GlowIndex respects your privacy and is committed to protecting any of your personal data we collect. This Policy will inform you as to how we cater to your personal data, this includes when you visit our Website, the Platform, the use of our Plugin and how our services are used, moreover, including your privacy rights and how the law protects you.
We would like to make clear that while we do collect personal data, our goal is to collect and use your Local Business data (which may be the same as your personal data, depending on your entities’ situation) for marketing and advertising purposes targeted towards your benefit.
We will never sell your personal data to a third party.
Purpose of this policy
This Policy aims to give you information on how GlowIndex collects, processes and uses your personal data, including the use of the Website, Platform, Plugin, surveys and any other service we offer.
To use our services you agree to be 18 and over, thus the services we offer are not intended for the underaged and we do not knowingly collect data relating to children.
It is important that the policy be read in depth and carefully, including other privacy notices, which supplements rather than overrides.
Controller & Processor
GlowIndex is the controller, & processor of your data, and we are responsible for our Website, the Plugin, the Platform, the Backend and the services we offer, however, the ownership and responsibility of any data catering to Local Businesses are at the discretion of said Local Businesses. Thus we do not edit, or manipulate data provided by Local Businesses to be shown using our platform.
Moreover, we process Local Business Data (what Local Businesses provide) on third party Platforms (Publishers) who act as Processors, and are thus required to be compliant with the GDPR, whose responsibilities are spelt out in their contract with GlowIndex, about data management, data protection, and reporting of data breaches.
Our Data Protection Officer (DPO) is responsible for overseeing questions in relation to this policy for the services we offer. If you have any questions, including requests to exercise your legal rights, please contact the DPO using the details set out below.
49 Perikleous, Neo Psychiko, Athens, 15451
Third Party Links
The services we offer may include links to third party Websites, Plugins, and applications, who we have verified to be GDPR compliant. Clicking on these links, or enabling its connections may allow third parties to collect or share data about you. We do not control said third party websites and are not responsible for their privacy statements. When leaving our applications, or those of our clients, we encourage you to read the privacy notice of every website you visit.
The data we collect about you
Personal data, or personal information, refers to any information about an individual from which a person can be identified. This does not include any data where the identity has been removed, considered anonymous data.
We may collect, use, store and transfer different kinds of personal data about you, as follows:
- Identity Data – Includes first name, last name, Username or similar identifier, title(s), photos or other images of Local Businesses and Publishers.
- Contact Data – Billing/Delivery/Email addresses, telephone numbers and any social media accounts used to contact us or using the service of Local Businesses and Publishers.
- Financial Data – Bank accounts and payment details (card), of Local Businesses and Publishers.
- Transaction Data – Details about payments to and from you, and other details of products and services you have ordered, or commissioned from us, of Local Businesses and Publishers.
- Profile Data – Usernames and passwords used to access our systems, commissions or orders made by you, your interests, preferences, feedback and any survey responses, of Local Businesses and Publishers.
- Usage Data – Information about how you use our Website/Plugin/Platform and our services, of Local Businesses and Publishers. This information is accessed through the Backend, and is only available to authorized GlowIndex employees.
- Marketing and Communications Data – Your preferences in receiving marketing from us and our partnered Publishers, and any third parties made known to you and your communication preferences, for Local Businesses.
- Web Data – This includes IP Addresses, your Location and Cookie Data. We receive this data from Google Analytics. This is intended for any Users of our service. You can find Google Analytics’ Terms of Service here. Moreover, if you wish to know how Google collects information, and how you can control it, click here.
We also collect, use and share Aggregated Data, such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data, but is not considered personal data in law as this data does not directly or indirectly reveal your identity.
We do not collect any Special Categories of Personal Data (i.e racial/ethical/political/religious/etc) about you or any information about criminal convictions and offences.
Failing to provide personal data
When required by law or terms of contract, we will need to collect personal data. If this data has failed to be provided when requested, we may not be able to perform the contract we have or are trying to enter, to allow you to use our services. If this occurs, we may have to cancel the payment for the service, and may be subject to fees.
How is your personal data collected?
We use different methods to collect data from you, by:
- Direct Interactions – By giving us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email, social media or otherwise. This includes personal data you provide when:
- Order for our services (by telephone/emails/Plugin/Platform)
- Creation of an account on our system
- Entering of a survey/promotion
- Making a general inquiry about our services
- Giving us feedback
- Third Parties or Publicly Available Sources – We may receive personal data about you from various third parties and public sources as set out below:
How we use your personal data
The use of your personal data will only be used when the law allows us to. The most appropriate and used methods to using your personal data are:
- Contract obligations
- When necessary for our legitimate interests, or that of a third party, and your own interests.
- When we are required to comply with a legal or regulatory obligation
- Improving our services or products
- Direct Marketing
GlowIndex uses data which you have provided to us in accordance with accepting the Terms & Conditions. This data will be processed by us, and may be shared with relevant third parties, such as Google Analytics, Publishers and/or Strategic Partners. If you wish to terminate the use of some of these services, or wish to enact your “Right to be Forgotten”, please contact us at firstname.lastname@example.org with your request and reason and we will get back to you.
Moreover, we do not automate any decisions with your personal data.
Entities – Data collection, method and use
-The Website holds information about our services.
-We use Google Analytics for the improvement of the performance on the Website.
-The Platform uses Google Analytics to better improve user experience, and to record said user experience.
-Sign up/Log in cookies are required to be able to keep you signed in and keeps your preferences intact for your next sign in.
-The data entered in the Platform, which is directly linked to the Backend, holds information which the Local Businesses and Publishers provide us with. This could be personal data and/or business data provided at your own discretion. We use this data to be able to better match Local Businesses to their niche Content Publisher (and vice versa), use the information for advertising purposes on the behalf of Local Businesses and Publishers, we provide the level of performance of Local Business advertising, and the Local Business will be able to compare its effectiveness with other Local Businesses.
-The Plugin is used only by Publishers, as to setup our Business Directory service on their website, by connecting the data from the Backend to their website to visibly advertise Local Businesses to the Content Publisher’s audience.
-Publishers using the Plugin (and our services) are required to adhere to the GDPR policies set by law. This means Publishers (and any other partners) must adhere to not sell, advertise, tamper, and must protect the personal information of the Local Businesses. Failure to do so will result in the consequences outlined in 5.5.2 of our Terms and Conditions. The Privacy Data the Publishers must adhere to protecting are:
~Basic personal identity information (Name/Address/ID Numbers/etc)
~Web Data (Location/IP Address/Cookie data/etc)
~Any Racial/Ethnic data/Political opinions/Sexual orientation/etc
~When getting in contact with a Local Business, sending a message through our integrated form will collect and process your email address and the message’s contents.
-This will hold all the information registered and collected for Local Businesses and Publishers. This includes Basic personal data, Basic business data and any financial data related to the Local Businesses and Publishers.
-Access to the Backend is limited to developers in GlowIndex and any key personnel for improvements of our service and their process.
-The Backend allows us to approve Publishers, & Local Businesses, adhere to any requests/connections, and monitor data related to Local Businesses, Publishers and our service.
Purposes for which we will use your personal data
In this section we have described the different ways we plan to use your personal data, which are of legal bases, and our legitimate interests when appropriate.
We may process your personal data on more than one lawful ground depending on the specific purpose we are using your data. If you need details about the specific legal ground we are relying on to process your personal data, please contact us.
For every section, we will present the Activity, the Type of data we collect, and a Legitimate reason for collecting such data.
|Activity/Purpose||Type of Data||Reason for Collecting|
|Registration as new customer or account holder||● Identity
|To create, enter and perform in a contract with you|
|Processing or Delivering of a Service
● Payment/Fees/Charges Management
● Collection and Recovery of money owed to us
● Transference of your details onto customers, technology providers and our administrative purposes
● Marketing & Communicational
|● Performing in a contract with you and customer
● Necessary for tax/legal liability purposes/recovering of any outstanding debt owed to us
|Management of relationship with you
● Notification of change of our terms (Privacy/Service/Cookies)
● Asking you to take a survey
● Marketing & Communicational
|● Performance in a contract with you
● Complying with Legal Obligations
● Record Updating/Legal & Tax obligations/Study and Analysis of how our customers use our products/services to improve them
|Administration and Protection of our Website, Platform, Backend & Plugin:
Troubleshooting● Data Analysis
● System Maintenance
● Hosting of Data
|● Necessary for running our business/provision of IT & Administrative services/Network security/Prevention of fraud/Reorganization of data
● Compliance for legal obligations
|Delivering relevant content and advertisements, and measuring its effectiveness towards you||● Identity
● Marketing and Communications
|● To Study & Analyze customer usage of our products/services, their development,
● Growing our business
● Adapting our marketing strategies
|Data Analytics to improve our:
● Website, Platform, Backend & Plugin
● Customer relationships & experiences
|● Keeping our Website, Platform, Backend & Plugin updated and relevant
● Defining types of customers for products/services
● Development of our business
● Adaption of our marketing strategy
|Suggestions & Recommendations to you about goods/services which may be of interest||● Identity
|● Development of our products/services
● Growing our business
Change of Purpose on Data Usage
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. For any changes which are not compatible to the original reason, we will notify you, and you are able to request your “Right to be Forgotten”.
If we are required to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, where this is required or permitted by law.
Disclosures of your data
We may have to share your data with select parties depending on the circumstance.
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets, this may include Publishers we partner with, which is limited to your business data and equivalents of your choosing. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law, and must be GDPR compliant. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data in a limited way for specified purposes and in accordance with our instructions.
We wish to notify you, that any personal data which we may move will either be encrypted, or anonymized depending on what we are looking to use it for. If the data is to be encrypted, we will continue using it as outlined in this policy. If the data is anonymized, it will be used as statistical data instead.
- We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
- Any and all of your data is stored in our Backend system, with dedicated servers.
- We encrypt your personal data with SSL.
- All of your personal data is limited to the people who can view it. This includes our employees, agents, contractors, and other third parties, including Publishers.
- Any data Publishers can access is limited and Publishers have signed an NDA (Non-Disclosure Agreement) to protect your data and hold the Publisher liable for any mishaps.
- We believe in the concept of employee accountability. Thus, any employee who has access to the Backend, which are few and authorized, are accountable for any mistakes they make regarding your personal data. This is a serious offence and consequences of this kind of offence are inevitable.
- Furthermore, from all of the authorized employees who have access to the Backend, none of them have full access to all the information.
- Additionally, we have put in place a procedure to deal with any suspected personal data breaches and will notify the DPA (Data Protection Authority) and announce a public statement across all of our channels (Social Media/Platform/Website) within 72 hours of being notified. This is all in accordance with the GDPR requirements.
How long will you use my personal data for
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers and employees (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers or employees for tax and legal liability purpose, but we also keep this information to make it easier for customers to make new, follow-on or repeat service orders. We will seek to renew consent for marketing communications on a periodic basis.
In some circumstances you can ask us to delete your data.
In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data:
- Request access to your personal data (Outside of Platform capabilities)
- Request correction of your personal data (Outside of Platform capabilities)
- Request erasure of your personal data (Outside of Platform capabilities)
- Object to the processing of your personal data (Greek Law 2472/1997, Articles 11-13 on protection of individuals from the processing of personal data)
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
- Right to lodge a complaint with the Data Protection Authority (DPA).
If you wish to exercise any of the rights set out above, please contact us.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one week. Occasionally it may take us longer than a week if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated