Statement regarding GDPR
The General Data Protection Regulation (GDPR) is legislation by the European Union parliament that lays out requirements for data collection, storage and usage practices. In effect since May 2018, the laws replace the 1995 EU Data Protection Directive (DPD). It is designed to significantly enhance the protection of the personal data of EU citizens and increase the obligations of organizations who collect or process personal data.
Appier cares about everyone’s right to data privacy and takes it seriously. Appier will make its best efforts to remain dedicated to personal data-related compliance and ensure that we meet the industry standards for data privacy, including GDPR. We also firmly believe in respecting our partners/customers and their respective users’ right to privacy. Appier will continue to make necessary changes to its products and services to meet global industrial privacy standards, and we will continue to invest in industry-leading data privacy initiatives.
Appier and GDPR
Appier assembled a cross-functional team to work on GDPR compliance tasks, and ensure that Appier meets its legislative and/or contractual GDPR-related obligations.
Additionally, Appier has made necessary changes in its services related documentation to reflect its obligations under GDPR if applicable.
Appier has a long-standing policy of incorporating privacy-forward principles into its product development activities and these principles will continue to guide the company in its compliance efforts.
What is Appier doing to comply with GDPR?
- Appier has appointed a Data Protection Officer and conducted Data Protection Impact Assessment (DPIA)
- Appier has joined the IAB Global Vendor List for the GDPR Consent Framework (ID Number 728)
- Appier has implemented Standard Contractual Clauses (SCC) for transfers of EU consumers’ personal data outside of the European Economic Area, if applicable.
- For its AIDEAL, AIQUA, AIXON and CrossX services, Appier has implemented a data security measures which meets industrial standard practices and ISO 27001 standards.
- Appier has developed policies around security, data access, and breach procedures.
- Appier has hosted GDPR related training for its employees.
- Appier establishes a firm procedure(s) regarding data subject requests to ensure Appier’s ability to efficiently respond to end users’ request(s), and/or help our partners/customers to make timely responses to end users’ requests they received.
- Appier pays close attention to regulatory GDPR updates and take corresponding actions (e.g., make modifications to our contract template or product features) when needed.
How will GDPR affect you as Appier’s partner/customer?
In case GDPR will apply to you, the major points of GDPR which we believe you should be aware of are as follows. Please be reminded that you shall engage and consult with your legal counsel regarding GDPR compliance matters and implement measures at your own responsibility.
Prior to sharing or transferring any end users’ personal data to Appier for the purpose of performing obligations pursuant to corporations and/or agreements between you and Appier, you shall ensure that end users’ prior consent is duly obtained by you and fully in compliant with applicable GDPR requirements, including those listed as follows, unless Appier and you agreed otherwise:
- Informed Consent: prior to giving one’s consent, an end user must be well informed of sufficient information regarding the purpose(s) of your collection and your plan to process their personal data.
- Positive opt-in: explicit consent/action is required when an end user provides his/her consent. Implied opt-in and pre-checked boxes are forbidden as general principle.
- Specific Consent required: In general, you shall use and process end users’ personal data within the scope of the purpose(s) which the end users consented, unless additional consent is obtained, or a separate legal basis is secured.
Last but not least, please note that end users have the right to withdraw their consent at any time, also the access for end users to exercise such withdrawal right shall be as easy as how their consent was given. It is advisable to ensure the ability to make timely responses when end users exercise their right to withdraw (including notifying the same to whom you had entered into data protection agreement, as applicable).
According to Article 37 of GDPR, you may be obliged to appoint an independent data protection officer (“DPO”) to oversee your data processing activities and protection program.
C. Right to Access
An end user may request (i) to confirm whether or not his/her personal data is being processed by you, and if yes, (ii) to further access and export of such personal data and other relevant information.
D. Right to Erasure/be Forgotten
End users may request to have their personal data deleted from your data storage system to prevent continuous usage.
E. Right to Rectification
End users may request to rectify their incorrect and/or inaccurate personal data.
F. Right to Data Portability
End users may request to obtain, reuse, move, copy and/or transfer their personal data.
If you are interested and would like to learn more about Appier’s products/services, please feel free to reach out and we would be happy to provide you with information (e.g., GDPR materials relating to Appier’s products/services, if applicable) to help you get to know Appier better.