Last updated: May 4th, 2020
This document provides information about Fluuid Platform available on the following address: https://fluuid.live owned and developed by Mindfuture World Ltd with registered office at 160 Kemp House, City Road, London, EC1V 2NX, United Kingdom, further referred to as: “Mindfuture”. Fluuid Platform is a platform that enables chosen brands to display ads on streaming channels being viewed by end-users.
The intention of this document is to provide you transparent information about how the Fluuid Platform works and how your Personal Data is processed by Mindfuture. We realize that some technical terms might sound complicated to you, so this document presents those terms in simple words as well as explains what the goal of Personal Data Processing is.
Mindfuture is firmly committed to protecting the privacy of Internet users and fostering users’ confidence in online advertising and marketing. Accordingly, we are committed to the General Data Protection Regulation (the “GDPR”) as well as any other applicable laws. We continue to evaluate enhanced ways to protect Internet users’ privacy while seeking to deliver relevant advertising and custom online experiences to those users on behalf of our customers.
- API (Application Programming Interface) – A set of routines, protocols, and tools for building software applications; basically, an API specifies how software components should interact, additionally, APIs are used when programming graphical user interface (GUI) components.
- Applicable laws – All the laws and regulations relevant to the processing of Personal Data, especially all the data protection laws, including the General Data Protection Regulation (EU) 2016/679 (the “GDPR”).
- Click redirect – Www technique for making a web page available under more than one URL address. When a web browser attempts to open a URL that has been redirected, a page with a different URL is opened. Similarly, domain redirection or domain forwarding is when all pages in a URL domain are redirected to a different domain.
- Contractor – The party (a streamer) who submits an application by a registration form on our site: https://fluuid.live which is accepted by Mindfuture. The streamer has an account created by Mindfuture and uses the Fluuid Platform.
- Data Processing Agreement (DPA) – A legally binding document entered into between the controller (Contractor) and the processor (Mindfuture) that regulates the particularities of Personal Data Processing – such as its scope and purpose – as well as the relationship between the parties of DPA.
- Customer – An entity that wants to promote its brand or products through a streaming channel on a relevant streaming platform and therefore concluded a contract with Mindfuture to create advertising campaigns in Fluuid Platform’s dashboard.
- HTTP Request Header – The request header of HyperText Transfer Protocol. The HTTP protocol is used all around the world. Almost all content that shows up in the browser you see is transmitted to your computer (or other device connected to the Internet) over HTTP. For example, when you opened this policy in the browser, many HTTP requests have been sent. Each request contains an HTTP header in which there is information about the browser you use, the requested page, the server and much more.
- HTTP Request Parameters – The request parameters of HyperText Transfer Protocol are additional pieces of information transmitted from one device to the other that you might see in the address bar of your browser. They are in the form of name=value pairs separated from the URL by a ?. There might be more than one name=value pair, where each of them are separated by an &.
- IP address – An Internet Protocol (IP) address is a set of numbers that each device has assigned to connect with other device over the Internet network. The IP address allows addressing and delivering the information to the right receiver. Every time a piece of information is sent, a device needs to communicate with other devices in a computer network to be able to deliver the message. Sending information in that context means every kind of activity such as surfing, exchanging emails, or downloading an application. The IP address is used to identify the device to which the message is supposed to be sent and find the best way to deliver it.
- Personal Data – Any information relating to an identified or identifiable natural person as defined in Applicable laws, particularly in article 4.1 of the GDPR.
- Processing – Any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction (process, processes and processed shall have the same meaning), as defined in Applicable laws, especially in article 4.2 of the GDPR.
- Request Time – The time of a webpage request; we record the time it was processed at the time the action (clicking on the advertising link) was done therefore we are able to store the information about the visit.
- User agent – Information about a device, operating system, web browser is being used to access a relevant live streaming channel on which the advertisement is viewed.
- You (end-user/viewer) – A person who visits streaming channels available at live streaming platforms for gamers such as Twitch, Mixer, YouTube or Facebook.
- Mindfuture’s Role in Personal Data Processing and the Legal Basis for Processing
While our Contractors use Fluuid Platform, we act as a Contractor’s data processor meaning that we process your (end-user’s/viewer’s) Personal Data on behalf of our Contractor under Contractor’s instruction stated in a Data Processing Agreement concluded by us with the Contractor.
If you have questions about or need further information concerning the legal basis on which your Personal Data is collected and used or want to exercise your rights under Applicable Laws, please contact the relevant Contractor (the streamer on whose streaming channel you can see the advertisement and who is also a controller of your Personal Data) using the contact details provided by him/her. Please include also information that will enable him/her to verify your identity within your request.
- What Kind of Personal Data We Process and For What Purposes?
In order to perform our services for Contractors, we collect and process certain information about you and your device i.e. your IP address, User Agent, HTTP Request Header, HTTP Request Parameters, Request Time and nickname (your login used in a certain streaming platform, visible to other users of that platform).
We use them to:
- verify the views and clicks of each advertisement;
- monitor the quality of traffic in order to perform our services and blacklist those sources that generate fake clicks (fraud detection)
- measure the effectiveness of online ad campaigns what helps to address the audience to right advertisements – briefly, to determine how viewers respond to advertisements they see on the streaming channel and therefore create statistics and reports used to perform services by us (reporting, analysis, and optimization).
However we only collect it when you click on an advertisement’s link leading to the page promoting a specific brand or product. IP Address and User Agent may identify a particular computer or device and be considered as Personal Data in some jurisdictions, including the European Union. This kind of data enables us to provide aggregated reporting and analysis of the performance of our Customer’s advertising campaigns.
We do not collect any Personal Data which by itself identifies an individual such as a name and surname, address, phone number, email address unless your nickname used on a certain streaming platform consists of your name and surname.
We also do not collect any “sensitive” or “special categories of personal data” as defined under the Applicable legislation.
- How Do We Collect Personal Data?
We collect Personal Data of end-users (viewers) through the integration of our API (Application Programming Interface) with streaming platforms and click redirect (where HTTP Request Headers and HTTP Parameters are being recorded to help us to count clicks).
- How Long Do We Store Data?
The Personal Data of End-Users collected on behalf of the Contractor is stored using generally accepted security standards on the basis of our Data Processing Agreement. The Personal Data is stored in the Fluuid Platform for the duration of the Terms and Conditions concluded with the Contractor but no longer than for the period of two years from the date of its collection. The process of removing the collected Personal Data from the Fluuid Platform might take up to 10 business days.
- The Transfer of Personal Data
We also inform you that we may disclose your Personal Data to the following categories of recipients on the basis of Data Processing Agreements concluded with our Contractors:
- to our third-party services providers who provide data processing services that support the operation of our services (acting on our behalf), i.e.:
- Amazon Web Services – which provides cloud hosting services and it is a participant of the Privacy Shield Framework; Privacy Shield Framework Principles issued by the U.S. Departure of Commerce, located at https://privacyshield.gov (transborder data processing legal basis)
- Datadog Inc. – which provides analytical services and it is a participant of the Privacy Shield Framework; Privacy Shield Framework Principles issued by the U.S. Departure of Commerce, located at https://privacyshield.gov (transborder data processing legal basis)
- Slack Inc. – which provides internal company communication services and it is a participant of the Privacy Shield Framework; Privacy Shield Framework Principles issued by the U.S. Departure of Commerce, located at https://privacyshield.gov (transborder data processing legal basis)
- Functional Software, Inc. (Sentry) – which provides error and application monitoring services and it is a participant of the Privacy Shield Framework; Privacy Shield Framework Principles issued by the U.S. Departure of Commerce, located at https://privacyshield.gov (transborder data processing legal basis)
- Codewise Gaming Spółka z ograniczoną odpowiedzialnością – which provides compliance and IT services the entity is based in Poland (European Union).
- to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary
(i) under applicable law, and
(ii) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities.
As stated above, in order to ensure that your Personal Data is adequately protected when transferred outside of the European Economic Area (EEA), Mindfuture relies on the EU-U.S. Privacy Shield Program. Privacy Shield is a “partial” adequacy decision, as, in the absence of a general data protection law in the U.S., only the companies committing to abiding by the binding Privacy Shield principles benefit from easier data transfer. In such cases your Personal Data will be transferred to the territory of the USA in accordance with Applicable laws, with appropriate safeguards in place, to Privacy Shield certified vendors (according to the EU Commission Decision 2016/1250).
Your Personal Data may also be transfer to an entity outside the EEA by using standard contractual clauses adopted by the European Commission (EU Commission Decision on standard contractual clauses for the transfer of Personal Data to processors established in third countries under Directive 95/46/EC (the “Model Contract Clauses”), or based on other applicable transborder data transfer mechanisms.
You may also learn more about:
- Privacy Shield Program here https://www.privacyshield.gov/Program-Overview and here https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en.
- EU Commission Decision on standard contractual clauses for the transfer of personal data to processors established in third countries here https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087 and here https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.
VII. Security of Personal Data
Moreover only qualified and authorized employees are permitted to access Personal Data and they may do so only for permitted business functions. We also appointed a Data Protection Officer who in particular watches over the security of Personal Data and monitors our compliance with the GDPR.
VIII. Contact Details
Mindfuture World Ltd.
The Future Works, Brunel Way, Slough SL11FQ, United Kingdom
Tel.: +44 207 859 4402
However, please remember that to exercise your rights regarding your Personal Data you should generally contact the relevant Contractor (the streamer on whose streaming channel you can see the advertisement and who is also a controller of your Personal Data) using the contact details provided by him/her.