The Pixel Side is in the business of providing data processing Services on behalf of our clients, client’s customers and our Users.
Our company requires the minimal amount of data necessary to provide services from our client’s, client’s customers or Users, and the amount or type of data we collect depends on the product or service our client’s, client’s customers or our Users choose.
We do not sell, provide any data, or personal information collected from our clients, client’s customers or Users of our Services and we do not share information with third parties. (See exceptions when using hired third-party services below)
Understanding there is no such thing as perfect security, we are committed to maintaining reasonable and appropriate security measures to ensure that your personal information is protected both online and offline.
The Pixel Side does its best to adhere to the GDPR, US CAN-SPAM, CalOPPA, and Canada CASL Data Privacy Protection practices.
Our company policy prohibits sending Email Campaigns to recipients from third-party purchased lists.
The Pixel Side requires our clients to send us email data lists containing email recipients that have opted-in to receiving email correspondence from them.
- Data We Collect As Part Of Our Email Marketing Campaigns
We do not collect data or aggregate data from third-party data provider sources, such as public sources, social media platforms, third-party data providers and/or joint marketing partners.
We do store data that is provided by our client and we only keep the data necessary to perform each email campaign requested by our client. Generally the data that is given to us consists of email address, ID, and other marketing data relating to the actual email campaign being mailed.
We do utilize tracking technologies such as tracking pixels to track certain behaviors such as whether an email was delivered and opened and whether links within the email campaign where clicked. These tracking technologies also allow us to collect information such as a recipient’s IP address, browser, email client and other similar details. We use this information to measure the performance of email campaigns, provide analytic information to our client’s and allows us to enhance the effectiveness and streamline internal processes regarding our Services.
- Third-Party Data Access
We do use one or more Email Service Providers (ESP) to process our email campaigns. These ESP’s must comply with the US.GDPR, CAN-SPAM, CalOPPA and Canada CASL Data Privacy Protection practices. The minimal amount of data necessary to perform the service is provided to the third-party such as an ID, email address and marketing data necessary for the email campaign.
From time to time we may use a third party email verification service to validate the email addresses provided by a client are good know sending email addresses. Email verification services we use must comply with the US.GDPR, CAN-SPAM, CalOPPA and Canada CASL Data Privacy Protection practices. The minimal amount of data necessary to perform the service is provided to the third-party such as an email address.
- Rights and Withdraw Of Consent
Each email campaign we send contains an Unsubscribe link so an email recipient has the option to “Opt-Out” of receiving future emails from us on behalf of our client or from our company.
Email recipients may also request to “Opt-Out” of any future emails from us on behalf our client or our company via the Contact Us page on our website (https://thepixelside.com). When using the Contact Us page on our website to “Opt-Out” of future emails, please let us know whether you want to “Opt-Out” and stop receiving email campaigns just sent on behalf of our client or all email campaigns sent from our company in the Contact Us form Message Area.
- Data Retention After An Unsubscribe Request
Once a person unsubscribes from our mailing list for a client or our company, the customer is added to our unsubscribe list and the contact information is removed from our Email Service Provider’s (ESP) database.
All Unsubscribe requests are processed within 10 days.
Security Organization Program
The Pixel Side maintains a risk-based assessment security program that utilizes a framework for The Pixel Side’s security program which includes administrative, organizational, technical, and physical safeguards reasonably designed to protect the Services and confidentiality, integrity, and availability of Customer Data. The Pixel Side’s security program is intended to be appropriate for the Services we offer and the size and complexity of The Pixel Side’s business operations.
Confidentiality. The Pixel Side has controls in place to maintain the confidentiality of Customer Data in accordance with our Agreement. All employees of The Pixel Side and its contract personnel are bound by The Pixel Side’s internal policies regarding the maintaining of confidentiality Customer Data and are contractually obligated to comply with these obligations.
Customer Data Backups. The Pixel Side performs regular backups of Customer Data on our company servers. Customer Data that is backed up is retained with a third-party backup company and encrypted at rest using the Advanced Encryption Standard (AES).
Employee Training. At least once (1) per year, The Pixel Side employees go thru security and privacy training which covers The Pixel Side’s security policies, security best practices, and privacy principles including phishing awareness campaigns and communicates trending threats to employees.
Vendor Assessment. The Pixel Side may use third party vendors to provide Services. The Pixel Side carries out a security risk-based assessment of prospective vendors before working with them to validate that they meet The Pixel Side’s security requirements.
The Pixel Side periodically reviews each vendor based on The Pixel Side’s security and business continuity standards, including the type of access and classification of data being accessed (if any), controls necessary to protect data, and legal or regulatory requirements. The Pixel Side ensures that Customer Data is returned and/or deleted at the end of a vendor relationship.
Access Controls. The Pixel Side follows the principles of least privilege through a team-based-access-control model when provisioning system access to minimize the risk of data exposure. The Pixel Side’s personnel are authorized to access Customer Data based on their job function, role, and responsibilities, and such access requires approval.
An employee’s access to Customer Data is promptly removed upon termination of their employment. In order to access the production environment, an authorized user must have a unique username and password. Before an employee is granted access to the production environment, access must be approved by management and the employee is required to complete internal training for such access.
Encryption. For The Pixel Side’s Services, (a) Sensitive Customer Data is are encrypted using the Advanced Encryption Standard (AES) and (b) all Customer Data when in transit between Customer’s or Vendor’s software application and the Services is encrypted using TLS v1.2.
Vulnerability Management. The Pixel Side maintains controls and policies to mitigate the risk of security vulnerabilities in a measurable time frame that balances risk and the business/operational requirements. The Pixel Side uses a third-party tool to conduct vulnerability scans regularly to assess vulnerabilities in The Pixel Side’s infrastructure and corporate systems. Critical software patches are evaluated, tested, and applied proactively over a predefined schedule.