Insider's Commitment to End Users' Rights

Insider’s personalization technologies, available through our unified Growth Management Platform, process data on behalf of digital marketers, website owners, leading brands, and other online business services. The information we collect and process also includes their clients’ personal data (the “end users”). These end users are also known as “data subjects”, and we’re committed to protecting their information with equal zeal.

Under the GDPR, the end users have the full right to understand what’s going on with their data, what firms are doing with the information they collect, the purpose of data collection and how they collect consent. In one sentence: it stands for privacy and transparency.

In the relationship between Insider and our clients, Insider is the data processor and our clients are the data controller according to the roles defined under GDPR. Based on these roles, we are committed to enabling our clients to comply with Data Subject Rights (defined in Article 15 – 23).

In overall, Insider will cooperate with any requests from controllers to access, erase or rectify data of end users through trained personnel servicing these requests. Additionally our platform also provides multiple API endpoints to delete data or upsert data to keep user data accurate.

Here is how we comply with each item of GDPR Data Subject Rights:

1. Right of access

Under GDPR, individuals have the right to obtain:

• Confirmation that their data is being processed,
• Access to their personal data
• Other supplementary information – this largely corresponds to the information that should be provided in a privacy notice.

We enable our clients to easily access their end users’ data when they request. Insider’s REST API set is designed to provide our clients with the specified user profile including personal data. In this way, our clients can instantly respond to their end users’ requests to access any personal data being processed by Insider as a Data Processor on their behalf.

2. Right to data portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.

Similar to the right of access, our clients can utilize Insider’s REST API set to export the specified user profile and deliver that personal data to the end user for their request for portability.

3. Right to rectification

Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. If you have disclosed the personal data in question to third parties, you must inform them of the rectification where possible.

In case the end user requests our client to rectify inaccuracies within the personal data being processed by Insider on their behalf, Insider’s REST API set can be utilized to correct such personal data.

4. Right to erasure

The right to erasure is also known as ‘the right to be forgotten’.

In case our clients are requested by their end users to delete their personal data, they can utilize Insider’s REST API and instantly perform this obligation.

5. Right to restrict processing

Data Subjects have the right to block or suppress the processing of certain subsets of their personal data in the event of inaccurate or improperly obtained data. When processing is restricted, you are permitted to store the personal data, but not further process it. You can retain just enough information about the individual to ensure that the restriction is respected in the future.

In case our clients receive objections from their end users to restricting the processing of their personal data, they can utilize Insider’s REST API set with the identifier of specified user and update their GDPR opt-in status.

6. Right to object

Individuals have the right to object to:

• Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
• Direct marketing (including profiling);
• Processing for purposes of scientific/historical research and statistics.

In case our clients receive objections from their end users to receiving unsubscription requests, they can use Insider’s REST APIs to unsubscribe those end users. Insider provides the ability to mark a user profile as being unsubscribed from emails or push notifications.