Play

Get in touch

Privacy Shield Statement & EU-U.S. Data Transfers

  1. NOTICE & CHOICE
  2. Affirmative Statement of Participation in the EU-U.S. Privacy Shield Framework
    This Statement complies with the EU-U.S. Privacy Shield Framework (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and sharing of personal information transferred from the European Union (and the United Kingdom) to the United States.

Please see confirmation of our Privacy Shield certification here.

This Privacy Shield Statement describes how DIGIERTS collects, uses, and transfers data from the EU (and the United Kingdom) to the U.S. Please also refer to DIGIERTS’s privacy policy.

  1. Jurisdiction
    DIGIERTS has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. DIGIERTS states that if there is any conflict between the terms of any DIGIERTS privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. DIGIERTS is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). To learn more about the Privacy Shield program, and to view DIGIERTS’s Privacy Shield certification, please visit www.privacyshield.gov.
  2. Scope
    DIGIERTS’s participation in the Privacy Shield applies to its collection, use, and sharing of commercial data (data that DIGIERTS collects on behalf of its clients or their partners) and internal data (data that DIGIERTS collects for DIGIERTS internal purposes, e.g. human resources).
  3. DIGIERTS’s Data Collection Processes

DIGIERTS Commercial Data Processing
DIGIERTS creates business-to-business solutions to help companies manage digital marketing campaigns, engage the right audiences, optimise advertising performance, and maximise business with their partners.

Some DIGIERTS clients use our solutions to measure effective of ad campaigns by measuring user-resettable advertising identifiers (e.g. Apple’s Identifier for Advertising (“IDFA”), Google Ad IDs). Other clients may use DIGIERTS technology to collect and analyse other data, some of which may be viewed as “personal data” or “personally identifiable data” under EU data protection laws. Please refer to the privacy policy for the relevant DIGIERTS product to learn more about how DIGIERTS collects, uses, and shares data on behalf of clients.

DIGIERTS End User Data & Privacy Policies
Both DIGIERTS and our clients are responsible for end user privacy.

DIGIERTS contractually requires that its clients (i) provide the necessary notices and obtain informed consents from their end users for data collection using DIGIERTS solutions and (ii) refrain from processing unsecured personal data using DIGIERTS solutions.

DIGIERTS Employee & Internal Data & Privacy Policies
DIGIERTS has an employee data and privacy policy. Both DIGIERTS’s employee data and privacy policy and Privacy Shield filing have been submitted to the U.S. Department of Commerce. DIGIERTS employees are aware of and have been trained on this policy, which is also available on the company’s intranet.

  1. ACCOUNTABILITY FOR ONWARD TRANSFERS

To effectively process data on behalf of a client to serve the client’s needs, DIGIERTS may need to share that data with certain third parties or sub-processors. In such instances, DIGIERTS will execute any needed contracts, clauses or addendums to ensure that any third-party agents that it engages to process personal data does so in a manner that is consistent with the Privacy Shield Principles.

  1. SECURITY

DIGIERTS uses reasonable and appropriate measures to protect personal data from loss, misuse, and unauthorised access, disclosure, alteration, and destruction, taking into account any inherent risks and the nature of the personal data involved.

DIGIERTS is a SaaS company that operates within segregated private data centres as well as the public cloud. Data collected by DIGIERTS is co-located in secure locations operated by Amazon (AWS) in the United States.

DIGIERTS utilises AWS data centres in the following locations: U.S. East (Northern Virginia), US West (Northern California), EU (Ireland), and APN (Japan). Details on AWS security certifications and procedures may be found here.

DIGIERTS solutions are built on the AWS platform, and provide clients a variety of pseudonymization and security tools to secure data that may be considered “personal” or “personally identifiable” under the laws of a particular jurisdiction.

  1. DATA INTEGRITY & PURPOSE LIMITATION

The DIGIERTS data pledge expressly disclaims ownership of data in favour of the DIGIERTS client. Furthermore, it is the DIGIERTS client, not DIGIERTS, that determines the “purposes and means’ ‘ of data processing, including data retention (beyond DIGIERTS’s standard data retention policies) and termination. Under EU law, DIGIERTS is the “data processor” that processes data on instruction from the client or data controller (the entity that determines the “purposes and means” of the data processing in question).

  1. ACCESS

DIGIERTS collects data on behalf of its business clients, and is not an end user facing company.

For access requests in situations where DIGIERTS acts as the data processor, DIGIERTS refers the end user to the DIGIERTS client’s app or site that has the direct relationship with that end user.

  1. RECOURSE & ENFORCEMENT

For consumer (end user) complaints, if you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider.

For dispute resolution of any internal (including HR) data complaints, DIGIERTS works directly with the EU Data Protection Authorities.

In instances where other redress possibilities have been exhausted under EU law, or where the complaint has not been resolved by any other means, DIGIERTS will provide EU end users a binding arbitration option before the Privacy Shield Panel. DIGIERTS acknowledges that any final decision by the Privacy Shield Panel is a legally binding decision, enforceable in U.S. courts.

  1. DISCLOSURES TO LAW ENFORCEMENT

DIGIERTS may disclose data in response to lawful requests by public authorities, and to meet national security or law enforcement requirements.