Data Processing Agreement (DPA)
- This document is part of the Terms of Service of PaidVerts and can be accessed at ToS. Both parties - the User of this website and the Website Provider agree to to the terms specified below. The terms apply to the users established in the EU and/or for processing data of users located in EU. By agreeing to this act, the User provides an explicit consent allowing the website provider, and whenever necessary, other 3rd party entities to store and process users Personal Data. 3rd party entities, in this case are Data Processors and must themselves be GDPR compliant.
- A Data Controller is an individual or a legal person who controls and is responsible for the keeping and use of personal information on a computer or in structured manual files. Data Processor is the entity which Processes Personal Data on behalf of the Data Controller. Sub-processor is any Data Processor engaged by Data Processor Data Subject is the individual to whom Personal Data refers. Personal Data is any Information which relates to a living individual, who can be identified either directly from that data, or indirectly in conjunction with other data which is likely to come into the legitimate possession of the Data Controller. Processing data shall mean both storing and processing of Personal Data.
Processing of user’s personal data
- Both parties agree that the Website Provider is the Data Controller, 3rd party service providers are the Data Processors and the Website User is the Data Subject. The Data Controller agrees to the fair use of data and shall keep the data only when necessary and for the minimum duration needed to provide the basic services. The Data controller agrees to store and process only the minimum amount of personal data needed to provide it’s service to the users. the Data Controller ensures that the Processing and storage meet the terms of Data Protection Laws and common procedures. The Data subject agrees to provide authentic data, or, in case that is not possible, not provide data that belongs to someone else or is misleading in any way or form.
3rd party entities - Data Processors
- To provide basic services PaidVerts uses hosting services by AWS(Amazon Web Services) which is fully GDPR compliant. See: https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/ https://aws.amazon.com/compliance/gdpr-center/ to learn more about AWS compliance with GDPR.
Rights of Data Subjects
- Data Controller shall fulfil any reasonable request on behalf of the User to correct and/or delete any part of Personal Data. If requested by the Data Controller, sufficient evidence must be provided by the Data subject to ensure that the Data Subject is entitled to accessing the Personal Data. Data Subject may submit a request to obtain a copy of the Personal Data. The data should be provided in a form most suitable for viewing and processing without requiring any pre-processing by the Data Subject and in generally accepted file formats. These requests are free of charge, unless in case of unsubstantiated and/or repeated requests where a fee can be charged.
Data processor employees
PaidVerts shall make sure that
- all employees are to follow common Data Security routines and guidelines
- access to Personal Data is limited only to employees who require the data to perform their basic service/tasks
- PaidVerts shall make sure that
PaidVerts shall take logical and physical security measures to ensure the privacy, integrity and safety of Personal Data and prevent it’s misuse. PaidVerts shall process the data only for the duration needed to perform basic services. Should PaidVerts be aware of unauthorized access to Personal Data located on it’s servers or servers of 3rd party entities PaidVerts will:
- take necessary measures to inspect and contain the data breach
- immediately notify all affected users of Security Infringement
- provide users with the extent of the Security Infringement
- Notify the authority specified by GDRP and/or Data Privacy Law and, if needed, assist at any effort to investigate the incident.
- PaidVerts shall take logical and physical security measures to ensure the privacy, integrity and safety of Personal Data and prevent it’s misuse. PaidVerts shall process the data only for the duration needed to perform basic services. Should PaidVerts be aware of unauthorized access to Personal Data located on it’s servers or servers of 3rd party entities PaidVerts will:
What kind of data is collected and what kind of data is not collected?
PaidVerts does store:
- IP and other browser/server information for the purpose of detecting and preventing fraud and unauthorized system access, as well as security of it's systems.
- cookies to provide login/authentication services.
- programming logs as a way to locate and debug programming issues
- email addresses for login purposes and as a way to contact Users
- limited financial data for the purposes of finding and confirming transactions, such as transaction IDs from payment processors
- optional sex information used strictly to allow additional access to targeted offerwalls
- Date of birth as a means to help verify user age restrictions
- PaidVerts does store:
Why data is processed
- PaidVerts is processing data to provide basic services e.g. login and authentication, to send important notifications on website and terms of service update, to provide marketing news e.g. Special Offers.
Deletion/altering of personal data
- Upon Data Subject’s request to alter or delete Personal Data, PaidVerts shall, to extent lawfully permitted, take appropriate action to fulfil the request at the minimum time possible. The never-exceed limit is one month.