Is Promoted a “controller” or a “processor” for purposes of data protection and privacy laws?
We act as a “processor” as defined by the GDPR and a “service provider” as defined by the CCPA as to the personal information provided by our clients. We only use the information we collect to provide our services and we never sell the information we collect or use it for cross-site or interest-based advertising purposes. We offer a standard Data Processing Addendum that documents these commitments.
What personal information does Promoted collect through its services?
Our products are highly configurable so that our clients determine what information we collect. Data minimization is an important foundation of our products and services, and accordingly, we have designed our services to collect the least amount of personal data necessary. Typically, we collect a customer ID determined by the client as well as log information about a consumers’ session.
Does Promoted collect identifying information?
Because data minimization is core to our philosophy as a company and because we do not need identifying information to provide our services, we ask that our clients not provide us certain identifying information such as the names or email addresses of end-users.
How does Promoted secure the information it collects?
Promoted implements robust technical and organizational security measures to ensure a level of security appropriate to the risk of processing at hand. Some of the measures we have in place include ensuring all of our servers are in a virtual private cloud, in a private subnet, with access controls in place. We also encrypt our log records and DB traffic in transit and at rest.
Does Promoted combine the information it collects across clients?