Data protection instructions for data processing within the business activities of Sinoads
Sinoads provides what is known as an affiliate marketing platform. Advertisers can register with this Sinoads platform and submit online advertising (“ads”). In parallel, “publishers” also register with Sinoads. Their task is to take the advertising content placed by the advertisers and disseminate it on the Internet. They might do this, for example, on their own websites or in their newsletters. The task of Sinoads is to bring advertisers and publishers together, record the orders brokered for the advertisers and to handle the remuneration for the publishers. In addition, the advertisers must pay a sales-based remuneration to Sinoads.
A case study: A publisher has a blog on the theme of e-bikes, in which they discuss the latest developments. They register as a publisher with Sinoads, receive access to the advertising submitted for e-bikes and incorporate the advertising provided into their blog. If a visitor to the blog clicks on this advertising, they will be taken to the advertiser. There the visitor can look at the details of the advertised item and potentially buy it. On behalf of the advertisers, Sinoads records publishers’ brokerage activities and produces appropriate reports for each advertiser. Sinoads receives details of a publisher’s brokerage activities from the advertiser so that it can invoice its own services and the publisher’s brokerage services on the basis of this data.
The data-processing activities on which the business activity is based have been optimised with respect to the GDPR and developed in a privacy-friendly way. See below for more details.
I. Who is the “controller” with responsibility for the processing of the personal data?
What is the scope in which the processing of the personal data takes place?
Use of the Sinoads affiliate marketing platform, along with the subsequent data processing associated with the display of advertising and the later purchase of the advertised items, entails various responsibilities from a data-protection perspective. Not only the publishers but also the advertisers, as well as Sinoads as the operator of the platform, work partly on their own responsibility and partly as part of a “joint control” pursuant to Art. 26 GDPR.
1. On the publisher
In the first instance, each publisher is itself responsible for the operation of the website/blog on which it displays the advertising. With regard to the forwarding of an interested party’s data after clicking on the website, there is a joint responsibility pursuant to Art. 26 GDPR with the relevant advertiser whose ads have been placed on the publisher’s publication. Both parties have made an agreement pursuant to Art. 26 GDPR and inform each other about the scope of the data processing pursuant to Art. 12 et seqq. GDPR.
2. On the shop operator/advertiser
Once the advertiser’s landing page/website or online shop has been accessed, the advertiser is itself responsible for the data processing in the first instance. Sinoads provides the affiliate marketing platform to the advertiser. This platform enables advertisers to process the queries brokered by publishers. For example, it documents the cases in which there has been a purchase of a product after a brokerage activity by a publisher. The advertiser is responsible under data protection law for these data processing actions – including storing cookies once an affected party, or “data subject”, has given their consent. Sinoads becomes active on behalf of the advertiser as the “processor” (see Art. 28 GDPR). The advertiser informs the affected parties, or “data subjects”, of these data processing actions separately on its website. In addition, data subjects receive further information here on how to contact the advertiser.
3. On the data processing by Sinoads
The following data processing actions by Sinoads take place under Sinoads’ own data protection responsibility. The controller – unless otherwise specified – is:
Sinoads Limited, 1st Floor South, The Quorum, Bristol, BS1 3AE
You can find further details of the company on the Company Details page at https://www.sinoads.uk.co/
In the event of questions about the processing of your personal data as part of the affiliate marketing platform or on the subject of data protection, please contact [email protected].
You can contact the data protection officer,
Sinoads has signed data protection contracts with both the advertiser and the publisher concerning the use of the affiliate marketing platform. Advertisers are required to pay a remuneration to Sinoads for the use of the platform. This remuneration also includes the amount due to the publisher. Under contract law, Sinoads is required to pay the publisher its commission for successful brokerage activities and to calculate in advance the due amount of this commission. In order to calculate the remuneration for the sales brokered by a publisher, the advertiser sends details to Sinoads on signature of contract. These must include the following:
- a reference number that represents a purchaser/a purchase;
- a reference number that enables the brokered transaction to be associated with the publisher;
- contractual and billing data (product, value, currency and the like);
- automatically transferred data about the Internet-user’s end device (browser, operating system and the like).
No additional personal data, and in particular no name and no contact details (address etc.), are sent to Sinoads. The advertiser provides Sinoads only with the details required for the fulfilment of the intended data processing purposes. This transfer is made on the basis of Art. 6 (1) (1) (f) GDPR in order for Sinoads to be able to meet its contractual obligations.
The advertiser and Sinoads are jointly responsible, within the meaning of Art. 26 GDPR, for this transmission of the data that results from the brokered conclusion of contract.
Furthermore, Sinoads produces a report on the basis of the data transferred. This is intended to enable publishers to optimise their own sales activities. Sinoads also produces recommendations both for advertisers, with regard to potentially suitable publishers, and for publishers, with regard to potentially suitable products. The data processing actions on which the reports and the recommendations are based are carried out on the basis of Art. 6 (1) (1) (f) GDPR. The legitimate interest consists in optimising business activities. The report is also provided in joint responsibility with the relevant publisher and advertiser.
In addition, Sinoads processes the accrued data for its own purposes outside the joint responsibility: Sinoads processes the data transferred by the advertiser for statistical purposes. This includes an anonymised evaluation of the data in order to make a capacity plan. In addition, data is evaluated to identify and investigate any offences or impermissible use of the affiliate marketing platform (anti-fraud and abuse measures). This data processing also takes place on the basis of Art. 6 (1) (1) (f) GDPR.
Three years after the transfer, the data transferred to Sinoads is erased unless there are legal retention obligations that prohibit this. Sinoads must regularly provide such data during audits by financial auditors – as well as for audits by the financial authorities (German Tax Code [AO]/Commercial Code [HGB]). In such cases, first the compulsory-retention data is locked; then, after the legally applicable deletion term expires – usually ten years – it is permanently erased. The legal basis for the processing of the personal data is Art. 6 (1) (1) (b), (c), (f) GDPR.
II. To which recipients does Sinoads send your data?
Sinoads works with service providers (known as “processors”) and will be happy to name these to you on request. The most important service providers used by Sinoads are:
- Sinoads Ltd., UK, for the management of the application and for IT support
- Other Sinoads companies in certain EU member states and in the UK in the case of advertising campaigns displayed across the EU
- Amazon Web Services EMEA SARL, Luxembourg, as hosting provider
- Pulsant Ltd., as hosting provider
- Other EU-based service providers for technical support
III. Data processing outside EU / EEA
Sinoads works with service providers outside the EU/EEA. These service providers are based in the UK, which is recognised by the EU Commission as equivalent.
IV. Your rights as a data subject
As a party affected by the data processing, or “data subject”, you have the following rights. Because of the agreements Sinoads has made with the publishers and advertisers, you can also assert your rights as a data subject to Sinoads with regard to the processes encompassed in the joint responsibility. If you want to make use of these rights, please contact: [email protected]
- Right of access pursuant to Art. 15 GDPR
- Right of rectification pursuant to Art. 16 GDPR
- Right to erasure of your data pursuant to Art. 17 GDPR
- Right to restriction of processing pursuant to Art. 18 GDPR
- Right to data portability pursuant to Art. 20 GDPR
At any time and without having to state reasons, you may object to any processing of personal data for advertising purposes that is undertaken on the basis of legitimate interests.
In addition, pursuant to Art. 21 (1) GDPR you have the right to raise an objection at any time to the processing of your personal data, for reasons connected with your particular situation, on the basis of Art. 6 (1) (1) (f) GDPR. In this case, reasons must be given for the objection.
V. Right to complain to a supervisory authority
If you believe that your data has been processed in contravention of data protection law, you have the right pursuant to Art. 77 (1) GDPR to complain to a data protection supervisory authority.
VI. Use of an automated decision-making process
In accordance with Art. 22 (1) and (4) GDPR, there is no automated decision-making – including profiling.
Declaration valid as of: 23 May 2022
