collected from PromoRepublic Social Pages — as long as the relevant page/content/user exists on a certain Social Page.
Technical information — up to 2 years starting from the date of the last use of our Services.
Publicly available information — as long as our communication continues.
When we have no ongoing legitimate business need to process your personal data, we will either erase or de-identify it or, if this is not possible – for example, because your personal data has been stored in backup archives – then we will securely store your personal data and isolate it from any further processing until erasure is possible.
HOW DO WE KEEP YOUR PERSONAL DATA SECURE?
We use appropriate technical and organizational measures designed to protect the personal data that we collect and process about you.
The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data. Specific measures we use include encrypting your personal data in transit and at rest. We also have security policies and data processing agreements with all our employees and contractors who are obliged to follow and maintain appropriate technical and organizational measures.
Connections to the Site are encrypted using 256-bit SSL with integrity assured by the SHA2 ECDSA algorithm. We use servers that comply with strict international data security standards, including ISO 27001.
You acknowledge that no perfect security infrastructure exists, no data transmission is guaranteed to be 100% secure, and there may be some security risks. You are responsible for your login information and password. You shall keep them confidential. In case your privacy has been breached, please contact us immediately on firstname.lastname@example.org.
YOUR DATA PROTECTION RIGHTS
You have data protection rights. Your rights will differ depending on our lawful basis for processing.
Right of access – You have the right to ask us for copies of your personal data.
Right to rectification – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Right to erasure (right to be forgotten) – You have the right to ask us to erase your personal data in certain circumstances.
You may do so either through your account settings or by contacting us.
Right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances. This means we are permitted to store the data but not further process it. We keep just enough data to make sure we respect your request in the future.
Right to object to processing – You have the right to object to the processing of your personal data (which is processed on the grounds of legitimate interests) in certain circumstances.
Right to data portability – You have the right to ask that we transfer the personal data you gave us to another organization, or to you, in certain circumstances. Please note that transferring your personal data does not mean that it will be erased from our systems unless you file a request to erase your data.
Right to opt-out of marketing communications we send you at any time – You can exercise this right by clicking on the “unsubscribe / opt-out” link in the marketing communications we send you or by contacting us.
Right to withdraw consent – If we are processing your personal data with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing bases other than consent.
Right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection supervisory authority.
For further information about privacy and the protection of privacy, visit the Office of the Privacy Commissioner’s site at www.privacy.org.nz.
You can control and limit the nature of personal data that we collect and process about you in a number of ways.
We will respond to all requests we receive from individuals wishing to exercise their data protection rights.
You can do so by contacting us at email@example.com. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
We kindly remind you that our Services are not intended for use by children under 18 years of age according to the Terms of Service.
We do not intentionally gather personal data from visitors who are under the age of 18, without their parental or guardian’s consent. If a parent or guardian becomes aware that personal data has been provided to us on behalf of a child without their consent, they should contact us. We will delete such information from our files as soon as reasonably practicable.
We will take appropriate measures to inform you about changes and updates.
Our Services may contain links to third-party services.
Be aware that by following the third-party links you leave our Services. As we do not operate those sites, applications, and platforms, we are not responsible for the privacy practices of the entities that operate them.