Privacy Policy

Deal is committed to protecting the privacy of all its users.

In order to ensure that our customers and users are fully informed of our data handling policies and their rights pertaining to this data, we maintain this page which details our practices around information collected through the Deal platforms.

Last updated: 10-10-2018

Overview

Our approach to data security and privacy includes but is not limited to:

State-of-the-art platform security

At-rest and in-transit encryption of all customer and end-user data

Providing customers with the tools to control the amount of personally-identifiable information (PII) handled by Deal

Compliance with the European Union's General Data Protection Regulation (GDPR) and the - Privacy Shield program

Kinds of Information We Collect

Deal processes four different categories of data, which reflect the different levels of sensitivity in context. However, there are several common traits about how we handle the data, regardless of type:

We never sell this data to third parties. In limited cases, we provide it to third-party services for usage strictly within the Deal product or business; for example, to provide analytics graphs on the Deal dashboard.

All data is subject to the protections of the General Data Protection Regulation, in the case it originates from the European Union.

Type 1: End-user PII

This is the most sensitive type of data that Deal collects. Examples:

Any user profile data passed to Deal by the customer

Browser information that is collected by default (e.g., OS, device type, browser language, user agent)
Browsing history data that is collected by default (e.g., current page URL, current page title)

We reiterate that like all data we collect, end-user PII is never sold to third parties.

Customers may opt out of browser and browser history information by contacting Deal Support.

This data is used in the targeting and customization of Deal content.

Type 2: End-user Deal Data

This data pertains to how end users are interacting with Deal content; for example, whether a flow was shown to a given user, whether a user has clicked away a tooltip, etc. This category also includes user responses to Deal forms or surveys.

Though this category usually does not contain PII, we caution that form or survey responses may add PII to this data.

End user Deal data may be provided to service providers for usage within the Deal platform. 

Data in this category is used in the targeting and customization of Deal content, as well as displaying analytics on the Deal dashboard.

Type 3: Customer PII

Customer PII is collected by the Deal dashboard, for example the name and email address of each of a customer's team members who are authorized to use the Deal platform.

Deal does not store financial data about customers (e.g., credit card information), choosing instead to employ a dedicated payments processor.

Data of this type is used mainly in the Deal dashboard and editor, and within the Deal business.

Type 4: Customer Aggregate Data

This category includes customer wide statistics such as active user count, number of flows, number of services used at a time, etc.

This data does not contain PII.

Data in this category is used mainly in the Deal dashboard and editor, customer emails, and within the Deal business.

Security and Compliance

GDPR

The European Union General Data Protection Regulation (GDPR) is a law that regulates the transfer of personal data out of the European Union, that took effect on May 2018. The GDPR enumerates the rights of end users with regards to data collected about them, including the right to view, delete, and/or cease collecting this data.

Compliance with the GDPR is a practical requirement of any data service like Deal with end users in the European Union. Further, it is the moral duty of data processors to protect the privacy rights of their users.

More information is available in our Legal section below.

PCI Data Security Standard

Deal is fully compliant with the PCI Data Security Standard, which regulates the handling and retention of payment data. Deal does not handle customer payment data directly, instead using a fully PCI DSS compliant payments processor. Deal is not intended for the handling of end-user payment information.

Encryption

Deal is committed to the privacy of information as it passes over the network, as well as to preventing unauthorized access t o customer or end-user data. We use industry-leading encryption to protect all external traffic in transit (via HTTPS/TLS) and at rest (using AES-256 and an automated key rotation system).

Data Retention

End-user and customer data in the Deal platform is retained indefinitely by default. In the case that customers or individuals request the deletion of their data, Deal will perform this deletion within seven working days.

Requests for data deletion may be addressed to deal@deal.io

Legal

Law Enforcement

Deal will comply with any lawful request by public authorities, including to meet national security or law enforcement requirements.

Transfer of Ownership

If Deal merges with or is acquired by another company, the protections in this privacy policy may be subject to change.

We use the information you provide about yourself when placing an order only to complete that order and to provide fantastic customer service during the term of your service. We do not share this information with outside parties without your permission.

Finally, we never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above without also providing you an opportunity to opt-out or otherwise prohibit such unrelated uses, except under the following circumstances:

If it becomes necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of the Terms of Service, or as otherwise required by law.

If Deal is acquired by or merged with another company. In this event, Deal will notify you before information about you is transferred and becomes subject to a different privacy policy.

End User Customer Data

Deal will collect End User Customer Data necessary to provide the service to you. “End User Customer Data” means information about your customers, which includes any information you elect to send to Deal in your implementation as well as general information including but not limited to browser information and IP address.

We do not sell, share or disclose any End User Customer Data with any third party, except if Deal is acquired by or merged with another company.

Questions?

Please don't hesitate to contact us at deal@deal.io
Was this article helpful?
Cancel
Thank you!