Last Update: June 12, 2023
This Data Privacy Policy (“Privacy Policy” or this “Policy”) represents the minimum standards that IF Tech S.à.r.l. and its affiliates including IF Tech Labs, Inc, IF Tech SRL and IF Tech SAS (collectively, “IF Tech”, “we”, “our”) have set with respect to data privacy, for ensuring that we collect, use, retain, and disclose Personal Data in a fair, transparent, and secure way.
This Policy aligns with (and in some cases exceeds) the main requirements of applicable laws and regulations. It is also aligned with other specific policies of IF Tech relating to the collection and use of Personal Data implemented by each entity of the IF Tech Group to cover the specific Personal Data processing purposes needed for day-to-day activities (e.g. cookies policy, specific local policies such as employees’ privacy policies, specific information notices for customers, etc.). This Policy acknowledges that certain IF Tech affiliates are located in countries with varying legal and cultural approaches to privacy and data protection.
This Privacy Policy may thus be supplemented by other policies and procedures in certain geographic regions as may be appropriate to comply with applicable laws and meet cultural norms. In the event of a conflict between this Privacy Policy and the local applicable privacy policies and/or applicable local law as relevant, or inapplicability of the provisions of this Privacy Policy, the local applicable policy and local law should prevail. Some useful definitions are provided in section 2 of this Privacy Policy for your ease of reference.
- Scope
1.1 The Policy covers all Personal Data in any form, including but not limited to electronic data, disks, and paper documents, and all types of processing, whether manual or automated, that is in IF Tech’s possession or under IF Tech’s control, in all geographical areas where IF Tech operates. This will include information held about IF Tech members, partners, employees, contractors, consultants, clients, consumers, suppliers, business contacts, and any third parties.
1.2 This Policy also applies to any Third Parties who perform services for or on behalf of IF Tech and who are expected to embrace standards of conduct consistent with the principles set out in this Privacy Policy.
- Definitions
2.1 IF Tech shall mean the relevant IF Tech entity processing the Personal Data and the various IF Tech affiliates.
2.2 Third-Party shall mean a third party or business partner who receives from IF Tech or who is granted access to or is otherwise entrusted with Personal Data on behalf of IF Tech, for example, suppliers, contractors, sub-contractors, and other service providers.
2.3 Data Subject shall mean an identified or identifiable natural person whose Personal Data is being processed by IF Tech.
2.4 Informed Consent shall mean any freely given specific and informed indication of the Data Subject’s agreement to the processing of his/her Personal Data, when required.
2.5 Personal Data shall mean any information enabling to identify a natural person, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural, or social identity. Data is considered Personal Data when it enables anyone to link said data to a natural person, even if the person or entity holding that information cannot make that link.
2.6 Application Data shall mean any Personal Data that is processed by IF Tech’s Services, whether by IF Tech or by Third Parties who perform services for or on behalf of IF Tech. For the sake of clarity, Personal Data processed through IF Tech’s marketing websites shall not be Application Data.
2.7 Sensitive Data (or Special Category of Data) shall include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.
2.8 Personal Data relating to criminal convictions and offences are a subset of Personal Data, which due to their nature have been classified by law or by an applicable policy as deserving additional privacy and security protections.
2.9 Process / Processing shall mean any operation or set of operations that is performed upon Personal Data, whether or not by automated means, including but not limited to, collection, recording, organization, storage, access, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, blocking, deleting, erasure, or through other means, such as IF Tech’s marketing websites (“Process” shall be interpreted accordingly).
2.10 IF Tech’s Services shall mean the services that are used by you pursuant to the applicable agreement, which may notably include Yet Another Mail Merge, Form Publisher, Awesome Table (and the Awesome Table add-ons), Playengo, GPT for Work (i.e., GPT for Sheets™ and Docs™, and GPT in Excel™), including any update or replacement thereof and technical support provided by IF Tech to you from time to time.
- How do we ensure the lawfulness, fairness, and transparency of your Personal Data?
Personal Data is processed on the basis of legal grounds with the informed knowledge of the Data Subjects.
3.1 We will only use Personal Data on the basis of a legal ground:
- If necessary to perform a contract (e.g. with our employees, contractors, clients using IF Tech’s Services, suppliers); in particular, we will use Application Data only for the purpose of providing IF Tech’s Services as provided in such contract; or
- If required to comply with a legal obligation (e.g. when we need to satisfy our obligations as an employer); or
- Where we have a legitimate business need or a legitimate business reason to use Personal Data as part of our business activities (e.g. when carrying out a processing to better know our clients and send them promotional offers), except that this shall not apply to Application Data; or
- Where we have obtained the Data Subject’s Informed Consent when it is specifically required by law or by applicable policy. This may notably be the case where none of the other legal grounds described above is applicable and to the extent permitted under applicable law.
3.2 We consider that it is important to assess the privacy risks before we collect, use, retain, or disclose Personal Data, such as in a new system or as part of a new project.
3.3 IF Tech will only process Personal Data in the way described in its specific privacy notices or privacy policies and in accordance with any Informed Consent we may have obtained from the Data Subject.
3.4 IF Tech will not carry out profiling activities based on automated decision-making unless legally grounded on a requirement of applicable law, the performance of a contract, or the Data Subject’s consent, and provided that suitable safeguards are implemented to protect the Data Subject’s rights.
3.5 We use cookie technologies on our websites to allow us to evaluate and improve the functionality of our websites. We can also use cookies for advertising or analytics purposes, subject to your consent and depending on your choice by using our cookie setting tool. For more information about how IF Tech uses cookies, please read our online Cookie Policy.
3.6 Where legally required, we will ensure that Data Subjects are provided with relevant information concerning the processing of their Personal Data, unless there is an impossibility to provide such information or if it requires disproportionate efforts to provide such information. Such information will notably include the purposes of the Personal Data processing, the types of Personal Data collected (if the Personal Data have not been obtained directly from the data subject), the categories of recipients, the list of rights which may be exercised by the Data Subjects, the consequences of a failure to reply or provide Personal Data, the conditions of the transfer of Personal Data outside the European Economic Area (“EEA”), if any, and the mechanism used to protect the Personal Data in the event of a transfer, etc. This requirement may be satisfied by issuing a privacy notice to Data Subjects at the point where Personal Data are originally collected from them. Privacy notices shall be written in language which provides Data Subjects with a clear understanding as to how their Personal Data will be used.
- How do we process Personal Data for specific and legitimate purposes and verify that Personal Data is minimized and accurate?
4.1 Personal Data will only be collected and processed for specified, explicit, and legitimate purposes (which could be multiple), complying with the Personal Data minimization principle and ensuring the accuracy of the Personal Data processed.
4.2 Personal Data will not be further processed in a manner that is incompatible with those purposes.
4.3 We carefully evaluate and define the purposes of any Personal Data Processing before launching a project (e.g. management of HR data, management of recruitment data, payroll purposes, accounting and financial management, allocation of IT tools and any other digital solutions or collaborative platforms, IT support management, health and safety management, information security management, client relationship management, bids, sales and marketing management, supply management, internal and external communication and events management, compliance with anti-money laundering and anti-bribery obligations or any other legal requirements, data analytics operations, implementation of compliance processes).
4.4 We will ensure that the Personal Data we collect is relevant, adequate, and not excessive in relation to the purpose of the Processing and its eventual use (e.g. insights, marketing, promotions). This means that only necessary and relevant Personal Data for the purpose sought can be collected and processed.
4.5 When collecting Sensitive Data or Personal Data relating to criminal convictions and offences, proportionality is fundamental. We do not collect Sensitive Data or Personal Data relating to criminal convictions and offences unless required by applicable law or when allowed by applicable law with the Data Subject’s prior express consent.
4.6 Every reasonable step will be taken to ensure that Personal Data is maintained in an appropriately accurate and up-to-date form at every step of Personal Data Processing (i.e. collect, transfer, storage, and access).
- What measures do we use to ensure appropriate security for Personal Data?
5.1 We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks of Personal Data Processing. These measures are implemented to protect Personal Data against unauthorized or unlawful Processing, accidental loss, destruction, or damage, including against internal or external, deliberate, or accidental threats.
5.2 We will continuously assess and improve our Information Security Management System (“ISMS”) and measures (e.g. anti-virus software, passwords, firewall protection, encryption measures, confidential paper document disposal, security compliance of service providers with appropriate security measures, access restrictions, IT backup processes, awareness-raising programs, and training).
5.3 We will ensure that persons accessing Personal Data have a business need to access that Personal Data and are subject to a confidentiality obligation.
5.4 We will carry out regular tests and evaluations of the effectiveness of our ISMS and measures, making improvements as necessary.
5.5 In case of a data breach, IF Tech will follow the process for reporting, managing, and recovering from such incidents. We will inform the competent data protection authorities and affected Data Subjects as appropriate and as required by applicable law.
- How long do we retain Personal Data?
6.1 Personal Data shall not be kept in a form which permits identification of Data Subjects for longer than necessary for the purposes for which the Personal Data is Processed, in accordance with IF Tech’s Data Retention Policy and applicable laws.
6.2 We will identify and follow applicable legal or contractual obligations regarding data retention. When we no longer need the Personal Data, we will securely delete it, including but not limited to Application Data.
- How do we ensure your rights are protected?
7.1 You have certain rights regarding your Personal Data, which include but are not limited to:
- The right to be informed about how your Personal Data is being used.
- The right to access your Personal Data.
- The right to correct your Personal Data if it is inaccurate.
- The right to request the deletion of your Personal Data in certain circumstances.
- The right to restrict the processing of your Personal Data.
- The right to object to the processing of your Personal Data.
- The right to data portability.
7.2 To exercise your rights, you can contact us at lijianmin@iftech.io. We will respond to your request in accordance with applicable laws.
- How do we manage cross-border data transfers?
8.1 Personal Data may be transferred to countries outside the European Economic Area (EEA) where the level of protection of Personal Data may not be as high as within the EEA. In such cases, we will ensure that appropriate safeguards are in place to protect the Personal Data, such as entering into standard contractual clauses approved by the European Commission or relying on other legal mechanisms for such transfers.
8.2 We will provide more information about cross-border data transfers and the mechanisms used upon request
Data Usage Policy
EasyKOL’s use and transfer of any information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. The data we collect will only be used to provide and improve our services and will not be shared with any third parties, except with explicit user authorization or as required by law.
Google API Services User Data Policy
Our application adheres to the Google API Services User Data Policy. This means that any data accessed through Google APIs is used in compliance with Google’s guidelines and policies to ensure the protection of user data. Users of our application are subject to our Privacy Policy, Terms of Service, and the Google API Services User Data Policy.
EasyKOL uses the user’s openid and profile provided by the Google API Service during the login/registration process to uniquely identify the user. Additionally, it requests authorization from the user to send emails via Gmail in order to assist users in improving their collaboration efficiency with clients during the main workflow of the product, subject to user consent.
The data obtained through the Google API Service includes the following types: openid/profile/gmail.send. Currently, this data is stored solely in EasyKOL’s own database and is not shared with any third parties.
9. AI Tools and Data Processing
9.1 Types of Data Shared with AI Tools:
We share public channel or creator information (e.g., channel name, subscriber count, content categories), de-identified content descriptions, and aggregated engagement metrics with our AI tools.We do not share personal user information, private messages, or financial information with AI tools.
9.2 AI Data Processing Workflow:
Collecting public information about selected channels or content creators Identifying similar channels using various methods Using AI models like ChatGPT to evaluate and score newly identified similar channels Returning the scored data to the user’s device
9.3 Purpose of AI Data Processing:
Improving content recommendations Assisting content creators in finding similar channels for potential collaborationAnalyzing content trends and popularity
9.4 User Consent for AI Processing:
We obtain explicit consent through clear notifications and opt-in choices
Users can revoke consent at any time in the app settings
9.5 User Rights Regarding AI-Processed Data:
Users can access a summary of their data used in AI processing
Users can request deletion of their data from our AI systems
Contact Us
For any questions or concerns about this Privacy Policy or our data practices, please contact us at:
Email: lijianmin@iftech.io
This Privacy Policy may be updated from time to time to reflect changes in our practices or applicable laws. We encourage you to review this Policy periodically to stay informed about how we are protecting your Personal Data.