We take the security of your data seriously and work hard to maintain secure services. That is why Voucherify is committed to offering you a platform that is fully compliant with generally applicable data privacy laws, focusing, on particular, on the EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
The aim of this article is to outline the key components of our Data Privacy policies that safeguard your rights to privacy and data security.
In this section:
- Voucherify and GDPR
- Data Management
- DPA (Data Processing Agreement)
- Anti-Spam Policy
- PII Data Storage
Voucherify as a GDPR and CCPA-ready Data Processor
We did our utmost to ensure that our Platform meets all the requirements delineated in the GDPR and CCPA acts. These include:
- Collecting as little information as possible to fulfill the Terms of Service (the scope of data processing is established in the Data Processing Agreement).
- Informing customers about all ways their data is processed (including Subprocessors).
- Enabling customers to delete, export, or update their data at any point in time.
- Gaining customers’ explicit consent for every data processing activity.
Here are some of the steps we have taken to make your data secure:
- Data Processing Addendum – we offer a data processing addendum (DPA) for our customers who collect data from customers in the EU.
- GDPR and CCPA-ready contracts with Subprocessors – Voucherify uses only trusted and reliable vendors. We have signed data processing agreements with all partners which subprocess any of your data.
- Email consent – The contact preference center provides fine-grained controls to activate and deactivate various notifications coming from Voucherify to your and your team’s inboxes.
- Employee training – Data Protection Officer ensures that all employees receive tools and training for handling sensitive data (including credentials).
- Risk Assessment – Data Protection Impact Assessment process guarantees that the Voucherify team considers data protection risk identification and minimization as its priority.
- Data Access, Portability, and Deletion – we have introduced new features that help customers delete, export, and rectify their sensitive data.
Voucherify Data Management
Voucherify will collect, process, and use personal data for the purpose of:
- Identifying and removing malfunctions and errors.
- Uncovering any unlawful usage of the Platform.
- Providing customer support.
- Improving our Website, products, and services.
- Sending both marketing and administrative information and updates.
- Providing personalized experiences based on personal preferences and prior behavior.
All Voucherify customers have the right to access, delete, export, and rectify their sensitive data. This can be done either manually via the Dashboard or automatically via API.
Keep in mind that Voucherify will be processing and using the personal data for a duration of 2 years from the date of their initial collection. On the lapse of the said period, all personal data is permanently deleted.
Voucherify may use the Services of 3rd party providers for the purpose of performing the Terms of Service.
The following Subprocessors are used by default:
Name and Address
Scope of Subprocessing
|Amazon Web Services, Inc.P.O. Box 81226 Seattle, WA 98108-1226, USA||Cloud-Infrastructure Services|
|Salesforce EMEA LimitedRoute de la Longeraie 9, Morges, 1110, Switzerland||CRM Services|
| LogEntries brand of Rapid7 Ireland Ltd.The One Building,1
Grand Canal Street Lower, Dublin 2, Ireland
|Infrastructure Monitoring Services|
|Google Inc.1600 Amphitheatre Parkway, Mountain View, California, U.S.||Web Analytics Services|
|Woopra Inc.300 Montgomery Street, Suite 208San Francisco, CA 94104||Web Analytics Services|
|Help Scout100 City Hall Plaza, 5th FloorBoston, MA 02108||Customer Support and Ticketing Software|
Data Processing Agreement
Data Processing Agreement delineates the scope and purpose of the personal data processing. It describes both Voucherify and customers’ obligations and rights as for personal data.
Please follow this link to see the full version of the Data Processing Agreement.
Voucherify also offers messaging functionalities. We take the security and well-being of our customers and their end customers very seriously. That is why all communications (e.g., email, SMS, push notifications) sent via Voucherify need to adhere to the following guidelines:
- The User must provide their true and accurate postal address that will be included in each message footer. The User is required to maintain and promptly update this data to ensure it is current, complete, and accurate.
- Each message sent from a Voucherify Account should contain an unsubscribe link. The link automatically updates the mailing list to ensure that a subscriber that has opted out will not be sent any further mailings.
- All fraudulent, gambling-related, misleading, and pornographic material included in the messages sent from a Voucherfiy Account will be addressed. The degree of Voucherify response to such violations varies based on the severity of the violation.
Please follow this link if you would like to learn more about our Anti-Spam policy.
Where do we store PII data?
There is no need to store sensitive data in Voucherify. This is optional and not required for using the majority of platform features. Unique customer IDs are a minimum set of customer information needed to run promotions with Voucherify. Keep in mind, that if you want to leverage more functionalities, such as distribution or validation rules based on address information, you would need to send corresponding data to Voucherify.
The enterprise data is stored outside the enterprise boundary, at the Voucherify end. Consequently, we adopt additional security checks to ensure data security and prevent breaches. This involves the use of strong encryption techniques for data security and fine-grained authorization to control access to data.
The specific location of your data is defined by the cluster you select. Voucherify offers three clusters for three locations: Europe, United States and Asia. Consequently, if you host your promotional incentives on the Asia cluster, your data will be stored in Singapore. If you opted for Europe, it will be stored in Ireland and the US cluster data is located on the US East Coast.
All personal data of Voucherify tenants is stored in the EU cluster (Ireland).
Please, visit this link to download Voucherify Security Model to learn more about sensitive data handling.