Data Privacy

Voucherify is committed to offering you a platform that is fully compliant with generally applicable data privacy laws, focusing, in particular, on the EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

This article aims to outline the key components of our Data Privacy policies that safeguard your rights to privacy and data security.

Contents:

• Voucherify and GDPR
• Data Management
• Subprocessors
• DPA (Data Processing Agreement)
• Anti-Spam Policy
• PII Data Storage

GDPR and CCPA-ready Data Processor

We did our utmost to ensure that our Platform meets all the requirements delineated in the GDPR and CCPA acts. These include:

• Collecting as little information as possible to fulfill the Terms of Service (data processing scope is established in the Data Processing Agreement).
• Informing customers about all the ways their data is processed (including Subprocessors).
• Enabling customers to delete, export, or update their data at any point in time.
• Gaining customers’ explicit consent for every data processing activity. 

Here are some of the steps we have taken to make your data secure:

• Data Processing Addendum – we offer a data processing addendum (DPA) for our customers who collect data from customers in the EU. 
• GDPR and CCPA-ready contracts with Subprocessors – Voucherify uses only trusted and reliable vendors. We have signed data processing agreements with all partners that subprocess any of your data.
• Email consent – the contact preference center provides fine-grained controls to activate and deactivate various notifications coming from Voucherify to your and your team’s inboxes.
• Employee training – Data Protection Officer ensures that all employees receive tools and training for handling sensitive data (including credentials).
• Updates to our Terms and Privacy – we’ve introduced updates to our Terms of Service and Privacy Policy to ensure we are fully compliant with the GDPR and CCPA. 
• Risk Assessment – Data Protection Impact Assessment process guarantees that the Voucherify team considers data protection risk identification and minimization as its priority.
• Data Access, Portability, and Deletion – we have introduced new features that help customers delete, export, and rectify their sensitive data.

Voucherify Data Management

Voucherify will collect, process, and use personal data for:

• Identifying and removing malfunctions and errors. 
• Uncovering any unlawful usage of the Platform. 
• Providing customer support. 
• Improving our Website, products, and services.
• Sending both marketing and administrative information and updates. 
• Providing personalized experiences based on personal preferences and prior behavior. 

All Voucherify customers have the right to access, delete, export, and rectify their sensitive data. This can be done either manually via the Dashboard or automatically via API. 

Keep in mind that Voucherify will be processing and using the personal data for a duration of 2 years from the date of their initial collection. On the lapse of the said period, all personal data is permanently deleted.

Subprocessors

Voucherify may use the Services of 3rd party providers to perform the Terms of Service. 

The following Subprocessors are used by default:

Data Processing Agreement

Data Processing Agreement delineates the scope and purpose of personal data processing. It describes both Voucherify and customers’ obligations and rights pertaining to personal data.  Please follow this link to see the full version of the Data Processing Agreement. 

Anti-spam Policy

Voucherify also offers messaging functionalities. We take the security and well-being of our customers and their end customers very seriously. That is why all communications (e.g., email, SMS, push notifications) sent via Voucherify need to adhere to the following guidelines:

• The User must provide their valid and accurate postal address. The User must maintain and promptly update this data to ensure it is current, complete, and accurate.
•  Each message sent from a Voucherify Account should contain an unsubscribe link. The link automatically updates the mailing list to ensure that a subscriber who opted out will not be sent any further mailings. 
• All fraudulent, gambling-related, misleading, and pornographic material included in the messages sent from a Voucherfiy Account will be addressed. The degree of Voucherify's response to such violations varies based on the severity of the violation. 

Where do we store PII data?

There is no need to store sensitive data in Voucherify. This is optional and not required for using the majority of platform features. Unique customer IDs are a minimum set of customer information needed to run promotions with Voucherify. Remember that if you want to leverage more functionalities, such as distribution or validation rules based on address information, you would need to send corresponding data to Voucherify. 

The enterprise data is stored outside the enterprise boundary at the Voucherify end. Consequently, we adopt additional security checks to ensure data security and prevent breaches. This involves using robust encryption techniques for data security and fine-grained authorization to control access to data.

The specific location of your data is defined by the cluster you select. Consequently, if you host your promotional incentives on the Asia cluster, your data will be stored in Singapore. If you opted for Europe, it would be stored in Ireland, and the US cluster data is located on the US East Coast. 

All personal data of Voucherify tenants is stored in the EU cluster (Ireland).