1. Information We Explicitly Request
In order to sign up for a MelaTop account and use the service, we require some simple information like a name, email address and/or account authorization via Facebook, Twitter, YouTube, etc. When you enter this information, MelaTop stores it so your account may persist, and to help us keep a record of your activities on the service.
Additionally, MelaTop may request and collect financial information including tax ID or other information necessary to receive or render payment.
2. Information Provided from the Use of Our Service
Occasionally MelaTop will collect certain kinds of information about how/when you use the service, like when you visit a link generated by the MelaTop service, or post an ad to a social media account. This information includes:
- Log Information - This can include details of how you used the service/arrived at the service, your IP address, and cookies which may uniquely identify your account or browser.
- Device Information - In order to better serve our customers, MelaTop occasionally collects data about the types of devices which access our service, including hardware models, operating system versions, unique device identification and mobile network information, including phone numbers.
- Location Information - When you access the MelaTop service from a device, or connect a location-aware social media account, MelaTop may store location information in order to better serve our users and customers.
- Local storage - We may collect and store information - including personally identifiable information - locally on your device, using cookies, browser web storage, and application data caches, among other sources.
MelaTop may combine information we obtain from business partners or other companies, such as our social media partners, with information MelaTop has collected about you in order to serve you better or optimize the functions of the Service.
MelaTop may set and access MelaTop cookies on your computer. MelaTop uses these cookies in connection with MelaTop products and services.
This site, like many others, uses small files called cookies to help us customise your experience. Find out more about cookies and how you can control them.
This page contains information on what cookies are, the cookies used by the ShegerPlus’s website, how to switch cookies off in your browser, how to specifically switch off advertising cookies, and some useful links for further reading on the subject.
What are cookies?
Cookies are small text files that are stored by the browser (for example, Internet Explorer or Safari) on your computer or mobile phone. They allow websites to store things like user preferences. You can think of cookies as providing a ‘memory’ for the website, so that it can recognise you when you come back and respond appropriately.
A visit to a page on the Guardian’s website may generate the following types of cookie:
- Anonymous analytics cookies
- Geotargetting cookies
- Advertising cookies
- Third party advertising cookies
Anonymous analytics cookies:
Every time someone visits our website, software provided by another organisation generates an “anonymous analytics cookie”. These cookies can tell us whether or not you have visited the site before. Your browser will tell us if you have these cookies and, if you don’t, we generate new ones. This allows us to track how many individual users we have, and how often they visit the site. Unless you are signed in to the ShegerPlus, we cannot use these cookies to identify individuals. We use them to gather statistics, for example, the number of visits to a page. If you are logged in, we will also know the details you gave to us for this, such as your username and email address.
These cookies are used by software which tries to work out what country you are in from the information supplied by your browser when you click on a web page. This cookie is completely anonymous, and we only use it to help target our content – such as whether you see our UK or US home page – and advertising.
These cookies allow us to know whether or not you’ve seen an advert or a type of advert, and how long it is since you’ve seen it.
We also set anonymous cookies on certain other sites that we advertise on. If you receive one of those cookies, we may then use it to identify you as having visited that site if you later visit the ShegerPlus. We can then target our advertising based on this information.
Third party advertising cookies
A lot of the advertisements you see on the ShegerPlus are provided by other organisations. Some of these organisations use their own anonymous cookies to track how many people have seen a particular ad, or to track how many people have seen it more than once.
The companies that generate these cookies have their own privacy policies, and we have no access to read or write these cookies. These organizations may use their cookies to anonymously target advertising to you on other websites, based on your visit to the ShegerPlus.
Other third party cookies
On some pages of our website, other organisations may also set their own anonymous cookies. They do this to track the success of their application, or to customise the application for you. Because of how cookies work, our website cannot access these cookies, nor can the other organisation access the data in cookies we use on our website.
For example, when you share an article using a social-media sharing button (for example, Facebook) on the ShegerPlus, the social network that has created the button will record that you have done this.
How do I turn cookies off?
It is usually possible to stop your browser accepting cookies, or to stop it accepting cookies from a particular website. However, we cannot tell if you are signed in without using cookies, so you would not be able to post comments.
All modern browsers allow you to change your cookie settings. You can usually find these settings in the Options or Preferences menu of your browser. To understand these settings, the following links may be helpful, or you can use the Help option in your browser for more details.
Cookie settings in Internet Explorer
Cookie settings in Firefox
Cookie settings in Chrome
Cookie settings in Safari web and iOS.
General Data Protection Regulation
It’s important to define the roles played by you and any 3rd party with whom you rely on to process EU personal data:
- GDPR distinguishes between data “controllers,” ”processors,” and “subprocessors.”
- A data controller is a "natural or legal person...which, alone or jointly or with others, determines the purposes and means of the processing of personal data."
- A data processor is any person (other than an employee of the data controller) who processes data on behalf of the data controller.
- You may be a controller for some purposes and a processor for other purposes (for example, controller of any EU employee data and processor of customer data).
Keep record of the following :
- Purpose: For what purposes is it collected?
- Data Subjects: Who does the personal data relate to?
- Categories of Personal Data: What personal data is received?
- Recipients: To whom is it sent?
- Data Transfers: Where is it sent? Where is it stored?
- Retention Periods: For how long is it kept?
- Technical and Organizational Measures: How is it protected?
GDPR requires data controllers to execute data processing agreements (DPAs) with each of its processors. Processors are obligated to put DPAs in place with sub-processors that will be further processing the controller’s data.
In a DPA, data processors commit to:
- Maintain security procedures that protect the confidentiality of personal data and ensure staff with access to personal data maintain confidentiality;
- Limit access to personal data to those required to have access;
- Permit audit by data controller to confirm GDPR compliance;
- Notify the data controller of security breaches;
- Return or delete customer data upon request at the end of the contractual relationship; • Be liable for any actions of its sub-processors; and
- Allow data controllers the right to refuse to allow additional sub-processors to have access to their data.
Most important to get Consent
- GDPR requires consent to be, “specific, informed, unambiguous, active and freely given.”
- One alternative to consent is establishing the existence of a “legitimate interest” to process data.
- Further guidance is expected on both consent and legitimate interest.
LEGITIMIZE CROSS BORDER DATA TRANSFER
Publishers and app developers outside of the EU must also have an approved mechanism for transmitting any EU personal data outside of the EU. For many, Privacy Shield certification will be the simplest method to implement.
- If Privacy Shield certification isn’t possible or personal data is transferred from the EU to non-US countries consider the EU standard contractual clauses.
- Check out OpenX’s guide on how to become Privacy Shield certified
CREATE/UPDATE POLICIES AND PROCEDURES
- GDPR requires more detailed disclosures in privacy policies and terms and conditions.
- Consumer-facing privacy policies should, among other things, provide information about data subjects’ rights.
- Security Policy
- Data Breach Policy
- Data Retention Policy (and shorten existing retention periods where possible)
- Employee training on confidentiality, privacy and security
- Evaluate whether you need to designate a Data Protection Officer.
- Confirm you have means to correct inaccuracies, delete personal data (the “right to be forgotten”) or, if applicable, deliver personal data upon request.
- Review your policies and procedures regularly and make sure GDPR ownership (and awareness!) is shared with key internal stakeholders (engineering, product, HR, finance)
LIVE "PRIVACY BY DESIGN" Work with internal teams to ensure that going forward:
- The minimum amount of personal data is collected.
- The purposes for data collection are clearly disclosed.
- Services are designed with data security in mind.
- Personal data is kept for the minimum time necessary to accomplish the purpose it was collected for.
- Be agile as further guidance or enforcement require modifications to your GDPR approach. Know your partners!
- GDPR imposes joint and several liability on controllers and processors.
- Smaller companies without a serious commitment to GDPR compliance and the resources to get and stay compliant put your company at serious financial risk.
- Choose to work only with established partners you trust and carry out thorough diligence on new partners.
Contents of Items
The contents of any item that you post directly to the Site, including any text, images, photos, videos and audio, are stored and maintained on our servers in order to publish these items and provide the Service. Your submitted content will be associated with your account.
Confidentiality and Security
We limit access to personal information about you to employees or third-party agents who we believe reasonably need to come into contact with that information to provide products or services to you or in order to do their jobs. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
This Policy only applies to the MelaTop website and services. We do not exercise control over the sites that our service links to. These other sites may place their own cookies or other files on your computer, collect data or solicit personal information from you. We encourage you to read such privacy policies of any third-party sites you visit. It is the sole responsibility of such third parties to adhere to any applicable restrictions on the disclosure of your personally-identifying information, and MelaTop shall not be liable for wrongful use or disclosure of your personally-identifying information by any third party.
Financial information, including Bank acccount information, Amole wallet and other financial information is stored using industry-standard security by MelaTop and will not be shared with third parties except where such parties are necessary to process payment.
MelaTop is not intended for use by children. Anyone under the age of 13 is not permitted to use the Service and must not attempt to register an account or submit personal information to the Service. We do not knowingly collect any personal information from any person under the age of 13 or allow them to register an account. If MelaTop learns it has unknowingly collected this information it is deleted as soon as possible. If you have reason to believe MelaTop has collected this data or are a parent or legal guardian who is concerned their child or ward has accessed the service, please contact us by email at support (at) melatop.com