Last updated January 05, 2021
User Data And Info We Collect And Process
1.1 Tester metadata
Data received automatically by Sharewell when a user connects to the User Test with which Sharewell’s software interoperates (“Tester metadata”):
- Device Description
- Operating system and its version
- Screen Size
- Device Manufacturer
- Device language
- The exact time of communication with the server
- User’s IP address (retrieved when connecting to the server)
- Further location info (latitude, longitude, accuracy, altitude etc.)
All such data received automatically by Sharewell do not contain data which are able to lead to the identification of the natural person.
All such data are completely anonymous.
If the user who is offered to participate in a User Test chooses not to participate or declines acceptance of this policy, Sharewell will not proceed to any further collection of user data but can at all times use and process already collected response meta-data.
Data received by Sharewell when a user visits a website with which Sharewell’s software interoperates through the placement of a Sharewell Cookie.
1.2 Data collected through the user testing process (content data)
1.3 Data voluntarily submitted by the tester
Sharewell also collects and processes:
- Demographic data that the Tester is optionally asked to submit (such as Tester’s gender, age group, interests etc) that is processed and stored by Sharewell in order to form targeted audiences for subsequent User Tests.
- Direct Personally Identifiable Data (such as Tester’s name, e-mail address etc) which the Tester voluntarily consents to send to the Researcher through Sharewell for any reason e.g. in order to participate in competitions for prizes or for other contact or promotional purposes which shall be communicated to you by Sharewell when you will be asked to provide such Data.
How We Use Data
Sharewell collects, processes and analyzes data and provides its clients, the Researchers, with statistical charts, data, info, and tools/options for further analysis, related to the results of a User Test. Correlation/association of all data and info received/deduced by Sharewell during the User Test process and all prior-to User Test /after- User Test processes, are also conducted in order for Sharewell to be able to provide services to its clients. Sharewell may at all times correlate or associate collected Tester meta-data and collected content data with data voluntarily submitted by the Tester, except for Direct Personally Identifiable Data, described in section c2, which Sharewell will never correlate with any other data. Direct Personally Identifiable Data will be stored and sent to the Researcher only for the purpose of conducting a draw for a Prize.
Furthermore, all data collected and processed by Sharewell, in any manner and form, including Tester meta-data, all content data, voluntarily sent data and all further analyses pertaining to a User Test are and remain at all times Sharewell proprietary material, and are included in Sharewell’s proprietary databases.
Please also note that:
We may disclose data collected by us (including Direct Personally Identifiable Data, such as name, e-mail address etc. which the user sends to Sharewell in order to participate in competitions), if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement activity or other legal processes. We also reserve the right to disclose data collected by us, as we believe, in good faith, is appropriate or necessary to take precautions against liability; to protect Sharewell and others from fraudulent, abusive, or unlawful uses or activity; to investigate and defend ourselves against any claims or allegations; to assist government enforcement agencies; to protect the security or integrity of the Service and our other property; or to protect the rights, property, or safety of us, our users, or other persons or entities.
Finally, we use commercially reasonable physical, managerial, and technical safeguards in an effort to preserve the integrity and security of your personal information. All data and responses are transferred above HTTPS/SSL secure channels to ensure the secure exchange of data between the users’ devices and Sharewell servers. We cannot, however, ensure or warrant the security of any information you transmit to us, and you do so at your own risk. Once we receive your transmission of personal information, we make commercially reasonable efforts to ensure the security of our systems. Please be aware, however, that this is not a guarantee that such personal information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If we learn of a security systems breach, then we may attempt to notify you electronically so that you can take appropriate protective steps. We may post a notice through the Service if a security breach occurs.
Sharewell may at all times use, transfer, process, develop and exploit at its sole discretion all elements, data or content included in such Sharewell Databases for any legal, commercial or other purposes.
Sharewell does not collect and does not share with any entity whatsoever any sensitive or “special categories of data” including but not limited to financial account numbers, Social Security numbers, pharmaceutical prescriptions or medical records.
Recipients Of Data
Sharewell is the main recipient of data and Sharewell may share, transfer or license, in whole or in part elements such data to third parties such as our client-researchers, app-publishers or other Sharewell clients (collectively “Clients”). You hereby give your consent for the lawful processing of your data by our Clients, with whom we share such data.
We require from our clients to abide by the GDPR and/or the EU-US/SWISS-US privacy shield, in relation to their processing of your data.
Sharewell may share, transfer or license such data to marketing companies, advertisers or other ad-serving companies who may use (or further sublicense) the data with the purpose of serving advertisements.
Sharewell does not itself collect (and does not allow third parties to directly collect e.g. via third-party cookies), user multi-site or cross-app data through the operation of the Sharewell platform. However, Sharewell may share or license Sharewell-collected data with third entities which, after having received Sharewell data, may themselves associate them with other data (including multi-site data or cross-app data) previously collected/owned by them or licensed to them by other (non-Sharewell and non-Sharewell-affiliated) sources. Such third-party entities, depending on their business scope, may engage in Online Behavioral and Interest-based Advertising, allowing advertisers to infer interests and serve ads to users based on their activity and location over time. For the transfer or licensing of Sharewell-collected Data to aforementioned entities (although such transferred/licensed data does not in itself include any cross-app or multi-site data) we require from clients to be compliant: with the DAA (Digital Advertising Alliance) to be found at http://www.aboutads.info/ (as each set of principles may be amended from time to time by the DAA or any successor entity to the DAA, and all interpretations of the DAA’s Self-Regulatory Principles, whether by the DAA itself or by the Council of Better Business Bureaus in an accountability proceeding or otherwise); the NAI self-regulatory principles to be found at http://www.networkadvertising.org/ (as the Code may be amended from time to time by the NAI or any successor entity to the NAI, and all interpretations of the NAI’s Code of Conduct by the NAI itself or any successor entity to the NAI); the Principles of the European Interactive Digital Alliance (“EDAA”), currently available at (http://www.edaa.eu/european-principles/), as each set of principles may be amended from time to time by the EDAA or any successor entity to the EDAA; any other relevant FTC, NAI or DAA code, principles or other guidance relating to the collection and use of data or serving of advertising or other Targeted content in the mobile environment; all United States Federal Trade Commission (“FTC”) rules and guidelines regarding the collection, use or disclosure of information from or about a unique user of a website, application or mobile website and/or the device associated with such user.
Please also note that:
We may work with third-party service providers to provide maintenance services, data analysis, service hosting, and other services for us. These third parties may have access to or process data/information collected by us as part of providing their contracted services to us. Sharewell complies with applicable Data Protection legislation and cooperates with reliable cloud hosting service providers. Sharewell cooperates with such cloud hosting providers who are either located within the E.U. (and therefore are obliged to comply with all EU Data Protection Laws and Regulations) or may be located in the US. In the latter case, US located cloud hosting providers are selected by Sharewell, on grounds of US providers being certified members of the U.S. – EU Privacy Shield companies (https://www.privacyshield.gov/list ).
We may disclose data collected by us (including Direct Personally Identifiable Data, such as e-mail address etc. which the user sends to Sharewell in order to participate in competitions), if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement activity or other legal processes. We also reserve the right to disclose data collected by us, as we believe, in good faith, is appropriate or necessary to take precautions against liability; to protect Sharewell and others from fraudulent, abusive, or unlawful uses or activity; to investigate and defend ourselves against any claims or allegations; to assist government enforcement agencies; to protect the security or integrity of the Service and our other property; or to protect the rights, property, or safety of us, our users, or other persons or entities.
We require from all third parties with whom we share your data to agree and warrant that all the processing operations in which they engage shall be lawful and compliant with the provisions of the GDPR (even if not applicable directly by Law to their business) and/or the EU-US/SWISS-US Privacy Shield and any further Data Protection Legislation which may be applicable to their business. We also require that they provide, in particular in terms of expert knowledge, reliability and resources, sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements the GDPR (even if not applicable directly by Law to their business) and/or the EU-US/SWISS-US Privacy Shield and ensure the protection of the rights of the data subject.
Finally, we use commercially reasonable physical, managerial, and technical safeguards in an effort to preserve the integrity and security of your personal information. All data and responses are transferred via HTTPS/SSL secure channels to ensure the secure exchange of data between the users’ devices and Sharewell servers. We cannot, however, ensure or warrant the security of any information you transmit to us, and you do so at your own risk. Once we receive your transmission of personal information, we make commercially reasonable efforts to ensure the security of our systems. Please be aware, however, that this is not a guarantee that such personal information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If we learn of a security systems breach, then we will attempt to notify you electronically so that you can take appropriate protective steps. We shall post a notice through the Service if a security breach occurs and we shall notify the personal data breach to the supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, in case the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.
Sharewell is GDPR compliant. Sharewell takes all necessary actions to comply with COPPA and protect the rights and safety of Minors. By minors, we mean individuals under the age of majority in their residence. We make efforts to exclude Minors from any collection of data and therefore we delete any information and data that has come to our attention that is related to Minors without any notice. If has it comes to your attention anything regarding this issue please contact us immediately.
Sharewell processes Personal Data in accordance with the GDPR requirements directly applicable to Sharewell’s provision of its services, which came into force on 01.05.2020. In particular, Sharewell processes personal data only in accordance with GDPR data protection principles and GDPR data protection provisions. Sharewell also implements appropriate technical and organizational measures and demonstrates compliance and ensures that both in the planning and implementation of processing activities, data protection principles, and appropriate safeguards are addressed and implemented (data protection by design and default).
4.2 Your privacy rights
In your capacity as a data subject whose data is collected and processed by Sharewell, we inform you that you have the rights provided to you under the GDPR and, in particular, you have (a) the right to withdraw your consent at any time and without detriment, without affecting the lawfulness of processing based on consent before its withdrawal, by notifying such withdrawal to us via email with the subject “Data processing consent withdrawal” at the following email address email@example.com; (b) the right to request from Sharewell access to and rectification or erasure of personal data or restriction of processing concerning you and to object to processing as well as the right to data portability; (c) the right to receive notification regarding rectification or erasure of your personal data or restriction of processing that is takes place following your request; (d) the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, and (e) to lodge a complaint with a supervisory authority.
4.3 Contact info / Representative in the EU / Data Protection Officer
Please contact us with any questions or comments about this Policy, your personal information, our third-party disclosure practices, or your consent choices by email: firstname.lastname@example.org.
Sharewell designates as its representative in the EU, who acts on Sharewell’s behalf and who may be addressed by any supervisory authority and be subject to enforcement proceedings in the event of non-compliance with the GDPR by Sharewell, Mr. Sten Kreisberg, who can be contacted at the following address: email@example.com. Sharewell remains fully liable under the GDPR. Sharewell appoints as a Data Protection Officer Sten Kreisberg, who can be contacted at the following address: firstname.lastname@example.org.
Governing Law & Miscellaneous
Changes And Updates To This Policy
Sharewell reserves the right to modify the terms and conditions of the present Agreement or alter or end its services at any time at its sole discretion. You are responsible for ensuring that you will regularly review the present Agreement. If you choose to continue using Sharewell services after any modifications to the present terms are made, you will be considered to have fully and unconditionally accepted the aforementioned modifications to this Agreement.