DespiteMedia Privacy and Data Protection Policy
1. Policy Scope
The Policy is designed to regulate the collection, maintenance and use of Consumer Personal Information generated as a result of contractual relations between DespiteMedia, the Operator and the Content Provider or Developer in all aspects relating to the publication and use of APIs, Network Capacities, Software Development Kits (SDKs) and Other Services for development through the Developer Platform, as well as all matters relating to the loading/use of Contributions and Applications and/or marketing of the Applications by the Developer albeit in the Operators’ Applications Stores, or through any other channel for the use of Consumers.
2. Consumer Data Protection
DespiteMedia is entrusted with the confidentiality of millions of peoples’ communications and for managing volumes of personal information. We continue to foster the trust and confidence of customers and employees in the way we handle their personal information and provide services.
This Policy concerns the handling of customer personal information, which includes the collection, storage, access, use, updating, disclosure, disposal, destruction or any other processing of such information. It is intended to provide a comprehensive set of rules for the management of customer personal information throughout the customer lifecycle, including DespiteMedia may collect and maintain information on individual Consumers reasonably required for its business purposes. Consumers may provide their personal information when they access, use or sign up to DespiteMedia’s Services or its Products and Information contained thereof, either on DespiteMedia’s Platforms or Third-Party Platforms supported by DespiteMedia’s Products/Platforms. Information may include but not limited to name, email address, postal address, telephone or mobile number or date of birth, depending on the activity the Consumer engages in. By submitting their details, Consumers enable DespiteMedia (and where applicable its contractors and affiliates) to provide Consumers with the services, activities or online content they select.
It is the policy of DespiteMedia that; the collection and maintenance of information on individual Consumers shall be—
(a) fairly and lawfully collected and processed;
(b) processed for limited and identified purposes such as serving recommendations to the consumer
(c) relevant and not excessive;
(e) not kept longer than necessary;
(f) processed in accordance with the Consumer’s other rights;
(g) protected against improper or accidental disclosure; and
(h) not transferred to any party except as permitted by any terms and conditions agreed with the Consumer, as permitted or required by applicable laws or regulations.
DespiteMedia shall meet generally accepted fair information principles including:
(a) providing notice as to that individual Consumer information they collect, and its use or disclosure;
(b) the choices Consumers have with regard to the collection, use and, disclosure of that information;
(c) the access Consumers have to that information, including to ensure its accuracy; and
(d) the security measures taken to protect the information, and the enforcement and redress
mechanisms that are in place to remedy any failure to observe these measures.
These rules apply to individual Consumer information whether initially provided verbally or in written form, so long as that information is retained by DespiteMedia in any recorded form.
3. Third Party Actions
3.1 API's that can allow third parties to access personal user data generally requires an extension to normal data privacy terms. For example, for APIs that allow third parties to develop applications which users of the service will use to access their own data, their data will most likely pass through the Third party’s servers or code.
3.2 The Management of the Third party shall be committed to implement and adhere to the privacy and data protection policy of DespiteMedia.
3.3 The Third party shall sign a Non-Disclosure Agreement or an Agreement with a confidentiality clause which mandates that the Third party shall not disclose any information related to DespiteMedia which is identified as ‘Restricted’, ‘Confidential’ or ‘Internal’ to DespiteMedia. The Third party shall ensure that they read, accept and sign the Non-Disclosure Agreement/Agreement with the relevant confidentiality clause provided by DespiteMedia.
3.4 Controls shall be in place so that information assets or information processing environment used for providing services to DespiteMedia/Consumers are physically/logically segregated from other customers.
3.5 This is true even if authentication patterns such as openAuth are used. OpenAuth simply means username/password credentials do not need to be shared with third parties, but –once authorized –applications may still access user data and hence privacy guidelines need to strictly apply to API usage.