Kargo Media Ireland Limited t/a StitcherAds (company registered in Ireland, number 476178, and StitcherAds North America LLC collectively “the Company” or “StitcherAds”) believe that protecting your privacy is crucial to our business and values. In the course of our business operations, the Company receives, collects, stores, uses and shares personal data on customers and business partners and of web and app users who may be customers or potential customers or our clients in connection with the services we offer (collectively “Data Subjects”).
The Company acts as a data controller (i.e. we decide how and for what purpose Personal Data is processed) with respect to the information the Company processes in connection with our business relationships.
On the other hand, the Company may also act as a data processor when our customers and business partners engage us to process Personal Data of their customers and potential customers on their behalf, or require us to access Personal Data held by third-party service providers (e.g. social networks such as Facebook).
In these cases, the customer is the data controller, and primarily responsible for the data processing activities, and we must process the Personal Data only on their behalf and in accordance with their instructions.
2. Our Services
The Company provides services (our “Services”) mostly to retail brands through our technology platform that is specially designed to facilitate their advertising campaigns across social networks such as Facebook, Instagram, Snapchat, Pinterest, and TikTok.
Our customers provide us with information on their product ranges. We may assist with creative services to enhance this information and design effective campaigns.
We work with the social networks to decide which types of users may be most interested in these products, and configure and buy advertising campaigns for our customers. Our customers may also in some cases provide us with information relating to their current or potential customers for inclusion in the relevant campaigns (which may include name, postal address, postal codes, email, product data, loyalty data, IP addresses, pricing and promotional data, and may be provided in hashed or encrypted form). However, normally only the social networks select and know who the audiences are for the campaigns, and neither we nor our customers see their data.
During and after campaigns we may provide our customers with reports and insights regarding the success of the campaigns or different tests carried out, and these reports and insights generally will not contain any Personal Data.
So we either process no Personal Data on behalf of our customers or, for any Personal Data that they provide us or ask us to obtain from the social networks, we are a data processor and they are the data controller. In those cases we process such Personal Data only on our customers’ instructions, in accordance with applicable privacy laws, and the data processing agreements entered into with the controllers.
In accordance with applicable laws, this Policy focuses on the processing of Personal Data where we are a data controller. Where we are a data processor, we recommend referring to the Privacy Policies of the relevant controllers for further information. The relevant data controller should enable you to exercise all the same rights as set out in this Policy, and if you contact us then we will have to forward your request to the relevant data controller.
3 Personal Data the Company collects and uses
The Personal Data of our business contacts that is processed by us is mainly obtained directly from the Data Subject. Provision of such Personal Data is necessary to use and purchase our Services, to fulfil Data Subjects’ requests for information relating to our Services, to organize communication in relation to our business events, and to purchase and pay for goods and services. The Company may not be able to provide the Services to Data Subjects that refuse the processing of their Personal Data.
The main categories of Personal Data of our business contacts collected by the Company are:
- phone number,
- e-mail address,
- usage data generated by our Services;
- device-related information from cookies or similar technologies;
- any other information provided by Data Subjects e.g. via correspondence, chat, telephone, or web forms.
- Personal Data generated from the Data Subject’s use of any third-party services and applications which are used in connection with the Services.
Personal Data may be updated and supplemented with data from private and public sources such as websites and trade directories.
The Company does not collect sensitive information (also known as special categories of Personal Data).
4 Processing of Personal Data
The Company processes Personal Data of Data Subjects to manage and promote the Services, including to provide demonstrations, to contact and market our Services to participants at our business events, and to contact and send marketing material to the visitors of our websites who submit us their information in a form or otherwise request marketing or other information from StitcherAds. For this purpose, Personal Data may be processed for market and customer analysis, reporting and statistical purposes, customised marketing, service notices, database management and maintenance, product suggestions and offers, interaction with external social networks, access to third-party services’ accounts and platforms, heat mapping and newsletters. Personal Data may be used for direct marketing, including, where applicable, by electronic means. The Company provides an easy way to cancel marketing communications, including within each email.
Further, Personal Data may be used for invoicing and to send important information to Data Subjects; this may include but not be limited to changes of applicable fees, price lists and conditions, or to contact Data Subjects and provide information customised Services according to their interests.
We also process Personal Data of staff of our suppliers (or potential suppliers) from whom we obtain goods and services, for the purposes of evaluating their supplies, managing our contracts with them, and paying their invoices.
Our legal bases for these Personal Data processing activities are that they are necessary:
- for the performance of the contract between us and the Data Subject (if our customer or supplier is an individual);
- for the purposes of our legitimate interests in operating, promoting and managing our business. This Personal Data always relates to the Data Subjects’ business life, is within the expectations of professional Data Subjects, and is kept securely, and so we have concluded that such interests are compatible with the Data Subjects’ rights and interests;
- to comply with legal obligations applicable to us, such as recordkeeping, tax, and accounting.
Where we act as a data processor, the relevant data controller will be responsible for deciding the appropriate legal basis and providing relevant information to Data Subjects. On behalf of a data controller who is our customer, we may ask for:
- the Data Subject’s consent for the processing of certain Personal Data (for example for a campaign). When collecting such consents, the Company will inform the Data Subject of the purposes of the processing, in accordance with the data controller’s instructions, and such processing is carried out only when appropriate consent is received; or
- certain permissions allowing us to perform actions with the Data Subject’s social media accounts and to retrieve information, including Personal Data, from them. This allows our Services to connect with the User’s account on the social network. In the case of Facebook, the following permissions may be asked: About Me, Access Rights (including but not limited to Ad Account Access, Business Manager Access), App Notifications, Contact Email, Manage Advertisements, and Manage Pages. For more information about social network permissions, refer to the relevant permissions documentation and Data Policy (in the case of Facebook: https://www.facebook.com/about/privacy/update).
5 Disclosure of Personal Data
- Data storage;
- Image and video processing;
- System monitoring and security;
- Code development and error tracking;
- Heat maps;
- Analytics; and
- Customer Communications management.
Personal Data may be transferred outside the European Union, the European Economic Area, Switzerland and the United Kingdom (“Europe”), including but not limited to, the United States of America, South Africa, Singapore and as well as other locations and jurisdictions in which the Company conducts its business. Where the destinations are not subject to any adequacy decision from the European Commission or other authorities (like the examples given above), then we ensure such transfers outside Europe are subject to appropriate safeguards such as standard data protection clauses adopted or otherwise approved by the European Commission or other authorities.
A copy of the applicable safeguards may be made available for review if we receive a valid request.
6 Retention Period
The Company retains Personal Data for 3 years from the Data Subject’s latest purchase or contact with us. Personal Data may be, wholly or in part, retained for a longer or shorter-term if required by applicable law or if there is another justified reason to retain or delete them (e.g. for recordkeeping purposes or in line with limitation periods for legal actions). In those cases, Data Subjects’ Personal Data will be erased without delay after there is no longer any need for such retention.
The Company evaluates the necessity and accuracy of the Personal Data that it processes on a regular basis.
7 Data Subjects’ Rights
A Data Subject has a right to request from us:
- access to, correction, or erasure of such Data Subject’s Personal Data;
- to restrict or object to processing for certain purposes; and
- to receive, under certain conditions, such Data Subject’s Personal Data in a structured, commonly used and machine-readable format and to transmit that Personal Data to another controller (“Data Portability”).
You may exercise your rights by sending a written request to us. Where the processing is based on consent, you have a right to withdraw such consent at any time. Please note that this will not affect the lawfulness of processing based on consent before its withdrawal.
If you consider that your rights under the data protection laws are infringed, please always contact us in the first instance and we will assist. However, you also have a right to lodge a complaint with a competent data protection supervisory authority (e.g. in Ireland the Irish Data Protection Commissioner).
8 Security Safeguards
Securing the integrity and confidentiality of Personal Data. The Company has in place appropriate technical and organisational measures in order to keep Personal Data safe and to secure it against unauthorized access, loss, misuse or alteration by third parties, such as encryption, access controls, and firewalls.
Nevertheless, considering the cyber threats in the contemporary online environment, the Company cannot 100% guarantee that our security measures will prevent illegally and maliciously operating third parties from obtaining access to Personal Data and the absolute security of that information during its transmission or its storage on our systems.
9 Changes to this Policy
10 Contact information
Kargo Media Ireland Limited t/a StitcherAds
(registered in Ireland, number 476178)
ArcLabs Research and Innovation Centre, Carriganore, Co.