a) Information that you add to your iRULE profile (as an individual)
The information in your iRULE profile will be used for three separate purposes:
- Login with iRULE. It allows us to provide a “personal data wallet” service that spares you the trouble of creating and maintaining multiple user accounts across a myriad of third-party services while ensuring full transparency and control over the amount of data accessed by such third parties.
- In-app promotions. It allows businesses participating in PrivacyCloud’s Trusted Brands program to define and publish special offers (“iRULE Offers”) on the basis of your own personal profile, provided that you have previously agreed to connect with each specific Trusted Brand. iRULE Offers do not require direct access to your personal details.
- Single point of access. It helps you, and the businesses you have connected with, consolidate all of the data that a specific Trusted Brand holds about you in a manner that is open, transparent, and easy to manage by both parties. This will be conditional to: a) your specific and granular consent with regards to the data points that Trusted Brands will be able to import into their own systems through the verification email provided for each of them; b) PrivacyCloud’s auditing of the manner in which each Trusted Brand has implemented its GDPR obligations, with particular attention to the availability of open protocols for the exercise of your data subject rights through self-service tools.
PrivacyCloud acts as a Data Controller for all purposes (as defined by article 4.7 of the GDPR). Insofar as they represent our primary value proposition to you, we rely on legitimate interest as a legal basis for purposes #1 (Login with iRULE) and #2 (In-app promotions). Both PrivacyCloud and any third parties participating in the Trusted Brands program rely on your unambiguous, specific consent as a legal basis for purpose #3 (Single point of access). As long as iRULE ceases to be the point of control and self-service for your data, Trusted Brands accessing your information as a consequence of purpose #3 (Single point of access) will act as independent Data Controllers.
We will only keep your data for as long as it is necessary for the provision of the services being offered. Any data points stored in your iRULE account will be removed whenever they cease to be required as part of your identity management or the definition of iRULE Offers.
Closing your iRULE account will trigger a complete deletion of your data. Propagating such deletion through our servers will take up to 30 days.
b) Information that you facilitate as a business contact
c) Contact details that you provide when submitting a form on iRULE.co or iRULE.es
We will use your email address to get back to you if and when the business you have suggested has joined the Trusted Brands program, as well as to notify you of any changes related to the manner in which such business is facilitating the exercise of your data subject rights.