Insider One’s personalization technologies, available through InOne, process data on behalf of digital marketers, website owners, leading brands, and other online business services. The information Insider One collects and processes also includes its customers’ personal data (the “end users”). These end users are also known as “data subjects”, and Insider One is committed to protecting their information with equal zeal.
Under the GDPR, end users have the right to understand what’s happening with their data, what firms are doing with the information they collect, the purpose of data collection, and how consent is obtained. In one sentence, it stands for privacy and transparency.
In the relationship between Insider One and its partners, Insider One is the data processor, and its partners are the data controllers, as defined under the GDPR. Based on these roles, Insider One is committed to enabling its partners to comply with Data Subject Rights (defined in Articles 15 – 23).
Overall, Insider One will cooperate with any requests from controllers to access, erase, or rectify end-user data, with trained personnel handling these requests. Additionally, our platform provides multiple API endpoints to delete or upsert data, keeping user data accurate.
Here is how Insider One complies with each item of GDPR Data Subject Rights:
1. Right of access
Under GDPR, individuals have the right to obtain:
Confirmation that their data is being processed,
Access to their personal data
Other supplementary information largely corresponds to what should be provided in a privacy notice.
Insider One enables its partners to easily access their end users’ data upon request. Insider One’s REST API set is designed to provide its partners with the specified user profile, including personal data. In this way, they can instantly respond to their end users’ requests to access any personal data being processed by Insider One as a Data Processor on their behalf.
2. Right to data portability
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
Similar to the right of access, partners can use Insider One’s REST APIs to export the specified user profile and deliver that personal data to the end user in response to their portability request.
3. Right to rectification
Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. If you have disclosed the personal data in question to third parties, you must, where possible, inform them of the rectification.
If the end user requests that our partner rectify inaccuracies in the personal data processed by Insider One on their behalf, Insider One’s REST API set can be used to correct such personal data.
4. Right to erasure
The right to erasure is also known as ‘the right to be forgotten’.
If partners are requested by their end users to delete their personal data, they can use Insider One’s REST API to fulfill this obligation instantly.
5. Right to restrict processing
Data Subjects have the right to block or suppress the processing of certain subsets of their personal data in the event of inaccurate or improperly obtained data. When processing is restricted, you are permitted to store the personal data, but not further process it. You can retain just enough information about the individual to ensure that the restriction is respected in the future.
If partners receive objections from their end users to restricting the processing of their personal data, they can use Insider One’s REST API with the specified user's identifier to update their GDPR opt-in status.
6. Right to object
Individuals have the right to object to:
Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
Direct marketing (including profiling);
Processing for purposes of scientific/historical research and statistics.
If partners receive objections from their end users regarding unsubscription requests, they can use Insider One’s REST APIs to unsubscribe those end users. Insider One allows you to mark a user profile as unsubscribed from Emails or Push notifications.