Related Marketing Cloud (“RMC,” “Related”, “we,” or “us”) provides a marketing platform that helps our Customers to process their clients’ data which is collected from their websites and mobile applications, that can be enriched with Customer’s CRM, offline sales and in-store purchase data, in order to automate and personalize marketing communications and reach their clients via e-mail, SMS, web push, mobile push and also through 3rd party integrations and advertising platforms like Facebook and Google.
For purposes of this Policy, the terms, “Personal Data”, “Data Processor”, “Process/Processing”, “Data Controller”, “Data Subject”, and “Personal Data Breach” will have the meaning given to them respectively in the Applicable Data Protection Law.
“Customer” means a business that is, has been, or is about to become a paying or trial customer of RMC for the purpose of using the RMC Service.
“Applicable Data Protection Law” means all applicable data protection law requirements including, without limitation, the European Data Protection Directive (Directive 95/46/EC), local country laws implementing the European Data Protection Directive, any subsequent legislation (including Regulation (EU) 2016/679 (“GDPR”), and local country laws implementing the GDPR as applicable), and all other relevant local data protection laws.
“Personnel” means any employees, agents, consultants or contractors of RMC or Customer, as appropriate.
2. Our Commitment
Data, privacy, and security are important to us and we are committed to protecting the personal data. This document describes our practices regarding the collection and processing of personal data through our Platform. Our practices implement the following principles:
- Accountability ——> We are responsible for the protection of personal data entrusted to us.
- Security & Retention ——> We apply technical, physical and organizational measures to ensure an appropriate level of security for the personal data in our custody. We retain it as needed for its intended purposes.
- Third Parties ——> We carefully choose vendors, service providers and other third parties with whom we share personal data and require them to commit to standards that we consider adequate.
We promise never to;
- Sell or share your customer email addresses, subscribers, or any other personally identifiable information, (an exception to this is our sub-processors, which are listed below)
- Send emails or otherwise contact your customers or subscribers without Customers’ consent, for any purpose,
- Display any third party ads on Customers’ website without Customer’s approval.
3. Data Processing and Collection
RMC and Customer acknowledge that Customer is the Controller or primary Processor with regard to the Processing of relevant Personal Data. RMC shall Process Personal Data only as a Processor or Sub-processor (as applicable to Customer’s use of the Services) on Customer’s behalf and only to the extent and in such a manner as is necessary for the purposes specified by the Customer Agreement or as otherwise instructed by the Customer from time to time.
We treat personal data as confidential information and process personal data on behalf of and in accordance with Customer’s documented instructions for the following purposes;
- Processing in accordance with the Agreement and applicable Order Forms;
- Processing initiated by Authorized Users in their use of the RMC;
- Processing to comply with other documented reasonable instructions provided by Customer (e.g., via email or phone) where such instructions are consistent with the terms of the Agreement.
Processing purposes may include, -but not limited to-;
- Automated web and e-mail personalization,
- Personalized web experience
- Website analytics,
- Targeted e-mail, SMS, push messaging, services.
3.2.Categories of Data Processed
We process information; in accordance with the Customer Agreement and sent by Customer’s end users identified through Customer’s implementation.
Some examples of the date processed by RMC are;
- Personal data and contact information such as name, surname, birthday, gender, location, e-mail address, mobile phone number;
- Location information from data subject’s mobile device or web browser;
- Customer visit and event history on websites and mobile apps, including logins, product page and category views, on-site search, purchased products;
- Technical information, (E.g. IP addresses, unique device identifiers, token info of browsers and mobile apps…)
We do not process any sensitive data regarding the data subject directly. However, sensitive data can be created by combining, analyzing and further processing relevant personal data.
RMC uses both first (cookies created by the site Data Subject visits) and third party cookies (cookies created by other sites for mostly remarketing efforts). Cookies can be both session based or permanent cookies. All list of the cookies and descriptions can be shared with our Customers when demanded. In such demand please contact us as indicated in the “Contact Us” section.
End Users are able to clear, enable, and manage cookies in their web browsers.
- For Google Chrome Users;
- For Microsoft Edge Users;
- For Apple Safari Users;
Some of your business’s key interactions with customers may happen offline. Sample “offline events” can include:
- Offline surveys,
- Data collected from Customer’s call center,
- Purchase events from Customer’s physical stores, etc.
These types of offline data can be collected or implemented using SFTP or 3rd party integrations.
4. Data Sharing and Subprocessors
We will not share or disclose a user’s personal data with third parties. An exception worth noting is that we may share personal data with;
- Our subsidiaries, parent companies, affiliates, joint ventures, or other companies under common control with us,
- Our sub processors which are listed below.
|Doğuş Bilgi İşlem ve Teknoloji Hizmetleri A.Ş.||Whole Services||Hosting||Turkey|
|Omni Kanal Dijital Teknoloji ve Arge Yazılım Hizmetleri A.Ş. (Group Affiliate)||Campaign Management Platform Services||Software Development||Turkey|
|Portakal Yazılım Danışmanlık Reklamcılık ve Yay. San. Tic. A.Ş. (Group Affiliate)||Customer Data Platform Services||Software Development||Turkey|
|Apsen Bilişim ve Yazılım Sis. San. Tic .LTD.||Push Services||Software Development||Turkey|
|Zendesk||Whole Services||Service Desk||USA|
|Google Inc. (G-Suite)||Whole Services||Email Communication & Collaboration||Ireland|
If we engage a new Sub-processor, we will notify our Customers about such engagement by sending an email to our Customer’s, or updating the list to our website. This does not release Customer from an ongoing duty to monitor the list of our Sub-processors.
Any time you wish that we cease any activity that affects you, please contact us as indicated in the “Contact Us” section.
5. Protective Measures
We take appropriate and reasonable technical and organizational measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal data. Such technical and organizational measures include:
- Limiting and recording physical access to our premises and facilities;
- Limiting and recording access to our data servers;
- Mitigating risks from natural disaster and accidental and malicious damage
- Recording any input and changes to our system including Who/When created/changed/deleted/updated the data
- Transferring personal data only through secured interfaces such secure FTP, HTTPS etc.
- Ensuring regular tests and reviews to our system performed by third party security agencies
- Segregating data we collected for different purposes
- Ensuring that our affiliates and business partners have appropriate security safeguards to keep personal data secure,
- Ensuring that relevant Personnel receive appropriate training regarding their responsibilities and obligations with respect to the processing, protection and confidentiality of Personal Data.
5.1.Data Security Incidents
We follow a standard incident response process that defines our actions in the event of a data breach. This process involves members of technical, legal and information security staff, as well as our client support and account management teams who collectively investigate and respond to incidents.
We reserve the right to update and change this Product Policy from time to time in order to reflect any changes to the way in which we process personal data or changing legal requirements. Any changes we may make to our Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Policy.
7. Contact Us
Address: Yeşilce Mahallesi Yunus Emre Caddesi Doğruer Plaza No: 4 Zemin Kat 4. Levent Istanbul/Turkey