Policy effective as of: 22/05/2018

Veneficus is committed to protecting your privacy. Please read on for our privacy policy and if you have any more questions please don't hesitate to contact us.

The processing of your personal data will always be in line with the rules set out by the General Data Protection Regulation (GDPR). One of the guidelines of this is to ensure that privacy policies are written in plain-english and with as little legalise as possible. So we’ll try to keep it as simple as possible!

Publisher Privacy Policy

This policy applies to Publishers who use our affiliate network.

Our purposes & legal bases for processing your data

The law states that we need to review and decide upon a legal basis for processing any of your personal data. These are the appropriate bases that we’ve selected and the data that is being processed:

Consent - e-mail mailing list

When joining our network we give you the option to also join our publisher e-mail mailing-list which provides us with direct consent to send you newsletters & containing campaigns. The frequency of these communications will typically be weekly, although when more campaigns are available we might send more often than this.

You may withdraw your consent at any time by clicking the link unsubscribe at the bottom of the email or contacting us directly.

Legitimate Interest

For some other data processing we use the legal basis of ‘legitimate interest’. This has been chosen after having performed a balancing test for each individual data use-case.

The data we use & processing we perform under the ‘legitimate interest’ bases are:

Publisher user data

When joining our network as a publisher you provide an individual’s user details – name, email etc. which are used for logging into the platform.

Suppression/unsubscribe

If a user wishes to unsubscribe from our publisher e-mail marketing we need to keep a record of that e-mail in order to make sure it can’t be signed up with again.

Web analytics

We use Google Analytics to assess the number of visitors, sessions, page views, user journeys etc. We use this information to optimise the website and future marketing campaigns, however, it doesn’t include any personally identifiable information.

Our servers hosted on Rackspace log errors and page requests to help fix problems and keep the website secure.

We use the server monitoring software New Relic to monitor the integrity of our websites and keep them secure.

E-mail messaging

We send e-mails using Mailchimp. Their platform records e-mail analytics on an individual user basis including (but not limited to) who was sent particular e-mails, opens, clicks, bounces & unsubscribes. These are used for segmentation and optimisation purposes.

Recipients of personal data

As mentioned in section 2 we use several external companies/services to help us perform our legitimate interests. These services are:

  1. Google Analytics - Belgrave House, 76 Buckingham Palace Road, London, SW1W 9TQ
  2. New Relic - 188 Spear St., Suite 1200, San Francisco, CA USA 94105
  3. Codebase HQ - Unit 9 Winchester Place, North Street, Poole, Dorset, BH15 1NX
  4. Mailchimp - The Rocket Science Group, LLC675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA
  5. Rackspace - 5 Millington Road, Hyde Park Hayes, Middlesex, UB3 4AZ

Personal data transfers outside the EU

You should be aware that some recipients of your data may be based outside the European Union, whose laws provide a different standard of protection than that provided under English law. We will not release your data to a non-EU country processor without performing proper due diligence as to the standards of data protection within the specified country and proof of compliance with the standards of the UK Data Protection Act 1998 and other relevant legislation. Such requirements will be part of a formal and legally binding Data Processing agreement between us and the recipient.

Retention periods - how long we store your data

When you provide us with personal data via consent or any other legal basis we store it within our server, database or external source. Without time limits this would stay stored indefinitely.

However, we don't want to keep it longer than necessary. As such, we’ve set these time limits on keeping personal data:

Publisher user data

We will continue to keep this data indefinitely (even after a Publisher no longer has a business relationship with Veneficus) for auditing, financial integrity, historical business analysis and security purposes.

Suppression data

We will keep a record of suppressed (unsubscribed) e-mails from the publisher mailing list indefinitely to make sure they cannot be re-subscribed.

External data services

When we use external services to process your data this will be stored on their servers:

Google Analytics (web analytics)

The data is stored indefinitely and as it's not user identifiable does not fall under the remit of the 'right to be forgotten'

New Relic (server monitoring)

The data is stored indefinitely. However, we reserve the right to retain these records for security purposes even if a user requests the right to be forgotten.

Codebase HQ (error monitoring)

The data is stored indefinitely. However, we reserve the right to retain these records for security purposes even if a user requests the right to be forgotten.

Rackspace (server hosting)

The data within the access & error logs is stored indefinitely and can be identified to a user via the IP address. However, we reserve the right to retain these records for security purposes even if a user requests the right to be forgotten.

Mailchimp (e-mail sending)

We store publisher user data within the Mailchimp e-mail system if a publisher has opt-ed in to receive our newsletter. We will keep the data on Mailchimp indefinitely.

Cookies

Cookies help us to provide you a better website, enabling us to see which pages you find useful and which ones you don’t. The cookie in no way gives access to your computer or information about you, other than the data that you choose to share with Veneficus.

When you visit a domain, the assets that are loaded on that domain may drop a third-party cookie. These sometimes allow the third party to track you from one site to the other.

You can choose to accept or decline cookies if you prefer by adjusting the settings within your web browser.

If you want to stop cookies being stored on your computer in future, please refer to your browser manufacturer's instructions by clicking “Help” in your browser menu.

The data controller

The data controller for Veneficus is:

Veneficus Ltd, 229-235 High Street, Guildford, Surrey, GU1 3BJ. Phone: 01483 610253