N.Rich Data Privacy Approach
Summary presentation (pdf)
Introduction: Anonymisation and pseudonymization of personal data
At N.Rich (N Technologies Inc.) we take end-user privacy seriously. N.Rich collects and retains personal data in the form of cookies from end-users, our clients want to target, or whose behavior they wish to understand better. We focus strictly on B2B clients, so our objective is to only track and target people based on their association with a company (legal entity).
N.Rich is fully EU General Data Protection Regulation (GDPR) and California Consumer Protection Act (CCPA) Compliant.
We do not want to find out the exact identity of an individual and take active measures to preventing such identification. However, we do have from time to time a possibility of identifying a person through email address for example. In such cases, we never store any such information as such, but take measures to prevent identifying the person through a pseudonymization process (for example discarding or obfuscating the personally identifying part of the data). We honor information requests from end-users bearing in mind that it may be difficult or impossible for us to verify the association of the individual to the data (e.g. in the case of cookie it is expected to require extraordinary measures for a person to verify a one-to-one relationship of his/hers to the cookie).
Understanding N.Rich contractual framework for end-user privacy
The contractual foundation of N.Rich privacy are the following documents:
N.Rich Privacy Notice is the agreement between the end-user and N.Rich about the processing of personal data. It is mandatory that end-users accept the terms of N.Rich privacy notice when browsing your website.
Section 8, “Data Processing” of N.Rich General Terms, which is a part of N.Rich customer agreement, defines the roles and responsibilities of end-user privacy protection between N.Rich and the customer. A valid agreement between N.Rich and the Customer is mandatory for these roles and responsibilities to be defined.
8. Data Processing
Client warrants that it has the right to disclose the Client Data for the performance of the Service for further Processing by N.Rich in the manner described herein and on N.Rich Privacy Notice.
The Client warrants that when Client website loads the N.Rich Standard Tag, the visiting user has provided Cookie Consent and has had a reasonable possiblity for reviewing the terms of N.Rich Privacy Notice prior to providing the consent, for example through a link on the Client website’s cookie notice. If Cookie Consent has not been provided, the Client must use N.Rich Cookieless Tag.
In accordance with the Privacy Notice (and unless otherwise set out therein), if the data N.Rich receives includes information that could allow N.Rich to identify the natural person(s) concerned, N.Rich shall, before any further use of the information, take measures to transform the data so that it can either be no longer attributed to a specific Data Subject at all (“anonymization”) or so that it can be attributed to a specific Data Subject only with additional information that is kept strictly separate from and never combined with the said Personal Data (“pseudonymization”). For the avoidance of doubt, if and to the extent any data that has undergone pseudonymization may still be considered as Personal Data, N.Rich shall be considered the Controller for such data, and the data shall be Processed as described in the Privacy Notice.
To the extent the Service includes the use of Facebook’s Custom Audiences feature, and any personal data received from Client is shared with Facebook for that purpose, Client shall hereby accept and be bound by the Facebook Custom Audiences Terms as available and updated at Facebook’s website (https://www.facebook.com/legal/terms/customaudience).
N.Rich warrants that is shall use Client Data and Other Data only for the purpose of ad targeting, advertisement delivery, audience measurement, traffic analysis or demographic analysis, all to be carried out through the use of the Service.
Anything herein to the contrary notwithstanding, it is hereby acknowledged that N.Rich does not sell any Personal Data which may derive from such Client Data and/or Other Data to third parties and shall only use it for purposes described in the paragraph above. Without derogating from the generality of the foregoing, in the event that N.Rich sells such Personal Data, it may only do so subject to providing a valid right to Opt-Out.
Legal basis of processing personal data
N.Rich operates using opt-in or “legitimate interest” as the purpose of processing end-user personal data. The main sources for opt-ins are IAB Transparency and Consent Framework (TCF) and client website “cookie consent”.
| Advertising | Customer website |
|---|---|---|
Permission for processing personal data from end-user | Permission to process personal data provided to N.Rich from IAB TCF | Permission to process personal data provided from client website cookie consent. |
No permission available | The website in which the ad appears is not IAB TCF compliant, and N.Rich has not previously obtained opt-in or opt-out so it’s not possible to determine permission status. | Customer website is not using a mandatory cookie consent. |
End-user has opted out | End-user can opt-out using a menu on N.Rich native advertising formats or from a special cookie associating the N.Rich cookie that includes a link to the opt-out page. | End-user can opt-out using the opt-out link included on the N.Rich privacy notice and preferably also on the customer’s privacy/cookie notice. |
If you have any questions about N.Rich approach to end-user privacy, please feel free to contact: privacy@n.rich