Privacy Policy

Data Privacy Notice
Effective Date: 11 April 2022 

This privacy statement applies to our website at multiplied.co, our service at multiplied.studio, our platform at api.furu.dev, api.multiplied.dev and multiplied.cloud and our dynamic creative platform operated by Multiplied Studio (Pty) Ltd. We provide dynamic creative and personalisation for customer communications and our clients and partners use our products and platform to create and deliver relevant and context aware dynamic media and intelligent communication.

This privacy statement describes how Multiplied Studio (Pty) Ltd (‘Multiplied Studio’, ‘Multiplied’,‘We’, ‘Us’ or ‘Our’) collects and uses the personal information you provide on our web sites at multiplied.co, multiplied.studio, api.furu.dev, multiplied.cloud, api.multiplied.dev (the “Sites”) the personal information sent to us from brands you have an existing relationship with and have your consent and the personal information that we collect through our Data-Driven Content Platform Service (the “Service”). It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting our Sites and using our Service you are accepting and consenting to the practices described in this policy.

For the purpose of the Data Protection Act 2018 (the Act), and the General Data Protection Regulation 2016/679 (the GDPR), and based on client specifications, Multiplied Studio (Pty) Ltd is a data processor. At 80 Strand Street, Cape Town, 8001, South Africa and our Data Protection Officer is Lloyd Hofmeyr who can be contacted by email at privacy@multiplied.co.

1. Information We May Collect About You

Information we are given to be able to give you an experience from our Services (“Data Controller Data”).
Sometimes when you have bought a particular product or are using particular services of our clients, you may be served with personalised experiences or data-driven media from us through that service. We call these providers who have collected your data “Data Controllers”.  

We only ever serve you with a data-driven experience if we are requested to do so by the Data Controller. The Data Controller will ensure that it has all necessary and appropriate consents and notices in place and will honour all opt-out of consumer choice mechanisms as directed by the consumer, before sending the data to us to process the request.

The Data Controller may also pass us other information that they hold about you, such as your first name, age, gender, location, and your preferences (e.g. the product you are using of theirs). We may also supplement this information with further information from third parties. This could include information about your device location, the weather in that location, your interactions with their service or website, or other socio-demographic data about you.

We collect this additional information and combine it in order to provide the most personalised digital experience service to you.

Information you give us as a customer of our services (“Customer Data”). You may give us information about you by filling in forms on our Sites or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you contact us through our Sites, become a customer of our Service, brief us on a campaign or submit a support ticket or otherwise report a problem with our Sites. The information you give us may include your name, address, e-mail address and phone number, company you work for and job position, along with details pertaining to the reason you are communicating with us.

Information we collect about you when you visit our Site (“Website Data”). Each time you visit our Site, we will typically collect the following usage information:
Details of visits to our Sites (which enable our Sites to remember information about you and your preferences) and use of our Sites.  This may include information about your visit, including the full URL, clicks through to and from our Sites (including date and time), pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any data you input into forms on the Sites.Cookies are used on our websites by our third-party providers: we use Google Analytics to produce our analytics (their cookie page is here). You can choose to block cookies in your browser: here's some more information about how to do that if you use Chrome.

2. On What Basis Can We Process Your Information?
The legal grounds for processing your personal data are as follows:
It is necessary for the performance of a contract entered into between you and our partner clients, or to take steps prior to entering into a contract with you, including operating our Sites and Service to perform the features and functionality of the product;
Where you have given us consent to the processing of your personal data for one or more specific purposes;
It is necessary for the purposes of our legitimate interests, except where our interests are overridden by the interests, rights or freedoms of affected individuals (such as you). To determine this we shall consider a number of factors, such as what you were told at the time you provided your data, what your expectations are about the processing of the data, the nature of the data, and the impact of the processing on you. Our legitimate interests are to provide a service to our customers, to improve and to promote our services and products and to better understand our customers’ interests and needs;
Where it is necessary for us to do so, including sharing your information with others, in order to comply with a legal obligation.


3. Uses Made Of Your Information

A. Data Controller Data

We use the Data Controller Data given to us on behalf of our partners and clients to personalise each digital experience that you will be served, making it more relevant to you. We measure your exposure to each experience by tracking the number of times you have requested it, viewed it or clicked it for statistics reporting purposes and for improving our service over time. Nothing we store can be traced back to you as we use a unique and meaningless identifier to refer to the tracking data. We use aggregate trend data to improve the quality of the experiences you will be served in the future and to maintain, improve and develop new services. We occasionally produce reports and analytics for our partners and customers. These reports show aggregate data over time to show historical performance and trends and do not contain personally identifiable data.
Our lawful basis for processing your Data as described above is the consent you have provided to the Data Controller.

B.   Customer Data

We use the Customer Data you give us to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us and to notify you about changes to our service.
Our lawful basis for processing your Customer Data in this way is in order to perform our contract with you.

C.   Website Data

We use the Website Data that we collect to ensure that content from our Sites is presented in the most effective manner for you and for your computer.Our lawful basis for processing the Website Data in this way is our legitimate interests in ensuring the content on our Sites is current and up to date, and for monitoring, managing and improving the use and functionality of our Sites.

D.   Other Personal Data

We may use your personal data to provide you with information about our services we feel may interest you:
where you have provided permission for us to do so, or if you are an existing customer only, where we choose to contact you by electronic means (including e-mail) with information about our own services similar to those which you have already obtained from us or negotiated to obtain from us.

For those marketing messages you can unsubscribe at any time by clicking on the unsubscribe link in the message or replying asking us to stop communicating with you.

Our lawful basis for the processing described in option 1 above is your consent. Our lawful basis for processing described in option 2 above is our legitimate interests in keeping our customers updated and suggesting similar products or services they may want to purchase from us.

We may also use your personal data to communicate with you during the course of providing our services, for example with your enquiries and requests.Our lawful basis for this processing is our legitimate interests in properly managing our relationship with our customers, and in responding to general enquiries and requests that are made of us.

4. Cookies

Our Sites use cookies to distinguish you from other users of our Sites. This helps us to provide you with a good experience when you browse our Sites and also allows us to improve our Sites. We use Google Analytics to track and measure the performance of the Sites.

5. Disclosure Of Your Information

We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, for the purposes of operating our service in another territory, or reporting. Our current group members are Multiplied Solutions (Pty) Ltd and Multiplied Studio (Pty) Ltd.

We do not share data between our other partner data controllers, clients, or customers (although they may share your information outside of our agreement with them).We may share information with companies, organisations or individuals outside of Multiplied if we have a good-faith belief that we are obliged to do so by law.

We may transfer information in our possession to a successor entity in connection with a corporate change in control such as a merger or acquisition or the sale of company assets. In this case, your information will remain subject to this/an equivalent privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6. Where We Store Your Personal Data

Your data will sometimes (depending on where the server is located) be held on secure servers within the European Economic Area ("EEA") with all reasonable technological and operation measures put in place to safeguard it from unauthorised access.  Where possible any identifiable information will be encrypted or minimised.

There may be occasions however where data that we collect from or about you may be transferred to, and stored at, a destination outside the EEA where data protection laws are not as strict as they are in the UK.  For example, it may also be processed by our staff operating outside the EEA. Such staff may be engaged in, among other things, the fulfilment of your contract and the provision of support services.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Where your personal data is being transferred outside the EEA, we will make sure that any transfers are not repetitive and only limited to the minimum amount of information possible. In certain circumstances we may need to seek your consent unless there is an overriding legal need to transfer the information. In all cases where your information is transferred outside the EEA, you have a right to contact us for information on the measures we have put in place.

7. How Long We Keep Your Data For

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. The following data will be held by us for the periods set out below as is necessary to meet the purposes for which we initially collected this information:

Type of data
Retention period
Website data
One month, at which point it is aggregated into reporting data and then deleted
Data Controller data
For as long as we have an agreement in place or for 1 year after the term of the agreement expires
Customer data
For as long as we have an agreement in place or for 1 year after the term of the agreement expires

8. Other Websites

Our Sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.


9. Data Security

We take all reasonable measures to protect the information we collect and store. All transfers to, from and within our Platform are over HTTPS, our servers are located in a secure facility and we strictly control access to the data via strong passwords and two-factor authentication.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Sites or our Service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.


10. Your Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These are set out below.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Access to your information
You have a right to request a copy of the personal information we hold about you, known as a data subject access request. You also have the right to request that information we hold about you which may be incorrect, or which has been changed since you first told us, is updated or removed. These requests can be sent to privacy@multiplied.co

Erasure of your information
You can ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where you have withdrawn consent for us to process it (as explained below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Withdrawing your consent
You have the right at any time to withdraw any consent you have given us to process your personal data. Please note if you withdraw your consent it will not affect the lawfulness of any processing of your personal data we have carried out before you withdrew your consent. Should you wish to do so you can change your consent preferences at any time, such as to unsubscribe or opt out of marketing emails by replying to the email you have been sent, using the unsubscribe link in the email, contacting us at privacy@multiplied.co

Restricting or objecting to us using your Information
You can ask us to suspend the way in which we are using your information in certain scenarios, or object to our processing your data where we are relying on a legitimate interest ground (or those of a third party) and you feel it impacts on your fundamental rights and freedoms, or where we are processing your personal data for direct marketing purposes. In some cases where you object, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Please note that if you want us to restrict or stop processing your data this may impact our ability to provide our services. Depending on the extent of your request we may be unable to continue providing you with our service.

Any queries or concerns about the way in which your data is being used can be sent to privacy@multiplied.co

Moving your information to another organisation
In the event that we process your data by automated means where you have either provided us with consent for us to use your information or where we used the information to perform a contract with you, you have the right to request that we send to you or to another organisation, a copy of the personal data we hold about you, for example when you are dealing with a different service provider. If you would like us to move, copy, or transfer your information please let us know by email to privacy@multiplied.co We will respond to you within one month after assessing whether or not this is possible, taking into account the technical compatibility with the other organisation in question.

Automated decision making and Profiling
In order to provide you with our services, it is necessary for us to conduct profiling on your data, consisting of such as combining data from multiple sources to make a more intelligent decision around which advert to serve you (for example, we may take your rough location and combine it with the weather conditions in your local area so that the experience we serve can reference the weather where you are).We do not use your information for automated decision making or profiling that may have a legal or similarly significant effect on you.

Children
Our services are not aimed at children.


11. Changes To This Policy

This Privacy Policy is subject to change. We will post the updated version on our website (multiplied.co/privacy-policy). Whenever a change is significant, we will place a prominent notice on the Sites and we encourage you to periodically review this page for the latest information on our privacy practices.

12. Questions Or Comments And Complaints

Multiplied processes Data in accordance with this Privacy Policy. We are a processor or a sub-processor of such data and the controller will depend on where/how your data was collected. If you have questions regarding the collection and use of Data Controller Data, please contact our Privacy Team (as below) who will direct any inquiries to the proper controller as possible.

If you have questions or comments regarding this privacy statement, please contact us at privacy@multiplied.co.