- The types of information we collect and how we use the data.
- The steps we take to make sure your data is secure and handled appropriately.
- The rights you have to your data, and how you can manage the data we collect.
Information we collect:
- IP address: helps us identify your device so we can save your preferences and protect our site from cyber-attacks.
- Location data: helps us know which language we should use and whether there are additional national data protection laws we have to comply with.
- Pixel tags: helps us know whether you have accessed our website, or (if relevant) whether you have received an email we sent you.
We may take the general information about how you use our website or interact with our services and use it to help us improve our services. The information we collect may be anonymized and combined with other information about the use of our services.
Managing Your Browser's Cookie Settings:
You have the option to opt-out of analytics and tracking services by managing your browser’s cookie settings. You can download a browser plug-in to manage cookies or disable cookies in your browser.
We only collect information that we need to provide you our services. In GDPR terms, that means we have legitimate interests in collecting personal data, or if you make an account to use our services then we collect personal data as part of the contract in providing you our services. For advertising or tracking cookies on our website, we only place them with your explicit consent.
We hold this information only as long as we are legally obligated to (for example, in case we need to give it to law enforcement authorities in the event of a data breach).
If we do process personal data (e.g. name, email address, IP address), we make sure that all processing is in accordance with the General Data Protection Regulation (GDPR) and any other applicable regulations. If we have to collect any special categories of information – like race, sex, or sexual orientation – we’ll make sure that we gain the appropriate lawful basis of processing and secure the data (e.g. through pseudonymization). We do not factor special category information collected into the types of advertisements or emails you may receive, or anything with a potentially legal or significant effect.
Storage and Security
We use and store the personal data collected for as long as reasonably necessary to provide our services. The particular timeline depends on the relevant service, but generally we will not retain personal data more than three years. Personal data that is stored is either pseudonymized or secured through encryption and/or industry standard access controls (to make sure such access to your personal data is provided only to the people required to provide our services).
Some of the technologies we use for our storage, analytics and marketing include third-parties, like Google Analytics or Yoast. We make sure that the only information that goes to them is general, non-personal data that does not link to your identity. If we do share your personal data with third parties, we will make sure that we have the appropriate legitimate interests to do so in compliance with the General Data Protection Regulation (GDPR).
Some of our processing and storage takes place in the United States, and some of it may take place in Ireland. In the event that your personal information is transferred from one country to another, we ensure that the transfer is compliant with the appropriate data protection and privacy laws. This includes the EU General Data Protection Regulation, the EU-US Privacy Shield, and the Swiss-US Privacy Shield.
Your rights to your data
We want to make it easy for you to understand your rights and empower you to use them.
Under the GDPR, you have the right to:
- Access any personal information we have on you
- Rectify any personal information that may be incorrect
- Object to processing
- Restrict processing
- Request to Erase any of your personal information
- Withdraw Consent (if applicable)
- Data Portability: the right to get your information in a machine-readable format and transfer it easily and freely from us to another controller.
- Lodge a compliant: if you feel like we’ve infringed upon your rights and you wish to lodge a formal complaint about us, please contact our Supervisory Authority at email@example.com.
While we will make every reasonable effort to comply with your requests, in some cases we will be unable to comply due to other, overriding concerns such as establishing or exercising legal claims, or to comply with an outstanding legal obligation.
If you have any questions or concerns about the personal data we collect, or to exercise your rights under the GDPR, please contact our designated representative at firstname.lastname@example.org.
Some of our services are automated processes, in that humans are not involved. However, the decisions made at the end are simply to provide recommendations for you and have no legal or significant effect. We also make sure that no automated decision is based on sensitive categories of data.
Compliance and Changes
Our services and products are not knowingly directed at, nor do we knowingly collect any information from persons under the age of sixteen (16). If you are under sixteen, please do not use this website or its applications. If you learn that your minor child has provided us with personal information without your consent, please contact us at email@example.com.
A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the website again, the cookie allows that site to recognise your browser. Cookies may store user preferences and other information. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some website features or services may not function properly without cookies. Cookies also come in different forms. Single-session cookies are erased after a visit to a website and help with navigation. Persistent (multi-session) cookies remain until they are manually deleted or expire. Cookies can also be placed by either a first party (i.e. the website you visit) or by a third party that has permission from the first party to place a cookie.
For us to get your consent under the GDPR, that consent has to be informed (it has to be plainly written so you understand what you’re consenting to), freely given (as in we can’t coerce you by withholding some information), and unambiguous (both sides need to be sure what each doing and agreeing to, meaning it can’t be wrapped into other activities). Consent also has to be a clear affirmative action (like ticking a box or choosing particular technical settings), and you have to be able to withdraw that consent at any time.
Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks and can either be static (i.e. your computer always has the same IP address) or dynamic (i.e. it is assigned to you by your network when you connect). An IP address can often be used to identify the location from which a device is connecting to the Internet.
A processing activity has legal effects if it could impact your rights – like your freedom to associate with others, vote in an election, or take legal action – or affect your legal status or rights under a contract – like being denied housing or entry into the country. “Similarly significant effects” are ones that could affect your circumstances, behaviour, or choices. This could include decisions that affect your job prospects, or even targeted advertisements that play on particular stereotypes or biases towards minority or vulnerable groups.
This is information that is recorded about users so that it no longer reflects or references an individually identifiable user.
This is information that you provide to us which personally identifies you, such as your name, email address or billing information, or other data which can be reasonably linked to such information by Sovy.
A pixel tag is a type of technology placed on a website or within the body of an email for the purpose of tracking activity on websites, or when emails are opened or accessed, and is often used in combination with cookies.
"Processing" is a catch-all term that effectively means doing anything to your data. According to GDPR Article 4, this includes collecting, manipulating, storing, disclosing, or erasing data, among other actions.
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. See GDPR Article 4(5).
GDPR Article 9(1) defines special categories of personal data as data that could identify your racial or ethnic origin, political opinions, sex or sexual orientation, religious or philosophical beliefs, trade union membership, genetic information, biometric data and other health data.
A Supervisory Authority is an independent public body established by an EU Member State. It's in charge of handling your complaints and making sure that all businesses in its jurisdiction are acting in accordance with the GDPR. Since we're based in Dublin, Ireland, our lead Supervisory Authority is the Irish Data Protection Authority. For more information, see GDPR Article 4(22) or Article 51.