Like many other software companies, we are implementing our company-wide GDPR compliance strategy leading up to May 25, 2018 and beyond. We appreciate that our Customers have requirements under GDPR that are directly impacted by their use of InPlayer’s Services, and we are committed to helping our Customers fulfill their requirements under GDPR.
- For the purposes of understanding roles in regard to the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) – InPlayer is defined as the Data Processor and the Customer or Merchant is the Data Controller.
- The Customer or Merchant, as Data Controller, appoints InPlayer as a Processor to process the Personal Data as described on the Customer or Merchant’s behalf.
- InPlayer will only process the Personal Data to provide the Services or otherwise to comply with applicable laws or regulatory requirement.
- InPlayer will ensure that any person with access to or processing the Personal Data is subject to a duty of confidence.
- InPlayer will take appropriate technical and organisational security measures to ensure the security of processing and protect the Personal Data from accidental or unlawful destruction, loss, alteration, unauthorised access or disclosure or unlawful processing.
- The Customer or Merchant authorises InPlayer to appoint subprocessors as they deem appropriate or necessary for the provision of the Services.
- InPlayer will assist the Customer or Merchant in providing subject access and allowing data subjects to exercise their rights under the GDPR.
- InPlayer will assist the Customer or Merchant in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments.
- InPlayer will provide mechanisms for the Customer or Merchant to download all Personal Data at any time, to delete the record of a single Data Subject, and to delete all Personal Data at the end of the contract.
- The Customer or Merchant may exercise their right of Audit under GDPR legislation through InPlayer providing an audit report not older than 18 months prepared by an independent external auditor demonstrating InPlayer‘s technical and organisational measures are sufficient to meet the obligations of a Data Processor under GDPR.
- InPlayer will submit to Customer or Merchant audits and inspections, provided the Customer or Merchant pays an applicable audit fee in full, and in advance of the commencement of such audit.
- InPlayer will immediately inform the Customer or Merchant if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state.
- Nothing within this contract relieves InPlayer of its own direct responsibilities and liabilities under the GDPR.
How we collect your data
When you visit our websites or use our services, we collect personal data. The ways we collect it can be broadly categorised into the following categories:
- Information you provide to us directly: When you visit or use some parts of our websites and/or services, or contact us directly, we might ask you to provide personal data to us. For example, we ask for your email address when you register an account in order to purchase Premium Content from our Merchants or become a Merchant yourself, respond to a job application or contact us with questions, request support and join us on social media. If you don’t want to provide us with personal data, you don’t have to, but it might mean you can’t use some parts of our websites or services.
- Information we collect automatically: We collect some information about you automatically when you visit our websites or use our services, like your IP address and device type. We also collect information when you navigate through our websites and services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you’re using our websites and services so that we can continue to provide the best experience possible (e.g., by personalising the content you see).
Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, take a look at our cookie notice.
- Information we get from third parties: The majority of information we collect, we collect directly from you. Sometimes we might collect personal data about you from other sources, such as publicly available materials or trusted third parties like our payment processing partners. We use this information to supplement the personal data we already hold about you, in order to better inform, personalise and improve our services, and to validate the personal data you provide.
We don’t store your debit/credit card information.
The payments made to us are processed through third-party payment processing companies, such as Stripe, PayPal or Braintree.
Using PayPal, Braintree or Stripe means we don’t need to store your payment card details, they are sent encrypted directly to the payment processing company, we don’t store them anywhere.
- You can read more about security at Stripe here: https://stripe.com/docs/security/stripe
- You can read more about security at PayPal here: https://www.paypal.com/va/webapps/mpp/paypal-safety-and-security
- You can read more about security at Braintree here: https://www.braintreepayments.com/features/data-security
Where we collect personal data, we’ll only process it:
- to perform a contract with you, or
- where we have legitimate interests to process the personal data and they’re not overridden by your rights, or
- in accordance with a legal obligation, or
- where we have your consent.
If we don’t collect your personal data, we may be unable to provide you with all our services, and some functions and features on our website or service may not be available to you.
If you’re someone who doesn’t have a relationship with us, but believe that an InPlayer customer or merchant has entered your personal data into our websites or services, you’ll need to contact that InPlayer customer or merchant for any questions you have about your personal data (including where you want to access, correct, amend, or request that the user delete, your personal data).
How we use your data
First and foremost, we use your personal data to operate our website and provide you with any services you’ve requested, including accessing or making a payment for a piece of Premium Content made available by one of our Merchants. We also use your personal data for other purposes, which may include the following:
To communicate with you. This may include:
- providing you with information you’ve requested from us (like training or education materials) or information we are required to send to you
- operational communications, like changes to our websites and services, security updates, or assistance with using our websites and services
To support you:
This may include assisting with the resolution of technical support issues or other issues relating to the websites or services, whether by email or otherwise.
To enhance our websites and services and develop new ones:
For example, by tracking and monitoring your use of websites and services so we can keep improving, or by carrying out technical analysis of our websites and services so that we can optimise your user experience and provide you with more efficient service.
To market to you:
In addition to sending you marketing communications, we may also use your personal data to display targeted advertising to you online – through our own websites and services or through third party websites and their platforms.
To analyse, aggregate and report:
We may use the personal data we collect about you and other users of our websites and services (whether obtained directly or from third parties) to produce aggregated and anonymised analytics and reports, which we may share publicly or with third parties.
How we can share your data
There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:
- third party service providers and partners who assist and enable us to use the personal data to, for example, support delivery of or provide functionality on the website or services, or to market or promote our goods and services to you
- regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure
- an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger or acquisition of any part of our business
- other people where we have your consent.
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.
It’s your personal data and you have certain rights relating to it.
You also have rights to:
- know what personal data we hold about you, and to make sure it’s correct and up to date;
- request a copy of your personal data, or ask us to restrict processing your personal data or delete it;
- object to our continued processing of your personal data;
You can exercise these rights at any time by sending an email to firstname.lastname@example.org.
If you’re not happy with how we are processing your personal data, please let us know by sending an email to email@example.com. We will review and investigate your complaint, and try to get back to you within a reasonable time frame. You can also complain to your local data protection authority. They will be able to advise you how to submit a complaint.
How to contact us
We’re always happy to hear from you and support you. If you’re curious about what personal data we hold about you or you have a question or feedback for us on this notice, our websites or services, please don’t hesitate to get in touch with us.
As a technology company, we prefer to communicate with you by email – this ensures that you’re put in contact with the right person, in the right location, and in accordance with any regulatory time frames.
Our email is firstname.lastname@example.org.
You may also submit your request through the form on our Privacy Contact page.