Transactionale is an innovative eCommerce cross-network advertising service by which Publishers and Advertisers can establish convenient links and interactions with the public.
Let us imagine that a user orders a product from a Publisher’s website; once the purchase is concluded, Transactionale sends him a communication containing discounts, offers and promotions which are associated with the purchase, and related to other products and/or services distributed by other members of the Transactionale network (los Anunciantes). Besides, if such user provides their consent, some of their data may be communicated to the Advertiser, so allowing the further sending of commenrcial communication.
As you can appreciate, such operations involve the processing of personal data with consequent obligations pursuant to the applicable data protection laws.
Who is responsible for complying with such laws, what is the content of these obligations, and what shall be done in order to act as the law requires? These are the questions we are going to answer on the next pages.
The Publisher receives, via the relevant e-commerce platform, some personal data from its users.
The personal information received may be subject to several processing operations for different purposes, such as analytics, profiling, advertising etc. Each processing operation can be carried out directly by the Publisher, acting as a Data controller, or by external entities who act on its behalf, as Data processors.
Transactionale belongs to this category of third parties as Flyer tech is the provider of the technological solution through which the Service is delivered; in other words we act as an external Data processor on behalf of our clients.
As a consequence, each Publisher, as Data controller, has to provide their client with a comprehensive privacy policy which accurately describes data processing operations (included but not limited to those associated with Transactionale). In this role, the Publisher shall also implement adequate modalities for collecting users’ consent.
Any privacy policy should describe who processes data, how and why. It's an essential document that allows its readers to understand the methods of the processing and, as a consequence, express their informed, free and therefore legally valid consent. This is exactly the reason why, in our T&C, we ask our Clients to provide their users with the appropriate information on data processing, as required by the law.
For example, if you use Transactionale, your privacy policy should provide explanations about the service and the promotional communications delivered through it. This document should also describe the technologies used for the collection of data and inform its readers on how to opt-out from these technologies.
We have asked iubenda, a company specialised in drafting privacy and cookie policies, to provide us with a description of our services ideally targeted at integrating our Clients’ privacy policies
Transactionale
Transactionale is a cross network advertising service provided by Flyer Tech S.r.l. The service uses some User's Personal Data (such as name, surname, interests, purchases, email address, etc.) to send promotional communications concerning third party products of providers belonging to the same network.
Such offers will always be linked with the product actually purchased by the User.Data handling location: Italy
Privacy policy for end users: https://transactionale.com/privacy-end-users.
The above refers to Transactionale’s direct marketing features.
However, as our clients are well aware, Transactionale has further features which allow the circulation of users’ data among the members of the network. More precisely, if the client provides its consent, data initially held by the Publisher may be communicated to the Advertiser and so allow the latter to directly send promotional communications concerning its products (without asking for another consent to do so).
This is a textbook case of data communication to third parties. Such activity must be explained to – and be priorly accepted by – the Visitor. Here is iubenda’s suggestion:
Data Communication to third-parties through Transactionale
The Owner may create databases by using the User's Data and/or second-level data deriving from analytics or profiling activities.
If the User purchases a product on our website and expresses their consent, the Owner may use Transactionale to communicate the previously mentioned Data to third parties whose products the User has expressed interest in. Such third parties may use Data to send promotional communications to the User.
The User can revoke their consent at anytime by simply sending an email to the contact details indicated in this document or, if communications to third party have already occurred, by directly contacting such third party.
After having informed its users (by means of a privacy policy), the Publisher must request – and obtain – their consent, not only a generic one (“I accept the Privacy policy of the Service”) but also the distinct and different consents associated with particular types of data processing: profiling, newsletter, DEM, data communication to third parties, etc.
These particular data processing activities must be accepted specifically. For example, the use of Transactionale implies the sending of DEM communications.
In this regard, the hypothetical check-boxes that the Publisher should devise for requesting such consents may be as follows:
As you can see, the previous list does not include the consent required for data communication to the Advertiser, which can be postponed until it is really necessary (i.e. until the visitor has access to the offers). In order to accomplish this, the Publisher may, for example, use a pop-up window containing a message like this:
“I accept that my Data will be communicated to third parties whose products I have expressed interest in. I hereby authorize such third parties to send me promotional and commercial communications regarding their products and/or services (optional)”.
As a general rule, check-boxes shall never be pre-flagged (otherwise the consent will be deemed invalid). Lastly, no matter how you choose to request the consent (through a check-box or a pop-up window etc.), it is of the utmost importance that Publishers keep track of the consent obtained. You should always register Users' consent in a manner that is safe and make consent easy prove in case of inspections or verifications.
You can hire a lawyer, try to write your privacy policy on your own, or use the iubenda privacy policy generator.
This last option will help you to simply the process of identifying the categories of data used by your service. Once the data have been identified, it will then be possible to enter the services you use, which are always provided with specific descriptions of their features. The clause relating to Transactionale is a Pro service that you can easily access to if you open a premium account.
At the end of this simple process, you will have at your disposal a complete and always updated privacy policy, which fully implement and describe the service provided by Transactionale.
