The OptinCheckBox, Privacy Policy
Last updated: October 15, 2023
The OptinCheckBox values and respects your privacy and being transparent is important to us. This Privacy Policy (“Policy,” “Privacy Policy”) describes the types of personal data we collect from our website, how we use the information, who we share it with, and the choices you can make about our collection, use, and disclosure of the information. We also describe the measures we take to protect the security of the information and how to contact us about our privacy practices.
This Policy covers the information we collect about you when you access our website or otherwise interact with us, including submitting a job application or attending events that we host or sponsor. For information on personal data that we collect from our customers, we maintain a separate Product Privacy Policy, which details our processes relating to Services. “Services” refers to any of our proprietary software, content, and professional services, which are purchased by our customers.
The OptinCheckBox, we, and us refers to The OptinCheckBox, and any of our affiliates.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. We will only process your personal data in accordance with this Privacy Policy, and applicable data protection and privacy laws, subject to your consent. You can object to certain uses of information about you and you may access or update certain information about you. If you do not wish us to continue using your data as described in this Policy, request deletion of your data by emailing us at data-compliance@theoptincheckbox.com.
If you do not accept this Policy, you should not access or use our website or interact with any other aspect of our business.
At The OptinCheckBox, we are committed to treating personal information appropriately and with care. We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained. We have included information below to help you learn about how we use the information collected on our website.
Data we collect
Legal basis for processing personal data under General Data Protection Regulation (GDPR)
If you are from the European Economic Area (EEA), our legal basis for collecting and using the personal information described in this Privacy Policy is Article 6, section 1 of the GDPR.
We may process your personal data for the following reasons:
- You have given us permission to do so
- We need to perform a contract with you
- Processing it is in our legitimate interest and it’s not overridden by your rights
- For payment processing purposes
- To comply with the law
From you
We obtain your personal data when you provide such information during various interactions, including:
- Visiting our website
- Submitting a job application on our website
- Communicating with us via telephone or email
- Engaging with our content via social media
- Participating in events or promotions
From others
We also may obtain personal information about you from our business partners, clients, and other third parties.
Personal Data
When visiting our website, we may ask you to provide us with personally identifiable information that can be used to contact or identify you, including but not limited to your:
- First name
- Last name
- Phone number
- Email address
We may use your personal data to contact you, or send you marketing newsletters, promotional materials, or other information that may be of interest to you. You may opt out of receiving any of these communications by following the instructions and/or unsubscribe links provided in all our emails, or by contacting us via email (data-compliance@theoptincheckbox.com).
Usage Data
We may also collect information on how you access and use our website, which may include information such as:
- Your computer’s Internet Protocol (IP) address;
- Your browser type, operating system, and unique device identifiers, including mobile devices;
- The web pages you were visiting immediately before and after you came to our website;
- The search terms that you use to reach our website;
- The date and time of your visit to our website;
- The geographic location from which you are browsing;
- The pages you visit, navigation patterns, and the time spent on those pages;
- Social actions taken with respect to the content on the site, including but not limited to likes, comments, and shares on LinkedIn, Facebook, Twitter, or Instagram, and
- Interactions with advertisements, such as ad click-through rates and information about how many times you viewed a particular ad.
Your Rights and Choices
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. The OptinCheckBox aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal data.
In certain circumstances, you have the following data protection rights:
- The right to access, update, or delete the information we have about you. Whenever made possible, you can access, update, or request deletion of your personal data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
- The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your personal data.
- The right of restriction. You have the right to request that we restrict the processing of your personal information.
- The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where The OptinCheckBox relied on your consent to process your personal information.
If you wish to be informed what personal data we hold about you and if you want it to be removed from our systems, please contact us by emailing data-compliance@theoptincheckbox.com. Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your personal data. For more information, please contact your local Data Protection Authority in the European Economic Area (EEA).
How we use your data
We aggregate and analyze the data we collect for the following purposes:
- To provide and maintain our website;
- To estimate usage numbers, patterns, and other valuable information that enables us to improve the website;
- To detect, prevent, and address technical issues;
- To measure the success of our marketing campaigns;
- To process and consider your job application;
- To provide customer feedback, support, and responses to your inquiries about our services;
- To conduct questionnaires and surveys about your experience with our website or services, to the extent that you choose to participate;
- To store information about your preferences and customize or personalize your experience on our websites according to your individual interests, including recognizing you when you return to our website, and
- To provide you with news, special offers, and general information about other goods, services, and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
We also may use the information we obtain about you in other ways for which we provide specific notice at the time of collection.
Retention of your data
We will retain your personal data for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law. You may request that we delete your data at any time by contacting us via email at data-compliance@theoptincheckbox.com. Your personal data will be deleted within 30 days of your request, if not sooner.
If you provide your personal data to us again in the future, you will be required to provide new consent for us to process your data.
Disclosure of your data
We will not share, sell, or otherwise distribute your personal data to any third parties without your permission.
Under certain circumstances, we may disclose your personal data if required to do so by law or in response to valid requests by public authorities such as a court or government agency. The OptinCheckBox may also need to disclose personal data in the good faith belief that such action is necessary to:
- Comply with a legal obligation
- Protect and the defend the rights or property of The OptinCheckBox
- Prevent or investigate possible wrongdoing in connection with our website
- Protect the personal safety of users of our website
- Protect against legal liability
If you participate in certain features of this website (e.g., sharing content on social media sites or submitting comments), please note that any information you voluntarily disclose through use of these features becomes available to the public and/or to other users whom you have designated.
Storage and transfer of your data
Your information, including personal data, may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those in your jurisdiction. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
We process and store your data in the United States. Your data is processed in accordance with the Terms of Use and the Policy outlined on this page. Should additional processing be required outside of this policy for any reason, we will inform you and request your consent to do so.
The OptinCheckBox will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
Breach Notification
If processed data related to European Union citizens is breached, we will notify you immediately. We will also document any personal data breaches related to European Union citizens, comprising the facts relating to the personal data breach, its effects, and the remedial action taken. This documentation will enable the supervisory authority to verify compliance with GDPR.
Service Providers
We may employ third-party companies and individuals to facilitate marketing initiatives on our behalf, or to perform services or to assist us in analyzing how our website is used.
These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Analytics
We may use third-party service providers to monitor and analyze the use of our website.
- Google Analytics: Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our websites. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt out of having made your activity on our website available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visit activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/
Advertising & Remarketing
The OptinCheckBox uses remarketing services to advertise on third-party websites to you after you visit our websites. We and our third-party vendors use cookies to inform, optimize, and serve ads based on your past visits to our website:
- Google AdWords: Google AdWords remarketing service is provided by Google Inc. You can opt out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads. Google also recommends installing the Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout) for your web browser. The Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/
- Twitter: Twitter remarketing service is provided by Twitter, Inc. You can opt out of Twitter’s interest-based ads by following their instructions: https://support.twitter.com/articles/20170405, and you can learn more about the privacy practices and policies of Twitter by visiting their Privacy Policy page: https://twitter.com/privacy
- Facebook: Facebook remarketing service is provided by Facebook Inc. You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950 To opt out of Facebook’s interest-based ads, follow these instructions from Facebook: https://www.facebook.com/help/568137493302217 Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. You can also opt out from Facebook and other participating companies through the Digital Advertising Alliance in the United States, http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada, http://youradchoices.ca/, the European Interactive Digital Advertising Alliance in Europe, http://www.youronlinechoices.eu/, or opt out using your mobile device settings. For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation
Links to other websites
Our website may contain links to other websites. Any personal information you provide on the linked pages is provided directly to that third party and is subject to that third party’s privacy policy. This Policy does not apply to such linked sites, and we are not responsible for the content or privacy and security practices and policies of these websites or any other sites that are linked to from our website.
Children’s Privacy
Our website does not address anyone under the age of 18.
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your children have provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we will take steps to remove that information from our servers.
Changes to our privacy policy
The OptinCheckBox reserves the right to change the provisions of this Privacy Policy at any time. If we decide to change our Privacy Policy, we will post those changes on this page.
CCPA
The OptinCheckBox Product
The OptinCheckBox product is a market leading B2B sales and marketing enablement tool. It is SaaS (Software as a Service) and provides businesses with insight relating to their website visitors. The OptinCheckBox works on the basis of reverse business IP tracking. A small tracking code is placed on a business’ website(s) which then enables them to identify the business IP addresses of their website visitors. The OptinCheckBox matches the identified business IP address to a wholly owned global database of businesses and business information.
The OptinCheckBox software is almost entirely focused on leveraging business-related information to effectively match a business IP address with wider business data to provide valuable business-related visitor information to our customers. The OptinCheckBox does not identify any personal IP addresses, mobile devices or any other data than that associated with the business.
Business related data is not applicable under the CCPA – which has the intention of protecting personal data. Therefore, the majority of the The OptinCheckBox solution and its features are not relevant to the CCPA.
Contact Data
An additional feature of The OptinCheckBox aside from the main solution, is to provide customers with the contact information of key decision makers at the organisations that have pro-actively visited the company website. As this information contains details including first name, last name and email address, this aspect of The OptinCheckBox could constitute the processing of personal data and therefore required to be compliant with CCPA.
The OptinCheckBox will only ever collect business IP addresses, which are then matched to a business profile, from there The OptinCheckBox offers customers the opportunity to purchase the contact details of relevant decision makers within the matched business. This data will have been collected from various publicly available data sources such as LinkedIn. The data available will only relate to decision makers at the organisations that have pro-actively visited a customer’s website. It is anticipated that The OptinCheckBox customers will select the most appropriate point of contact from the data provided by The OptinCheckBox to convey a highly relevant, targeted message either by email, telephone or by post to the business address. Any correspondence will be based upon their likely interest in the organisation’s product or service following their visit to the organisation’s website.
Under CCPA, The OptinCheckBox will only ever process necessary personal data, which is limited to first name, last name, and email address. The OptinCheckBox will process further business-related data such as business IP, business name, job function and business telephone numbers. No sensitive personal data will be collected or processed in any way. The OptinCheckBox customers have the option of using The OptinCheckBox without leveraging contact data, in which case the The OptinCheckBox solution is unrelated to CCPA on the basis that it will only process business data. The OptinCheckBox customers also have the option of using The OptinCheckBox where contact data for any business located California is disabled. Where a customer opts to use the contact data feature of The OptinCheckBox, it is deemed that the customer will be responsible for ensuring the data used is further processed within their business in a method that is compliant with CCPA – each customer will be responsible for conducting their own due diligence checks and producing their own policies as applicable to their business.
The OptinCheckBox has carried out various Assessments such as LIA, DPIA and personal data risk assessments. Based upon these assessments it is deemed that the rights and freedoms of any data subject would not be overridden in our processing of the personal data and that in no way would a data subject be caused harm by the The OptinCheckBox processing. Based upon our segmentation by organization and by specific job function, coupled with our processing of personal data within the context of a business environment, it is deemed that any processing of data will be limited to business matters, and therefore any risk of personal compromise is extremely unlikely. It is also deemed that direct marketing and sales is necessary in the context of following up with website visitors in order to better serve visitors and to generate business sales.
CCPA compliance requirements covered by The OptinCheckBox
• Delegate CCPA compliance oversight to a knowledgeable employee or team.
• Maintain and regularly update a business-wide privacy policy.
• Implement and maintain reasonable security practices.
• Maintain procedures to respond to requests for access to personal data and specific pieces of information.
• Maintain procedures to respond to requests to delete personal information.
• Maintain procedures to respond to requests to opt-out of sale of personal information.
• Update vendor contracts to comply with CCPA and avoid being characterized as “selling” personal information to vendors.
• Maintain procedures for collection and use of personal information of minors (as applicable).
• Conduct appropriate privacy training for personnel depending on their job function.
• Assess affiliates’ need to comply with the CCPA and implement group-wide compliance if necessary.
• We have identified a legitimate ground for processing
• We understand our responsibility to protect the individual’s interests, rights and freedoms
• We have conducted risk assessments and kept a record of it
• We will review our processes regularly
• We have checked that the processing is necessary and there is no less intrusive way to achieve the same result
• We have done a balancing test, and are confident that the individual’s interests are not overridden in the interests of our customers or our own
• We only use individuals’ data in ways they would reasonably expect
• We are not using people’s data in ways they would find intrusive or which could cause them harm
• We do not process the data of children
• We have considered safeguards to reduce the impact where possible
• We will always ensure there is an opt-out / ability for a data subject to object to processing
How we Process Data
The OptinCheckBox solution provides businesses with the details of organisations that have visited their website based upon business IP tracking. The OptinCheckBox matches this data to a database of business points of contact, presenting this information to its customers as potential contacts from the visiting organisation, that based upon the pro-active business visit could be interested in the products/services on offer. In order to do this, The OptinCheckBox will process first name, surname and business email address along with business data in order to present that information to its customers. The data is presented to customers via a secure, unique log in access to the The OptinCheckBox portal. Customers have the option of purchasing relevant points of contact, including email addresses and names from the visiting organisations. From that point the data limited to email address, name, and supporting business information including business telephone number will be transferred to the customer, again via the secure portal. The OptinCheckBox acts as a data processor in this regard, The OptinCheckBox is not liable for the onward processing of the data via each customer, although we strongly advise all customers to ensure compliance with CCPA in all aspects of personal data processing.
How we Procure Data
At The OptinCheckBox we procure data in a variety of ways, collected in line with the lawful basis of ‘Legitimate Interests’. The following are ways in which we collect and process data: Business Data
Although business data is not relevant under CCPA, The OptinCheckBox is committed to providing a transparent solution so that customers can effectively assess their own compliance. The OptinCheckBox collects business data via the following methods:
• Primary research – The OptinCheckBox has a SRILANKA based in-house team who gather data relating to business from publicly available information, using search engines and other online tools to research global businesses.
• Secondary research – The OptinCheckBox has a SRILANKA based in-house team who use existing publicly available sources of data to enhance the business data.
• Purchase – The OptinCheckBox purchases business information from a number of selected third-party data vendors who are vetted to ensure the quality and validity of the business data provided.
Personal Data
The OptinCheckBox collection and processing of personal data is limited to:
• First name
• Last name
• Email address
The OptinCheckBox procures this personal data in the following ways:
• Primary research – The OptinCheckBox has a SriLanka based in-house team who gather data relating to key decision makers at organizations from publicly available sources including the website of each business.
• Secondary research – The OptinCheckBox has a SriLanka based in-house team who use existing publicly available sources to gather the information relating to key decision makers including the Directors’ Register at Companies House, Dun & Bradstreet, Duedil, LinkedIn and Hootsuite.
• Purchase – The OptinCheckBox purchases data from selected third party data vendors with key segmentation criteria to ensure that only decision makers from registered businesses are procured. All third-party data vendors have been checked for CCPA compliance and to ensure the validity and accuracy of data.
The OptinCheckBox also uses automated scripts and algorithms to collect, process and validate both business data as well as the personal data detailed above. These automated processes are subject to the same compliance checks as all manual processes and consent is obtained from individual data subjects.
How we Ensure Data Validity and Accuracy
The OptinCheckBox has a SRILANKA based in-house data verification team who are responsible for ensuring the validity and accuracy of the data contained within the, The OptinCheckBox solution. The team continually cleanse the data held within the, The OptinCheckBox software, completing a full cleanse cycle of both business and personal data at least once every 12 months. Any records found to be out of date are placed into a deletion queue which is securely purged four times in a 12-month period.
The data verification team use both manual methods as well as automated scripts and algorithms via an extensive multi-staged process to ensure the utmost validity and accuracy of data. The OptinCheckBox takes data cleansing extremely seriously as this ensures a highly compliant solution as well as a high calibre solution for all of the, The OptinCheckBox customers.
Data Storage and Retention
The data held within the, The OptinCheckBox solution is processed and stored in SRILANKA within a secure environment. The OptinCheckBox has a continual cycle of cleansing and refreshing data, all data within the, The OptinCheckBox solution is verified at least once in a 12-month cycle. Any invalid records are placed into a deletion queue, which is then securely purged four times in a 12-month period.
Consumer Request Procedures
Request to Object
Any individual who has been identified as a website visitor by The OptinCheckBox has the right to object to receiving correspondence from a The OptinCheckBox customer by contacting them directly and requesting to object, you can find their specific processes for this by visiting their company website and reviewing their privacy policies.
Should any individual wish to withdraw from The OptinCheckBox processing your personal data for use by the, The OptinCheckBox software and its customers, please make your request in writing: By emailing: data-compliance@theoptincheckbox.com
All requests will be processed within 30 days. Your details will be added to a suppression file to ensure that your details cannot be processed by the The OptinCheckBox software in future. Please note that this applies only to the processing of your personally identifiable data, not that of the business data which does not fall under the remit of CCPA.
Request for Deletion
It is important to understand the difference between a right to object and a request for deletion. If you request deletion, we will remove any data we hold about you from the The OptinCheckBox software. This will also mean that we will remove you from our suppression files. If you are removed from our suppression files, there is a risk that your data may be processed again in the future if your details are re-added to our software by our data procurement team. If you do not wish for The OptinCheckBox to process your personal data in the future, we would recommend you request to object rather than a request for deletion, as this will ensure that your details are always suppressed from processing. The option however is yours, and in either case we will process your request within 30 days. Please make your request in writing by emailing:
You can opt out of sale of your data by following this link:
Do Not sell My Personal Information:
This policy was last reviewed and updated on the 19 October, 2021. Policies are periodically reviewed to ensure compliance with the current compliance environment. For questions relating to this policy, please contact data-compliance@theoptincheckbox.com
GDPR
The OptinCheckBox is software that reveals the identity of your anonymous website traffic and turns them into actionable leads within a business to business environment.
As a leading provider of SaaS solutions, we are committed to providing a high calibre data led solution for all of our clients, as part of that we take data compliance extremely seriously and are pro-active in ensuring the compliance of both the SaaS solutions we provide to our customers as well as ensuring compliance as a business entity in our own right.
The purpose of this statement is to provide information regarding how and why The OptinCheckBox collect, process and store data, as well as providing the appropriate contact information should you wish to request the information we hold about you, withdraw from processing or request deletion of any data we hold about you.
Under the EU General Data Protection Regulation (GDPR) there are six lawful basis for processing personal data. These are detailed as follows:
- Consent – the individual has given clear consent for you to process their personal data for a specific purpose
- Contract – the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract
- Legal Obligation – the processing is necessary for you to comply with the law (not including contractual obligations)
- Vital Interests – the processing is necessary to protect someone’s life
- Public Task – the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law
- Legitimate Interests – the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
The OptinCheckBox Marketing and Sales Data
As an organization that processes business related data, The OptinCheckBox has assessed all six grounds for lawful processing of personal data and has selected ‘Legitimate Interests’ as the most suitable lawful ground for the processing of data for the purposes of The OptinCheckBox marketing and sales
The OptinCheckBox collects, processes and stores data relating to businesses and decision makers. We believe that the individuals that we process the data of, are likely to have an interest in the The OptinCheckBox product. Deemed as ‘Legitimate Interest’ this is based upon specific criteria including the business industry sector, size of organisation as well as the individual’s job function within the organisation. Our typical segmentation includes those within marketing, sales, business development, MD and owner related job functions, although this list is not exhaustive and other variables may apply.
We will only ever collect, process and store the essential information required for making contact with the data subjects within a business environment. The personal data we collect is limited to first name, last name, email address, social profiles (limited to LinkedIN) as well as business IP address. Other business-related data may also be processed including business name, job function, turnover and business address, however we will never collect further personal data such as those classed under ‘Sensitive Personal Data’.
The data collected will be used to communicate marketing and sales messages relating to the, The OptinCheckBox product, based upon the job function held by the data subject. The OptinCheckBox specifically only sends messages to those we believe are likely to be interested in the, The OptinCheckBox product based upon the organisation they are employed by and based upon their job function within that organisation. Messages from The OptinCheckBox could be delivered via email, social media, via telephone or any other business to business (B2B) marketing methods that may be relevant.
When you send The OptinCheckBox an enquiry or booking form via our website or one of our micro sites you will be asked to provide your contact details. We will use the data you provide to process your request and may use it to inform you by email, telephone or mail about other The OptinCheckBox products and services that we feel may be of interest to you, it is deemed that as you have visited the The OptinCheckBox website and provided us with your contact information that you are legitimately interested in our products and services. You have the right to object from any method of correspondence at any time, by following the unsubscribe instructions at the bottom of the email, by informing the telephone operator or by contacting us via any of the methods below.
How we Procure Data
You or someone else has expressly shared your contact details with us for the purpose of receiving information now and/or in the future. This data may be shared with our sister company where we believe there may be a legitimate interest in the product
At The OptinCheckBox we procure data in a variety of ways, collected in line with the lawful basis of ‘Legitimate Interests’. If you have received correspondence from us, we will have procured your data in one of the following ways:
- You have requested information from The OptinCheckBox on a previous occasion
- Someone has sent us your e-mail address requesting information about our articles and/or services be sent to you
- You or someone else has expressly shared your contact details with us for the purpose of receiving information now and/or in the future
- We have previously met at an event and your business card or contact details were handed to us willingly
- You or a business colleague has visited our website and we believe that there is a genuine legitimate interest in our services
- You have previously connected with a member of our team via the LinkedIN and discussed our services
- A member of our team has found your business and your contact details online, believing that your business would genuinely be interested in the The OptinCheckBox product, based upon your job function aligning with our typical customer profiles they have made contact to introduce you to our product
- Your data has been purchased by a registered third-party data supplier, which will have been segmented by industry, organisation size and job function based upon our typical customer profiles. (Due diligence checks around GDPR compliance will have been conducted accordingly)
Legitimate Interest Assessment (LIA)
The OptinCheckBox has carried out a Legitimate Interest Assessment (LIA) as advised by the ICO. Based upon that assessment it is deemed that the rights and freedoms of the data subjects would not be overridden in our correspondence regarding The OptinCheckBox and that in no way would a data subject be caused harm by our correspondence. Based upon our segmentation by organisation and by specific job function, coupled with our processing of personal data within the context of a business environment, we believe that any individual that receives correspondence from The OptinCheckBox in a direct marketing or sales capacity, could be legitimately interested in the The OptinCheckBox solution. It is also deemed that direct marketing and sales is necessary in the context of promoting The OptinCheckBox to professionals in business in order to increase awareness of our SaaS solution in the marketplace.
Per the ICO guidance, The OptinCheckBox can confirm:
- We have checked that legitimate interests is the most appropriate basis
- We understand our responsibility to protect the individual’s interests
- We have conducted a legitimate interests assessment (LIA) and kept a record of it, to ensure that we can justify our decision
- We have identified the relevant legitimate interests
- We have checked that the processing is necessary and there is no less intrusive way to achieve the same result
- We have done a balancing test, and are confident that the individual’s interests do not override those legitimate interests
- We only use individuals’ data in ways they would reasonably expect
- We are not using people’s data in ways they would find intrusive or which could cause them harm
- We do not process the data of children
- We have considered safeguards to reduce the impact where possible
- We will always ensure there is an opt-out / ability to object
- Our LIA did not identify a significant privacy impact, and therefore we do not require a DPIA
- We keep our LIA under review every six months, and will repeat it if circumstances change
- We include information about our legitimate interests in our privacy notice
The OptinCheckBox has an in-house data verification team, who are responsible for ensuring the validity and quality of the data contained within the The OptinCheckBox CRM system. The team continually cleanse the data held within the CRM system, completing a full cleanse cycle at least once every 12 months. Any records found to be out of date are placed into a deletion queue which is securely purged four times in a 12-month period.
Data Storage and Retention
The data held within the The OptinCheckBox CRM system is processed and stored within a secure environment.
The OptinCheckBox has a continual cycle of cleansing and refreshing data contained with our CRM system; all data is verified at least once in a 12 month cycle. Any invalid records are placed into a deletion queue, which is then securely purged four times in a 12-month period.
Request to Object
In all correspondence with you we will give you the right to object from receiving further correspondence from The OptinCheckBox. On any emails you receive from The OptinCheckBox there will be the option to ‘unsubscribe’ from receiving any further email correspondence. If you receive a telephone call from us, you have the right to request not to receive any further calls. The OptinCheckBox has a companywide CRM system, your request to object will be logged within our CRM system to ensure that you do not receive any further calls.
Should you wish to object to receiving communication from The OptinCheckBox, you can do so in a variety of ways:
- Please follow the “unsubscribe” instructions at the bottom of every email
- If you have received a call, please tell the representative that you do not wish to receive any further communication
You can also make your request by emailing:
data-compliance@theoptincheckbox.com
Data Compliance:
All requests will be processed within 30 days. Your details will be added to a suppression file to ensure that your details cannot be processed by the The OptinCheckBox CRM system in the future. Please note this applies only to the processing of your personally identifiable data, not that of the business data which does not fall under the remit of GDPR.
Request for Deletion
It is important to understand the difference between a right to object and a request for deletion. If you make a request for deletion, we will remove any data we hold about you from the The OptinCheckBox CRM system. This will also mean that we will remove you from our suppression files. If you are removed from our suppression files, there is a risk that your data may be processed again in the future if your details are re-added to our CRM system by a member of our sales team who genuinely believes that your business would benefit from The OptinCheckBox. If you do not wish for us to contact you again about The OptinCheckBox, we would recommend you request to object rather than a request for deletion, as this will ensure that your details are always suppressed from processing.
The option however is yours, and in either case we will process your request within 30 days.
Please make your request in writing by emailing:
data-compliance@theoptincheckbox.com
Request for Data Held
You may request that we send you all of the data we hold that relates to you. Please make your request in writing;
By emailing:
data-compliance@theoptincheckbox.com
We will process and respond to your request within 30 days, this service will be free of charge.
Brexit
In the event of a no-deal Brexit, we will leave the EU and become a Third Country according to the GDPR. A Third Country may need to have a representative inside the EU in order to keep EEA data flowing without restrictions.
The OptinCheckBox applies the exemption as per Article 27(2) of the GDPR, The OptinCheckBox does not have a designated EU representative for the following reasons:
- Our processing does not involve processing of special categories of data
- Our processing does not involve personal data relating to criminal convictions and offences
- Our processing is unlikely to result in a risk to the rights and freedoms of natural persons.
Furthermore, as per Article 46 of the GDPR and Article 26 of the e-Privacy Directive, The OptinCheckBox has taken appropriate measures to enable cross-border data transfers. We will make use of Standard Contractual Clauses to ensure that our EEA-based customers and service providers can continue to transfer personal data to us.
This policy was last reviewed and updated on the 1st APR, 2021. Policies are periodically reviewed to ensure compliance with the current compliance environment.
By submitting this form, you are granting The OptinCheckBox permission to email you. You may unsubscribe via the link found at the bottom of every email.
CAN-SPAM:
Canada’s Anti-Spam Policy (CASL): An act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the CRTC Act, the Competition Act and PIPEDA.
Electronic address: An address used in connection with the transmission of an electronic message to an electronic mail account, and instant messaging account, a telephone account or similar account.
Electronic message: A message sent by any means of telecommunication, including text, sound, voice or image.
Commercial electronic message (CEM): CEMs are commercial electronic messages that encourage participation in commercial activity. Even if a commercial message is not sent with an expectation of garnering profit, it still qualifies as a CEM.
Commercial activity: Any transaction of commercial character, regardless of whether there is an expectation of profit or not.
Express Consent: Permission obtained when a recipient “opts in” to receive CEMS. Consent can be oral or written and could be an unedited audio recording, paper or electronic checkbox on a website. Express consent never expires unless the recipient chooses to unsubscribe. The OptinCheckBox will maintain records of all contacts for whom express consent exists.
Unsubscribe: A withdrawal of consent to receive CEMs.
Policy Guidelines:
All partners, employees, contractors, vendors and any other person sending CEMs on behalf of The OptinCheckBox adhere to the following policies:
All CEMs from The OptinCheckBox contain:
- Full contact information. This includes the sender’s first name, last name, title, company name, company mailing address, direct telephone number, fax number, email address and company web address.
- If a CEM is to be sent on behalf of another party at The OptinCheckBox, the name of this party and the sender will both be included, in addition to the information listed above.
- An unsubscribe link will be clearly visible.
Unsubscribe Requests:
- All unsubscribe requests will be managed within ten days of receipt. Employees will not send any further communication by electronic means to the unsubscribed party.
Compliance with CASL is of utmost importance and all employees actively participate in maintenance of corporate compliance. The OptinCheckBox encourages its employees to take a proactive approach in identifying potential problems or violations of CEM delivery by promptly reporting issues to the CASL Compliance Team immediately.
This Privacy Policy is subject to any amendments which will be posted on The OptinCheckBox’s website and will also be available from The OptinCheckBox’s Privacy Officer.
For questions relating to this policy, please contact data-compliance@theoptincheckbox.com
If you have any questions about our website Privacy Policy, please contact us at data-compliance@theoptincheckbox.com
200 S. Virginia Street,
8th Floor Reno,
NV 89501, United States