This document provides an overview of how MobileXCo collects, stores and uses confidential information collected on behalf of our clients with respect to the delivery and management of our Purchase-Linked Promotion™ experiences through Tether™, our proprietary software application. The underlying principle that applies across all MobileXCo interactions with this information, including Personally Identifiable Information (PII), is that we are the custodians of that data on behalf of our client. As a result, we have a fiduciary duty towards the safety of that data.
Each section below is modeled after the ten (10) principles identified by the government as Canada as the guidelines to be followed by any business that collects, stores and uses sensitive customer data in regular business operations, found here: https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/p_principle/.
An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the legislation’s privacy principles.
MobileXCo: All inquiries related to privacy and data security, including challenges regarding compliance or the handling of sensitive data should be addressed to privacy@mobilexco.com. They will then be routed to the appropriate contact person, depending upon the nature of the inquiry.
The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
MobileXCo: MobileXCo is the “custodian” and not the primary owner of the data we collect on behalf of our clients. Purchase-Linked Promotions™ all have a set of participation terms and conditions and/or rules and regulations that govern them, including with respect to the collection, treatment and use of customer data. These documents are reviewed and approved (or provided) by our client’s legal representatives prior to the collection of any customer data. MobileXCo strongly recommends that the data collected and the purpose of the collection is clearly defined within these documents. These rules and regulation are linked to from all Purchase-Linked Promotion™ web pages and electronic communications.
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
MobileXCo: MobileXCo follows the standard practice of requiring all those registering for a Purchase-Linked Promotion™ to click a checkbox agreeing to participate. Similarly, for any additional marketing subscriptions that might be on the form. These checkboxes are always unchecked by default.
The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
MobileXCo: MobileXCo believes that PII is a liability. Therefore, we consult our clients to collect only the information required to execute their Purchase-Linked Promotions™. For example, a digital redemption code doesn’t require the collection of a complete mailing address, unless there are limited quantities by region, at which point only and Province or Postal Code is needed to meet the criteria for participation/qualification.
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.
MobileXCo: By default, MobileXCo removes PII associated with each Tether ‘Client’ account two years (24 months) after the completion of the most recent Purchase-Linked Promotion™, unless instructed to do so earlier by the client.
Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
MobileXCo: MobileXCo will generally allow people who participate In Purchase-Linked Promotions™ to update address information when a physical prize has been earned. Depending upon the nature of the program, address data can either be edited by the participants themselves, or a request can be submitted by email and an authorized MobileXCo staff member will make the requested change on their behalf.
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
MobileXCo: MobileXCo securely stores all data in the AWS Cloud, encrypting it both at rest and in transport. All MobileXCo employees use a combination of passwords and a non-SMS, two-factor-authorization service to access Tether™. This access control can also be applied to Clients who are to have access to Tether™ for reporting and/or consumer support services.
An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
MobileXCo: In accordance to the role of MobileXCo as custodian of the data, and similar to #2 Identifying Purposes, Purchase-Linked Promotions™ are governed by the Client’s corporate Privacy Policy. MobileXCo also maintains a Privacy Policy that can be found at https://tetherxmp.com/privacy.
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
MobileXCo: The process for requesting an individual’s PII and requesting an amendment to it is outlined in the MobileXCo Privacy Policy that can be found at https://tetherxmp.com/privacy.
An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance.
MobileXCo: All inquiries concerning privacy and data security, including challenges regarding compliance, should be directed to privacy@mobilexco.com. They will then be routed to the appropriate contact person, depending upon the nature of the inquiry.