Dear Interested Party, Exposure Reviews has great respect for the privacy of its users.
The data that may be communicated through the site will be treated with the utmost care and with all the tools necessary to ensure its security, in full compliance with current legislation to protect the confidentiality of data. We wish to inform you that the “European Regulation 2016/679 on the Protection of Individuals with regard to the Processing of Personal Data and on the free movement of such data” (henceforth “Regulation” or “GDPR”) provides for the protection of individuals with regard to the processing of data of a personal nature as a fundamental right. Therefore, pursuant to Article 13 of the GDPR, we would like to inform you of the following:
EXPOSURE REVIEWS offers its users a software platform called EXPOSURE REVIEWS, accessible through the website of the same name which, through a series of features and interactions with external providers, allows Customers to:
(a) Centrally manage the reviews of their end customers, also selecting a carousel of the best reviews that they can display on their landing pages;
EXPOSURE REVIEWS, in accordance with the GDPR Regulations, acts as:
– Data Controller, with respect to the data of Users who own businesses of various kinds and/or further business activities (hereinafter “Merchants”) and browsing data, in particular the data referred to in points a) and b) of Article 2 of this Policy.
– Processor for the data of end customers (i.e. those who review the Merchant’s business) conferred by Merchants in the context of requesting, creating and organizing reviews. The processing carried out by EXPOSURE REVIEWS in relation to these categories of data is governed by the “Data Processor Addendum” pursuant to Article 28 of the Regulations. The Addendum constitutes an integral part of the contractual relationship between EXPOSURE REVIEWS and The Merchant, together with this notice and the terms and conditions.
EXPOSURE REVIEWS does not use the data provided by Merchants for its own purposes, such as marketing, market research, communication to third parties, or dissemination. It is understood that Merchants ensure that end customers have been adequately informed that their data will also be processed through external data processors and, in particular, by EXPOSURE REVIEWS.
“Addendum” is the document that governs the relationship between the Merchant and EXPOSURE REVIEWS regarding privacy. “Personal Data” means any information concerning an identified or identifiable natural person, with particular reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural, or social identity.
“Processor” the natural person, legal entity, public administration and any other entity that processes personal data on behalf of the Controller.
“Controller” the natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and means of the processing of personal data and the instruments adopted, including security measures.
“User(s)” and/or “Customer(s)” “Data Subject(s)” the individual who visits the website exposurereviews.com and uses the service, i.e. the one to whom the Personal Data refers who, unless otherwise specified, coincides with the Data Subject.
The Controller collects directly from its Users, Personal Data and other information as part of the online registration processes on the website exposurereviews.com, in order to provide the services requested by Users (typically these are data such as e-mail address, first name, last name, contact telephone number of a contact person).
The subject of processing may be personal data of Users such as:
The computer systems and applications dedicated to the operation of the EXPOSURE REVIEWS website detect, in the course of their normal operation, certain data (the transmission of which is implicit in the use of Internet communication protocols) potentially associated with identifiable users. The data collected include the IP addresses and domain names of the computers used by Users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.. ) and other parameters regarding the operating system, browser and computer environment used by the user, name of the internet service provider (ISP), date and time of visit, web page of the visitor’s origin (referral) and exit.
The voluntary and explicit sending of electronic mail to the addresses indicated in the different access channels of this site does not imply a request for consent and involves the acquisition of the sender’s address and data, necessary to respond to requests, as well as any other personal data included in the message. These data are understood to be voluntarily provided by the User at the time of the request for the provision of the service. By entering a comment or other information, the User expressly accepts this document, and in particular agrees that the contents entered may also be freely disseminated to third parties. On the contrary, specific summary information will be reported or displayed on the pages of the site set up for particular services on request (forms). The user must therefore explicitly consent to the use of the data in these forms in order to send the request.
EXPOSURE REVIEWS processes the data provided by Merchants as a data processor and in accordance with the requirements contained in the Addendum. In particular, EXPOSURE REVIEWS guarantees to comply with the instructions of the Merchant and not to use such data for its own purposes, such as marketing, market research, communication to third parties or dissemination.
Personal data held by the Owner are collected directly from the Data Subject. End-customer data are uploaded by Merchants as part of the use of services.
The processing of Users’ data has the following purposes and legal basis:
Purpose: authentication and use of the site. Legal basis: contractual fulfilment.
Purpose: access to certain purposes of the service. Legal basis: contractual fulfilment.
Purpose: to speed up the purchase process. Without consent, nothing will be stored. Legal basis: consent of the User.
Purpose: Communications for marketing, promotional, and/or commercial purposes. Legal basis: consent of the user.
Purpose: to send e-mail about news and topics of interest. Legal basis: consent of the User.
Purpose: updates on the Owner’s products and services. Legal basis: legitimate interest of the Owner.
Purpose: Use of aggregated and anonymous data to improve the service. Legal basis: legitimate interest of the Owner.
Purpose: To detect, prevent or stop fraudulent activities on the site. Legal basis: legitimate interest of the Owner and legal obligation.
Legal basis: legal obligation.
Purpose: to comply with legal obligations. Legal basis: legal obligation.
Purpose: to ensure and improve the web browsing experience. Legal basis: the legitimate interest of the Data Controller.
Purpose: is the purpose inherent in the request to enter that data. Legal basis: consent of the User.
The provision of personal data for the purposes referred to in point 1 and 2 of this article is necessary to allow you to register on the platform and to conclude the contract. Therefore, in the absence of the aforementioned data, you will not be able to use our services.
Consent for the purposes referred to in point 3, 4 and 5 is optional and does not entail any negative consequences for Users’ experience.
To the extent relevant to the stated processing purposes, Users’ data may be disclosed to partners, consulting companies, private companies, third-party technical service providers, hosting providers, IT companies, communications agencies.
If the suppliers process personal data on behalf of the Data Controller, they will be appointed as data processors ex art. 28 GDPR.
The EXPOSURE REVIEWS website may share some of the data collected with services located outside Australia. In particular, through social plug-ins and the Google Analytics service. The transfer is authorized and strictly regulated by Article 45, paragraph 1 of the EU Regulation 2016/679, so it does not require specific authorisations.
According to the principle of storage limitation (art.5, GDPR), the verification of the obsolescence of the stored data in relation to the purposes for which they were collected is carried out periodically.
(a) automatically collected data are processed, for the time strictly necessary, for the sole purpose of
derive statistical information on the use of the site and to check its regular operation,
also for security purposes or according to the deadlines stipulated by legal regulations;
The Data Subject always has the right to request from the Data Controller access to his/her data, rectification or erasure of data, restriction of processing or the possibility to object to processing, to request data portability, to revoke consent to processing by asserting these and other rights under the GDPR by simple communication to the Data Controller. The Data Subject may also lodge a complaint with a supervisory authority.
The Interested Party may forward these requests to the following e-mail address: email@example.com
10. DATA PROCESSING METHODS.
The personal data provided by the Users will be subject to processing operations in compliance with the aforementioned regulations and the obligations of confidentiality that inspire the activity of the Data Controller. The data will be processed both with computer tools and on paper media as well as on any other type of suitable media, in compliance with the adequate security measures pursuant to Article 5 par. 1 letter F of the GDPR.
11. FINAL NOTES AND WAY OF UPDATING