This privacy statement is effective as of January 25, 2019. Please note that this privacy statement will regularly be updated to reflect any changes in the way we handle your personal data or any changes in applicable laws.
This page and its sub-pages tell you everything you need to know about how Do It Marketing and/or its affiliates and newly acquired companies (“DOIT®”; “we”) protect the personal data we process and control relating to you (“your personal data”; “your data”) and which rights you have in relation to the processing of your personal data.
Any DOIT® entity located outside the European Union will for the purposes of compliance with data privacy laws be represented by DOIT®. DOIT® is GDPR Compliant. Learn more about DOIT® GDPR compliance below.
Below, we first give a general description of how DOIT® protects your personal data. Further below, we also include specific information on the following:
- How does DOIT® protect your personal data?
- How does DOIT® use personal data when you visit this website?
- How does DOIT® use personal data when you visit our offices?
- How does DOIT® use personal data for marketing purposes?
- DOIT® GDPR Compliance
1. HOW DOES DOIT® PROTECT YOUR PERSONAL DATA?
DOIT® attaches great importance to your right to privacy and the protection of your personal data. We want you to feel secure that when you deal with DOIT®, your personal data are in good hands.
DOIT® protects your personal data in accordance with applicable laws and our data privacy policies. In addition, DOIT® maintains the appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage thereto.
The following sections provide further details as to how DOIT® processes your personal data:
- Which categories of personal data do we collect and how do we process such personal data?
- For which purposes and on which legal basis do we use your personal data?
- Will we share your personal data with third parties?
- What about sensitive data?
- What about data security?
- Where will your personal data be processed?
- How long will your personal data be retained by us?
- Which rights do you have with respect to the processing of your personal data?
- Which categories of personal data do we collect and how do we process such personal data?
We collect personal data of our employees, potential employees, clients, suppliers, business contacts, shareholders and website users. If the data we collect are not listed in this privacy statement, we will give individuals (when required by law) appropriate notice of which other data will be collected and how they will be used.
Except for certain information that is required by law, your decision to provide any personal data to us is voluntary. You will therefore not be subject to adverse consequences if you do not wish to provide us with your personal data. However, please note that if you do not provide certain information, we may not be able to accomplish some or all of the purposes outlined in this privacy statement, and you may not be able to use certain tools and systems which require the use of such personal data.
If you provide us with personal data of another person (for instance, a potential employee/referral), you are responsible for ensuring that such person is made aware of the information contained in this privacy statement and that the person has given you his/her consent for sharing the information with DOIT®.
The above-mentioned categories of personal data have been obtained either directly from you (for example, when you provide information to sign up for a newsletter or register to comment on a forum website) or indirectly from certain third parties (for example, through our website’s technology). Such third parties include our affiliates, public authorities, public websites and social media, suppliers and vendors.
For which purposes and on which legal basis do we use your personal data?
DOIT® uses your personal data only where required for specific purposes. Please click here for (i) a list of the purposes for which DOIT® uses your personal data and (ii) an overview of the legal basis for each such purpose.
Where the above table states that we rely on our legitimate interests for a given purpose, we are of the opinion that our legitimate interests are not overridden by your interests, rights or freedoms, given (i) the transparency we provide on the processing activity, (ii) our privacy by design approach, (iii) our regular privacy reviews and (iv) the rights you have in relation to the processing activity. Please contact us if you wish to obtain further information on this balancing test approach.
We will process your personal data for the purposes mentioned above based on your prior consent, to the extent such consent is mandatory under applicable laws.
We will not use your personal data for purposes that are incompatible with the purposes of which you have been informed, unless it is required or authorized by law, or it is in your own vital interest (e.g. in case of a medical emergency) to do so.
Will we share your personal data with third parties?
We may transfer personal data to our service providers, professional advisors, public and governmental authorities or third parties in connection with a (potential) corporate or commercial transaction. Such third parties may be located in other countries. Before we do so, we shall take the necessary steps to ensure that your personal data will be given adequate protection as required by relevant data privacy laws and DOIT®’s internal policies.
Unless you are otherwise notified, any transfers of your personal data from within the European Economic Area (EEA) to third parties outside the EEA will be based on an adequacy decision or are governed by the standard contractual clauses (a copy of which can be obtained through the contact information included below). Any other non-EEA related transfers of your personal data, will take place in accordance with the appropriate international data transfer mechanisms and standards.
What about sensitive data?
We do not generally seek to collect sensitive data (also known as special categories) through this site or otherwise. In the limited cases where we do seek to collect such data, we will do this in accordance with data privacy law requirements and/or ask for your consent.
The term "sensitive data" refers to the various categories of personal data identified by data privacy laws as requiring special treatment, including in some circumstances the need to obtain explicit consent from you. These categories include racial or ethnic origin, political opinions, religious, philosophical or other similar beliefs, membership of a trade union, physical or mental health, biometric or genetic data, sexual life or orientation, or criminal convictions and offences (including information about suspected criminal activities).
What about data security?
We maintain organizational, physical and technical security arrangements for all the personal data we hold.
We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of personal data and the processing we undertake.
We adopt market leading security measures to protect your personal data. This includes (without being limitative):
- We adhere to the highest and strictest information security standards. This is a security standard awarded by the British Standards Institution (“BSI”) that serves as international certification that DOIT® adheres to the highest and strictest standards. This certification is the only auditable international standard that defines the requirements for an Information Security Management System (“ISMS”), and confirms that DOIT®’s processes and security controls provide an effective framework for protecting our clients’ and our own information.
- We have a global Client Data Protection (“CDP”) program in place which governs the stewardship of client information and systems entrusted to us.
- We have regular penetration testing performed by a third party provider, which continues to show the strength of our technical defenses.
Regarding your use of our websites, you should understand that the open nature of the internet is such that information and personal data flows over networks connecting you to our systems without security measures and may be accessed and used by people other than those for whom the data are intended.
Where will your personal data be processed?
As a global organization with offices and operations throughout the world, personal data we collect may be transferred or be accessible internationally throughout DOIT®'s global business and between its entities and affiliates.
Any such transfers throughout DOIT®’s global business take place in accordance with the applicable data privacy laws and in accordance with our Binding Corporate Rules (“BCR”).
Our BCR reflect the standards contained in European data privacy laws (including the General Data Protection Regulation). Having our BCR means that all our group entities which have signed up to our BCR have to comply with the same internal rules. It also means that your rights (see “Which rights do you have with respect to the processing of your personal data?”) stay the same no matter where your data are processed by DOIT®.
Further information on DOIT® (and, if relevant, its representatives) can be found here. Any DOIT® entity located outside the European Union will for the purposes of compliance with data privacy laws be represented by Do It Marketing.
How long will your personal data be retained by us?
We will retain your personal data only for as long as is necessary. We maintain specific records management and retention policies and procedures, so that personal data are deleted after a reasonable time according to the following retention criteria:
- We retain your data as long as we have an ongoing relationship with you (in particular, if you have an account with us).
- We will only keep the data while your account is active or for as long as needed to provide services to you.
- We retain your data for as long as needed in order to comply with our global legal and contractual obligations.
Which rights do you have with respect to the processing of your personal data?
You are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:
- Request access to the personal data we process about you: this right entitles you to know whether we hold personal data about you and, if we do, to obtain information on and a copy of that personal data.
- Request a rectification of your personal data: this right entitles you to have your personal data be corrected if it is inaccurate or incomplete.
- Object to the processing of your personal data: this right entitles you to request that DOIT® no longer processes your personal data.
- Request the erasure of your personal data: this right entitles you to request the erasure of your personal data, including where such personal data would no longer be necessary to achieve the purposes.
- Request the restriction of the processing of your personal data: this right entitles you to request that DOIT® only processes your personal data in limited circumstances, including with your consent.
- Request portability of your personal data: this right entitles you to receive a copy (in a structured, commonly used and machine-readable format) of personal data that you have provided to DOIT®, or request DOIT® to transmit such personal data to another data controller.
- To the extent the processing of your personal data falls in scope of our BCR, you may also want to review your rights under our BCR.
To the extent that the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time by contacting DOIT®’s Data Privacy Officer. Please note that this will not affect DOIT®’s right to process personal data obtained prior to the withdrawal of your consent, or its right to continue parts of the processing based on other legal bases than your consent.
If, despite our commitment and efforts to protect your personal data, you believe that your data privacy rights have been violated, we encourage and welcome individuals to come to DOIT® first to seek resolution of any complaint. You have the right at all times to register a complaint directly with the relevant supervisory authority or to make a claim against DOIT® with a competent court (either in the country where you live, the country where you work or the country where you deem that data privacy law has been infringed).
Contact us to exercise any of your rights.
2. HOW DO WE USE PERSONAL DATA WHEN YOU VISIT DOIT®’S WEBSITE?
In addition to the information set out above, the following sections describe how we use personal data when you visit Accenture’s website:
- Which personal data do we gather?
- Do we include (links to) websites and programs of third parties?
- How do we use personal data that we collect from our websites?
Which personal data do we gather?
Accenture collects personal data at its websites in two ways: (1) directly (for example, when you provide personal data to sign up for a newsletter or register to comment on a forum website); and (2) indirectly (for example, through our website's technology).
We may collect and process the following personal data:
- Personal data that you provide by filling in forms on our website. This includes registering to use the website, subscribing to services, newsletters and alerts, registering for a conference or requesting a white paper or further information. Pages that collect this type of personal data may provide further information as to why your personal data are needed and how it will be used. It is completely up to you whether you want to provide it.
- If you contact us, we may keep a record of that correspondence.
We may ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Any postings, comments or other content that you upload or post to an Accenture website.
- Our website collects personal data about your computer, including (where available) your IP address, operating system and browser type, for system administration, to filter traffic, to look up user domains and to report on statistics.
- Details of your visits to our website, the pages you view and resources you access or download, including but not limited to, traffic data, location data, weblogs and other communication data. Please see the Cookies section below for more information.
Do we include (links to) websites and programs of third parties?
Our websites may include:
- Links to and from the sites of our partner networks, advertisers and affiliates.
- Certain programs (widgets and apps) of third parties. Where this is the case, note that such third parties may process your personal data collected through such programs for their own purposes.
How do we use personal data that we collect from our websites?
We use personal data for the purposes described in the section “For which purposes and on which legal basis do we use your personal data?” above, as well as to provide you with information you request, process online job applications, and for other purposes which we would describe to you at the point where it is collected. For example:
- To fulfill your requests for white papers, articles, newsletters or other content.
- For surveys or research questionnaires.
- To personalize your experience at our website.
- To contact you for marketing purposes where you have agreed to this.
We analyze your IP and browser information to determine what is most effective about our website, to help us identify ways to improve it and make it more effective. Please see the Cookies section below for more information.
4. HOW DO WE USE PERSONAL DATA WHEN YOU VISIT OUR OFFICES?
In addition to the information set out above, this section describes how we use personal data when you visit DOIT® offices.
Please click here to receive further details on how we process your personal data when visiting our offices (this sub-page also relates to the potential processing of your personal data through CCTV and access management systems in case such CCTV and access management systems are active.)
If you have any questions on data privacy or you want to let us know about website/marketing permissions, please contact us.
5. HOW DO WE USE PERSONAL DATA FOR MARKETING PURPOSES?
In addition to the information set out above, the following sections describe how we use personal data for marketing purposes:
- What are the sources of marketing data?
- Do we send targeted e-mails?
- Do we maintain Customer Relationship Management (CRM) databases?
- Do we combine and analyze personal data?
- Do we share personal data with third parties?
- What are your rights regarding marketing communications?
What are the sources of marketing data?
The bulk of the personal data we collect and use for marketing purposes relates to individual employees of our clients and other companies with which we have an existing business relationship.
We may also obtain contact information from public sources, including content made public at social media websites, to make an initial contact with a relevant individual at a client or other company.
Do we send targeted e-mails?
We send commercial e-mail to individuals at our client or other companies with whom we want to develop or maintain a business relationship in accordance with applicable marketing laws.
Our targeted e-mail messages typically include web beacons, cookies, and similar technologies that allow us to know whether you open, read, or delete the message, and links you may click.
When you click a link in a marketing e-mail you receive from DOIT®, we will also use a cookie to log what pages you view and what content you download from our websites, even if you are not registered at or signed into our site.
Targeted e-mails from DOIT® may include additional data privacy information, as required by applicable laws.
Do we maintain Customer Relationship Management (CRM) databases?
Like most companies, DOIT® uses customer relationship management (CRM) database technology to manage and track our marketing efforts.
Our CRM databases include personal data belonging to individuals at our client and other companies with whom we already have a business relationship or want to develop one.
The personal data used for these purposes includes relevant business information, such as: contact data, publicly available information (e.g. board membership, published articles, press releases, your public posts on social media sites if relevant for business purpose), your responses to targeted e-mail (including web activity following links from our e-mails), website activity of registered users of our website, and other business information included by Accenture professionals based on their personal interactions with you. If you wish to be excluded from our CRM databases, please contact us.
Do we combine and analyze personal data?
Do we share personal data with third parties?
In addition to the third parties mentioned in the section “Will we share your personal data with third parties?” above, we may share your personal data with marketing agencies.
What are your rights regarding marketing communications?
You can exercise your right to prevent marketing communications to you by checking certain boxes on the forms we use to collect your personal data, or by utilizing opt-out mechanisms in e-mails we send to you.
You can also exercise the right to discontinue marketing communications to you, or to have your personal data removed from our customer relationship management (CRM) databases at any time by contacting us.
In such cases, we will retain minimum personal data to note that you opted out in order to avoid contacting you again. Alternatively, you may want to use this link to inform us about your opt-out preferences.
7. DOIT®'S GDPR COMPLIANCE
European Union’s General Data Protection Regulation (GDPR) comes into effect on 25th May 2018. It replaces the 1995 Data Protection Directive and harmonizes pre-existing disparate data privacy laws across EU member states including the UK.
At DOIT®, our view is that consistency and certainty around data privacy and data protection is a win-win for all stakeholders – businesses, consumers and tech and solution providers.We have always believed that responsible and transparent collection and use of personal data,combined with mechanisms that give end users control over their personal data, are of utmost importance and an issue that every company and organization in the online advertising ecosystem must take seriously.
GDPR protects the privacy of EU citizens and applies to all companies collecting or processing personal data on individuals in the European Union, even if not established in the European Union. GDPR applies to any information concerning an identified or identifiable natural person,and this includes technical identifiers such as Cookie IDs and Mobile Advertising IDs.As a digital marketing solutions provider that doesn’t have direct relationship with consumers,we operate as a Data Processor, processing data on behalf of our Clients (the data controllers of the data) based on their instructions, and it is the responsibility of the data controller to establish an appropriate legal basis for the processing of the data. DOIT® is already in compliance with key elements of GDPR and is well-positioned to implement any additional requirements.
The GDPR provides six bases for data collection and data processing in Europe:
- The vital interest of the individual
- The public interest
- Contractual necessity
- Compliance with legal obligations
- Unambiguous consent of the individual
- Legitimate interest of the data controller
For businesses in the marketing or digital marketing industry or who collect data (Data Controller) for the purposes of marketing, the two bases that could be applicable are: (1) unambiguous consent of the individual and (2) legitimate interest of the data controller. Explicit consent means the user must opt-in. As per GDPR, this applies to sensitive personal data such as race, religion, sexual orientation, political affiliation, and health status.
Importantly, online identifiers (e.g. cookies) have been categorized as non-sensitive personal data, therefore an explicit opt-in is not required. Our view at DOIT® is that unambiguous consent is the most applicable basis for our clients and partners (Data Controllers) who collect personal data including technical identifiers.
When working with DOIT®, our clients and partners need only access to pseudonymous data namely Cookie IDs and Mobile Advertising IDs, that does not allow direct identification of users.
Under GDPR, a controller determines why and how data is processed, while processors do the actual processing on the controller’s behalf. Advertisers and Publishers are typically considered controllers, whereas third-party entities like ad-tech/mar-tech providers are typically considered processors. While our clients and partners, as Data Controllers, are responsible for providing comprehensive information to their users, we understand and deliver on our shared responsibility to comply with GDPR as a Data Processor.
As a programmatic solution provider, DOIT® receives and uses certain types of data that altogether we call as “Platform Data”, Platform Data includes data generated through the Platform as well as data clients receive from other sources and then use via our Platform. We only process personal data on instructions from the controller, and inform the controller if the said instructions infringe on the GDPR. As a data processor, we do not opportunistically use or mine personal data for purposes not outlined by the data controller.
The Platform Data may include information about browsers and devices of users, such as:
- The type of browser and its settings
- Information about the device’s operating system and type of device
- Cookie information
- Information about other pseudonymous identifiers assigned with the device, such as
Apple’s Identifier for Advertisers (IDFA) and Google’s Advertising ID for Android devices
- IP address from which the device accesses a client’s website or app.
- In the context of receiving requests to show ads to a device, or requests initiated by Clients to track activity or place users into interest-based segments, information about the user’s activity on that device, including web pages and apps visited or used and the time those web pages and apps were visited or used.
- Information about the geographic location of the device when it accesses a website or app -only if our clients have notified a user that this information will be shared with us or another third party and the user hasn’t disabled the collection through device settings by disabling location services and/or consented to this information being shared.
- Inferences or information about users’ interests that are created, acquired, bought, sold, or used by our clients (commonly known as “interest-based segments” or “segment data”) to target ads to users.
Our clients also have ability to send additional data appended to a segment pixel through query strings if they want to do so. Typically, data sent through query string is client-specific unique identifiers for devices and browsers, order id and order value etc.
Consumers may opt out of certain types of data being processed, e.g., by blocking cookies or downloading an opt out cookie on their browser, disabling ad tracking or location services on their device, etc.
Note we do not allow data that by itself identifies an individual “in the real world,” such as name, address, phone number, email address, or government identifier, and we contractually prohibit our clients from sending to us or using such data in connection with their use of our solution. DOIT® does not under any circumstances allow data that directly identifies an individual in this way to be collected through.
DOIT® assigns a unique identifier (e.g., uuid1234) to every device or browser that passes through the Platform. While DOIT® cannot identify which individual (or individuals) are using the device or browser in the real world, this unique identifier, combined with the other information we process on behalf of our clients (e.g., cookie IDs, mobile device IDs, IP addresses with full 4 octets, latitude and longitude coordinates with greater than 3 decimal places of precision), is now defined as “personal data”.
This type of personal data that we collect, matched against unique identifiers, is referred to in the GDPR as “pseudonymized data”. The GDPR explicitly recognizes “pseudonymization” as good practice in protecting the interests of individuals.
Lastly, while we collect/receive segment data from our clients and third parties for our clients to use on our Platform, we do not create segments or decide/assign segments to users of our own accord. While we use impression level data that may be tied back to a pseudonymous identifier to optimize the purchase and sale of advertising inventory, we do not optimize at a specific user level (in other words, we do not optimize to a cookie ID, advertising ID, or IP address).
8. CONTACT US
Please click here if:
You have a general question about how DOIT® protects your personal data.
You wish to exercise your rights in relation to your personal data rights (as set out in the sections “Which rights do you have with respect to the processing of your personal data?” and “Your rights regarding marketing communications”). Alternatively, you may want to use this link to exercise these rights.
You would like a copy of the full version of our BCR.
You wish to make a complaint about DOIT®’s use of your data.
You can also contact our Data Privacy Officer.