Transactionale is an innovative eCommerce cross-network advertising service by which Publishers and Advertisers can establish convenient links and interactions with the public.
Let us imagine that a user orders a product from a Publisher’s website; once the purchase is concluded, Transactionale sends him a communication containing discounts, offers and promotions which are associated with the purchase, and related to other products and/or services distributed by other members of the Transactionale network (los Anunciantes). Besides, if such user provides their consent, some of their data may be communicated to the Advertiser, so allowing the further sending of commenrcial communication.
As you can appreciate, such operations involve the processing of personal data with consequent obligations pursuant to the applicable data protection laws.
Who is responsible for complying with such laws, what is the content of these obligations, and what shall be done in order to act as the law requires? These are the questions we are going to answer on the next pages.
The Publisher receives, via the relevant e-commerce platform, some personal data from its users.
The personal information received may be subject to several processing operations for different purposes, such as analytics, profiling, advertising etc. Each processing operation can be carried out directly by the Publisher, acting as a Data controller, or by external entities who act on its behalf, as Data processors.
Transactionale belongs to this category of third parties as Flyer tech is the provider of the technological solution through which the Service is delivered; in other words we act as an external Data processor on behalf of our clients.
We have asked iubenda, a company specialised in drafting privacy and cookie policies, to provide us with a description of our services ideally targeted at integrating our Clients’ privacy policies
Transactionale is a cross network advertising service provided by Flyer Tech S.r.l. The service uses some User's Personal Data (such as name, surname, interests, purchases, email address, etc.) to send promotional communications concerning third party products of providers belonging to the same network.
Such offers will always be linked with the product actually purchased by the User.
Data handling location: Italy
The above refers to Transactionale’s direct marketing features.
However, as our clients are well aware, Transactionale has further features which allow the circulation of users’ data among the members of the network. More precisely, if the client provides its consent, data initially held by the Publisher may be communicated to the Advertiser and so allow the latter to directly send promotional communications concerning its products (without asking for another consent to do so).
This is a textbook case of data communication to third parties. Such activity must be explained to – and be priorly accepted by – the Visitor. Here is iubenda’s suggestion:
Data Communication to third-parties through Transactionale
The Owner may create databases by using the User's Data and/or second-level data deriving from analytics or profiling activities.
If the User purchases a product on our website and expresses their consent, the Owner may use Transactionale to communicate the previously mentioned Data to third parties whose products the User has expressed interest in. Such third parties may use Data to send promotional communications to the User.
The User can revoke their consent at anytime by simply sending an email to the contact details indicated in this document or, if communications to third party have already occurred, by directly contacting such third party.
These particular data processing activities must be accepted specifically. For example, the use of Transactionale implies the sending of DEM communications.
In this regard, the hypothetical check-boxes that the Publisher should devise for requesting such consents may be as follows:
As you can see, the previous list does not include the consent required for data communication to the Advertiser, which can be postponed until it is really necessary (i.e. until the visitor has access to the offers). In order to accomplish this, the Publisher may, for example, use a pop-up window containing a message like this:
“I accept that my Data will be communicated to third parties whose products I have expressed interest in. I hereby authorize such third parties to send me promotional and commercial communications regarding their products and/or services (optional)”.
As a general rule, check-boxes shall never be pre-flagged (otherwise the consent will be deemed invalid). Lastly, no matter how you choose to request the consent (through a check-box or a pop-up window etc.), it is of the utmost importance that Publishers keep track of the consent obtained. You should always register Users' consent in a manner that is safe and make consent easy prove in case of inspections or verifications.
This last option will help you to simply the process of identifying the categories of data used by your service. Once the data have been identified, it will then be possible to enter the services you use, which are always provided with specific descriptions of their features. The clause relating to Transactionale is a Pro service that you can easily access to if you open a premium account.