On May 25th, 2018, the EU’s General Data Protection Regulation (GDPR) came into effect. This significant legislation created a consistent approach towards data protection across Europe, and grants EU citizens & residents more control over their personal data.
At OpenWeb, we decided to take a proactive and wholesome approach in complying with the GDPR, and have taken this opportunity to enhance the privacy of our entire userbase – not only in the EU but worldwide.
In addition to maintaining internal and external policies and procedures to ensure and reflect our compliance, we developed tools and features to make it easier for our users to exercise the rights available to data subjects under the GDPR – regardless of their location. These tools also help us to better serve our media partners all over the world, as we enable them to build independent, thriving communities while keeping with global privacy standards.
While our services are offered to website publishers and media partners, our users are in fact the readers and commenters of such partners. This page was created to provide relevant information and to address the concerns of such users.
Your Personal Data
There are two ways in which you can use our service:
(1) Integration via Single-Sign-On (SSO) – when you log in to your account at a certain website, the owner of such website shares with us your registration information (usually name & email, without any passwords of course);
(2) Direct signup – prior to posting your first comment via our service, you may sign-up to our service, either by submitting your name, e-mail and (hashed) password, or by connecting your social media account (in which case you will also share with us your public profile picture, date of birth and gender).
In addition to this information, we collect “technical” information about you, similar to any other internet-based service – namely your IP address, device advertising ID, and other information that we may use for advertising purposes (such as date and time, the website and page you are visiting and information gathered by the cookies of our advertising partners).
If you use our service to post comments, content and likes, we keep this information as well as related data on where and when you posted it, and related usage and contextual data available to us.
Why and What do we do with your Personal Data
We collect and process personal data for the following purposes:
Providing our Services & a Personalized User Experience – To provide and operate our services, to verify and authenticate our users, and to provide our users with a personalized user experience (for example: suggesting content that is relevant to you based on your past interests).
Advertising – As part of our services, we help generate an additional adverting-based revenue stream for our partners. We use personal data such as IP address and device advertising ID to provide you with better and personalized advertising experience.
Service Improvement, Research & Analytics – We use aggregated, non-identifiable user information to further develop, customize and improve our service based on common preferences and uses, as well as for statistical and research purposes – for our internal use and for the benefit of our partners.
Security and Protecting Rights – We use and disclose your information (including personal data) to investigate violations and enforce our & our partners’ policies, including to support free speech, reduce fake news and avoid spam and malicious behavior.
Communications – We may use your information to communicate with you – for example, we will use your contact details to respond to your queries or feedback, and to provide you with technical assistance and support.
Exercising your User Rights at OpenWeb
OpenWeb provides its users worldwide with the ability to exercise the rights available to data subjects under GDPR to Rectification, Erasure, Access and Data Portability, as well as the rights to Object to and Restrict the processing of their personal information.
The Users Privacy section available on our platform enables our users to easily request the deletion of their account and personal data from OpenWeb’s servers, to export the data OpenWeb has collected on them and change their account information.
If you wish to exercise any other privacy right that you may have under the laws applicable to you, please reach out to our privacy team at: email@example.com, or to our Data Protection Officer at: firstname.lastname@example.org.
Roles, responsibilities and other “legal” stuff
Controller/Processor: OpenWeb uses personal data of users from different websites across its network. Such use is done by our moderation team (in order to address and prevent any malicious behavior from reoccurring on different websites), and our advertising team (that aggregates user information from multiple partners to provide them with more suitable advertisements). In order to effectively engage in such activity, OpenWeb is required to maintain discretion with regards to personal data of its users, and will therefore typically assume the role of Data Controller with respect to such data.
In other instances, OpenWeb will act as the Data Processor of users’ personal data, meaning that we will process such users’ data on behalf of our partner. If we are then approached by a user whose data we process on a partner’s behalf, we will refer such user to the relevant partner – who is the Controller of their data.
Cross-border data transfers: OpenWeb relies on appropriate legal mechanisms for cross-border transfers of personal data originating in the EEA, such as transferring only to “adequate” jurisdictions which were found to provide a sufficient level of data protection (like Israel), and by self-certifying and adhering to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
Data Protection Officer (DPO): The function of the DPO is required under the GDPR in companies that engage in large scale, regular and systematic monitoring of data subjects.
At OpenWeb, our DPO is responsible for monitoring and advising our ongoing privacy compliance and serving as a point of contact on Privacy matters for data subjects and supervisory authorities. Our DPO, Mr. Aner Rabinovitz, can be reached at: email@example.com
EU Representative: having a European representative is also a GDPR requirement (under Article 27). Our EU representative, Dr. Andreas Mätzler, can be reached at: Schellinggasse 3/10, Vienna 1010, Austria.
Children information: no, nope, no-thank-you! OpenWeb does not direct its services to children under the age of 16, and does not knowingly collect data relating to children.
To Sum Things Up
We care about your privacy!
If you have any questions or comments regarding our privacy practices, or if you would like to exercise any of the privacy and data rights available to you, please feel free to reach out to us at firstname.lastname@example.org or directly to our DPO at: email@example.com