This specific “Client’s Authorised User Data Protection Policy” is an end-user data protection policy that regulates all aspects of personal data processing of an “Authorised User” in Red Points “Software Platform” as defined below and in the Master Service Agreement between a Client of Red Points and Red Points for the provision of Red Points’ services to such Client. For this, a user account is needed where the Client of Red Points has been given by Red Points the corresponding login credentials for the number of users specified in writing to Red Points by such Client, and Client may provide these credentials to its employees, contractors, representatives, and agents (each, an “Authorized User”) to manage the Red Points “Software Platform” (the proprietary software platform located at rpdevelop.wpengine.com) as a result of the service agreement executed between the Client and Red Points in relation to the Brand Protection, Seller Tracking, Clustering and/or Anti-Piracy services.
Therefore, the Authorised User consents and accepts this specific Client’s Authorised User Data Protection Policy and the “Data Protection Policy” (https://www.redpoints.com/data-protection-policy/) when he/she uses the Red Points Software Platform for any Red Points services contracted by the Client to Red Points.
COLLECTION OF PERSONAL DATA AND THE PURPOSES OF PROCESSING
As a consequence of the above, Red Points may collect and process the following personal data for the corresponding purposes related to the following services:
- Brand Protection service.- this service implies the collection and processing of the following Authorised User’s personal data: Name and surname, e-mail address, language, customer identity and job title as an optional field. The purposes of the processing of such personal data is:
– To enable the Authorised User to access to Red Points’ Software Platform.
– To customize the service as determined by the Authorised User, in particular to establish the criteria of the automatic searches, according to its preferences and the intellectual property rights which must be protected as instructed by the Client of Red Points to such Authorised User.
– To collect and store the activity of the Authorised User in Red Points’ Software Platform: Once any potential counterfeits or infringements have been marked by the bots of the Brand Protection service in accordance with the instructions given to the bot via the tools and console of Red Points’ Software Platform, the Authorised User will validate, pause or discard if the possible counterfeits or infringements found by the bots may affect or not the intellectual property rights of the Client. Therefore, Red Points will collect and store information about the Authorised User’s activity in Red Points’ Software Platform in relation to the infringements marked by such Authorised User.
– Also, the Authorised User may request Red Points to file a claim in the service provider’s website where the counterfeits are offered or advertised, in order to obtain their removal.
– To provide the Authorised User with performance dashboards, reports and data extraction from the research for the protection of the Client’s intellectual property rights through Red Points’ services.
– To maintain communications in relation to the provision of contracted services between the Client and Red Points.
- Seller Tracking service.- this service implies the collection and processing of the following Authorised User’s personal data: First name, last name, e-mail address, language, customer identity and an optional field (job title). The purposes of the processing of personal data is:
– To enable the Authorised User to access Red Points’ Software Platform.
– To add a list of authorised sellers (including personal data, such a first name, last name and e-mail address of the contact person of the Client’s seller) as uploaded in the Red Points’ Software Platform by the Authorised User.
– To allow the Authorised User to define in Red Points’ Software Platform any eventual prices, stock or applicable discounts, and any other contractual conditions between the Client and the Client’s seller/distributor/partner, in order to determine what to detect.
– To track and alert about unauthorized sellers of Client’s products.
– To notify sellers of non-compliance with any distribution agreement in place.
– To provide valuable information about the network of Client’s suppliers.
For the purposes indicated, the Authorised User will introduce in Red Points’ Software Platform the name, surname and e-mail address of the contact person of the seller’s partners. As a result, Red Points will be acting as a data processor under the representation and on behalf of its Client, monitoring the activity of the Client’s sellers.
- Anti-Piracy services.- this service implies the collection and processing of the following Authorised User’s personal data: First name, last name, e-mail address, language, customer identity and an optional field (job title). The purposes of the processing of the Authorised User’s personal data is:
– To enable the Authorised User to access to Red Points’ Software Platform.
– To add in the Red Points Software Platform the works owned by the Client, so that the bots of Red Points can crawl and detect potential infringements of its copyrights.
– To enable the Authorised User to configure the bots for automatic actions that must be done when a copyright violation is detected.
– To allow the Authorised User to access to: (i) the reports about performance; (ii) dashboards about the Red Points bots actions; and (iii) metrics of the business impact, all in relation to the Client’s actions.
- Clustering services.- this service implies the collection and processing of the following Authorised User’s personal data: First name, last name, e-mail address, language, customer identity and an optional field (job title). The purposes of the processing of the Authorised User’s personal data are:
– To enable the Authorised User to access to Red Points’ Software Platform.
– To provide associations of potential infringers through matches in the data of apparently different sellers (mainly telephone number and/or email address).
– To order the investigation of potential infringers not yet confirmed by the Client.
– To allow the Authorised User access to the statistics and global reports about the activity of potential infringers and authorised sellers gathered by the Software Platform on the sellers as per the Client’s request.
– To enable the Client to confirm or finally discard the infringer status of the seller analysed following the Client’s request.
The content of the global reports and other information made available to the Client in the Clustering services does not constitute expert evidence of the acts under investigation, but mere evidence. Red Points does not guarantee the accuracy and veracity of this information and will not be liable for any and all actions taken by Client in reliance of the data, including personal data, gathered by our Clustering services.
The Authorised User understands that, in relation to the data, information and instructions given by the Authorised User to Red Points’ Software Platform, the Client shall be responsible for the third-party data, content and instructions provided for the processing under Red Points’ Software Platform. Therefore, the Authorised User shall ensure that they are correct and up to date. In addition, the Authorised User warrants that it has the authorization of the Client, and Client has duly informed and obtained authorization from its authorised seller/distributor/partner, to provide such third-party data in Red Points’ Software Platform, information and content, so that the Authorised User is entitled to instruct the bots to do as the Authorised User has programmed its instructions in Red Points’ Software Platform, and that the Client and Authorised User will indemnify Red Points against any damages that may arise for a breach due to non-compliance with the applicable rules (including fines and penalties) in relation to the processing of such data, information and content during the provision of Red Points’ services. The Authorised User also understands that, upon expiration or termination of the provision of the services, due to the termination of the Client’s account, or at the Client’s express request, Red Points will cease processing any associated third-party data or instructions and will delete them.
LEGAL BASIS OF THE PROCESSING
The legal basis of the Authorised User’s personal data processing is the above mentioned execution of the service agreement between the Client and Red Points, in addition to the informed and express consent given by the Authorised User via the acceptance of this Client’s Authorised User Data Protection Policy together with the Data Protection Policy, and, in any event, the legitimate interest of Red Points to ensure his/her professional location and to maintain relations of any kind with the Client or the Client’s seller employees or contact persons as provided under article 19.1 of Spanish Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales.
WHO MAY ACCESS YOUR PERSONAL DATA?
Based on Red Points’ legitimate interest, and in order to provide the services contracted between the Client and Red Points, the Authorised User’s personal data may be communicated to Red Points’ service providers, such as the following ones:
- Amazon Web Services (https://aws.amazon.com/privacy/?nc1=h_ls), with servers in Ireland and USA and applying encryption to stored information. Nobody outside Red Points has access to the contracted Amazon servers.
- In addition, Red Points uses the customer success tool titled Gainsight, with servers in US, which involves an international transfer of data to the United States. Gainsight is member of the Privacy Shield agreement (https://www.privacyshield.gov/participant?id=a2zt000000001VxAAI&status=Active). For more information about the personal data processing carried out by Gainsight, click this link (https://www.gainsight.com/policy/privacy/).
Red Points may change its IT providers at any time on the legal basis of its legitimate interest as these may be indicated in the specific Client’s Authorised User Data Protection Policy or in the Data Protection Policy. In such case, the data subject will be informed through a notice in the Red Points website or via a direct communication. Red Points informs that some of these providers may be located outside the European Economic Area (EEA), which means that Red Points may carry out international transfers of data based on its legitimate interest and for which all appropriate and adequate guarantees will be applied, such as the use of model clauses approved by the European Commission, to guarantee the security of the processing.For possible transmissions of data produced by the use of cookies, please refer to our Cookies Policy (https://www.redpoints.com/cookies-policy/).
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Authorised User’s personal data will be retained during the contractual relationship between Red Points and each Client and may be kept blocked during the 10-year prescription period if liability arises from such contractual relationship.
RIGHTS OF THE DATA SUBJECT AND THEIR EXERCISE.
Authorised User’s may exercise their rights of access, rectification, deletion, limitation, opposition and portability of data, as well as not to be subject to automated decisions, except in cases where there are legal obligations, the execution of a contract depends on the processing, or there is a legitimate interest that prevents Red Points from executing the request. More information in Data Protection Policy.