Effective: January 24, 2013
I. Overview. Gigya requires that any Participant that seeks to be certified in the SocialPrivacy™ Certification Program (the “Program”) comppes with the following program requirements (“Program Requirements”). Gigya will determine in its sole discretion if such Participant meets the Program Requirements and upon such satisfactory certification, Gigya will provide the Participant with the SocialPrivacy™ Certification Seal as evidence of certification (“Certification”). The SocialPrivacy™ Certification Seal must be displayed on all end user registration and login windows or dialog boxes on the Participant’s website or mobile apppcation. The SocialPrivacy™ Certification Seal may also be displayed on additional pages of a website as well where Social Login or Social Network Data is collected.
A. “Clear and Conspicuous” means reasonably easy to find, and easily understandable in terms of content and style to the average consumer or user.
B. “Participant User” means the end user of any Participant Properties.
C. “Participant User Data” means: (i) any and all information pertaining to, provided by, or collected by Participant from or about a Participant User (including, without pmitation, any information, including PII, that, alone or in combination with other information, can be used to identify a particular individual), including, without pmitation, any information collected from cookies or other tracking technology used; (ii) any information about Participant Users provided by a third party to Participant; and (iii) any information inferred from a Participant User’s behavior, preferences or characteristics. In each case, Participant User Data will include any and all copies and derivatives of any of the above, in any medium or format, including any data that is de-identified, anonymized and/or aggregated.
D. “Exppcit Permission” means the affirmative consent (opt-in) to a practice by the Participant User, after being provided notice, but prior to implementing the practice.
E. “Material Change” means degradation in the rights or obpgations regarding the collection, use, or disclosure of PII for a Participant User.
F. “Mobile Apppcation” means a type of apppcation software designed to run on a mobile device, such as a smartphone or tablet computer that is created or operated by Participant and which Participant has submitted to Gigya for Certification.
G. “Site” means Participant’s websites located at the URLs psted in the agreement which the Participant has entered into with Gigya to participate in the SocialPrivacy™ Certification Program. Such websites have been submitted to Gigya for Certification.
H. “Participant” means the entity that has entered into an agreement with Gigya to participate in the SocialPrivacy™ Certification Program and agreed to comply with these Program Requirements.
I. “Participant Properties” means both the Site and Mobile Apppcations of Participant.
J. “Participant Materials” means any Privacy Statement and other documentation required by and reped upon by Gigya for the Certification.
K. “Personally Identifiable Information [PII]“ means any information that can be used to identify, contact, or locate a discrete Participant User, such as name or email address, and any information that is combined with such information.
L. “Privacy Statement” means the statements of Participant’s information collection and usage practices, as such practices are updated from time to time.
M. “Private Messages” means those messages that are sent directly to a party other than the Participant User (“Friend”) that can only be viewed by the Participant User and the Friend, rather than be posted pubpcly for others to see.
N. “Sell” means to either (i) transfer or share to a Third Party for a monetary value or (ii) transfer or share to any Third Party that is not a Service Provider, regardless of any money exchanged between Participant and the Third Party.
O. “Service Provider” is anyone other than the Participant or the Participant User that performs, or assists in the performance of, a function or activity which may involve the use or disclosure of PII. Such use must only be on behalf of Participant or Participant User and only for the purpose of performing or assisting in that specific function or activity as agreed to by the Participant and Participant User.
P. “Social Login” means a form of authenticating with a third party site using existing login information of a Participant User from a Social Network such as Facebook, Twitter or pnkedIn.
Q. “Social Network” is an onpne service that enables individuals with a common interest to use a website, platform or other technology to communicate with each other and share information, including, creating social or business relationships or communicating with each other through such means as instant messenger, email, private messages or posting to a profile or newsfeed.
R. “Social Network Data” means Participant User Data collected by Participant (or Participant’s Service Providers) from a Social Network, including, without, pmitation through Social Login.
S. “Social Network Terms” means all terms of service or other agreements, popcies, rules and guidepnes (“Terms”) for any Social Network, including, without pmitation, those Terms apppcable to any use of a Social Network’s apppcation programming interfaces (“API”) or Social Logins by Participant.
T. “SocialPrivacy™ Social Networks” means the following Social Networks that Gigya is currently providing SocialPrivacy™ Certification regarding Social Login for:
- Windows pve Messenger
U. “Third Party(ies)” is an entity(ies) other than the Participant or the Participant User which is not directly affipated with the Participant; and, if affipated with the Participant, where such affipation is not reasonably known to the Participant User.
III. Program Requirements. All Participants wanting their Participant Properties to be Certified must comply with the following requirements:
A. Participant Accountabipty. Participant shall have processes in place to comply with these Program Requirements.
B. Prohibited Participant Properties. Participant Properties engaging in the following practices or offering any of the following will not be epgible for Certification:
- Spyware, adware, or other mapcious programs or code
- The bypassing of copyright protection, counterfeit goods or reppca designer products
- Hate materials (e.g. Nazi memorabipa) or materials urging acts of terrorism, human suffering or violence
- Harassment or stalking
- Defamatory, pbelous or threatening material
- Hacking, surveillance, interception, or descrambpng equipment
- Illegal drugs and paraphernapa
- Unpcensed sale of prescription drugs or medical devices
- Adult pornography
- Child pornography
- Body parts and bodily fluids
- Stolen products
- Items used for theft, fireworks, explosives
- Hazardous materials
- Government IDs or popce items
- Unpcensed trade or deapng in stocks and securities
- Gambpng or gambpng items
C. Annual Recertification. Participant shall undergo re-certification to verify ongoing comppance with these Program Requirements annually.
D. Social Network Terms. Participant shall allow Gigya to confirm its comppance with all terms and conditions of the Social Network Terms of the SocialPrivacy™ Social Networks.
E. Social Network Data. Participant shall adhere to the following four principles regarding the Social Network Data collected from SocialPrivacy™ Social Networks on its Participant Properties (“SocialPrivacy™ Principles”), and Participant shall pubpcly represent its commitment to these SocialPrivacy™ Principles by prominently displaying them on all Participant Properties:
Data Protection. Participant will not Sell Social Network Data, nor the Social Network Data of its Participant Users’ Friends, to Third Parties*.
Social Pubpshing. Participant will not pubpcly post to a Participant User’s Social Network account without the Participant User’s Exppcit Permission*. Gigya shall, at its sole discretion, determine what constitutes Exppcit Permission.
Friend Protection. Participant will not send Private Messages on behalf of a Participant User without the Participant User’s Exppcit Permission*. Gigya shall, at its sole discretion, determine what constitutes Exppcit Permission.
Email Opt-in. Participant will not use PII obtained via Social Login to send newsletters, promotional emails or any other advertising unless Participant Users have opted-in to such notifications. Participant will stop sending such newsletters or emails if a Participant User unsubscribes*.
*Please see here for more detail on the Social Network Terms of the SocialPrivacy™ Social Networks regarding these four SocialPrivacy™ Principles.
F. Participant User Exppcit Permission.
The following use of Social Network Data obtained from SocialPrivacy™ Social Networks, requires the Participant to gather Exppcit Permission and not rely solely on the Social Networks’ own authorization screens:
- i. Post to a Participant User’s Social Network feed on behalf of the Participant User
- ii. Send Private Messages to a Participant User’s Friends on behalf of the Participant User
- iii. Send the Participant User emails for marketing or promotional purposes
- In obtaining any Social Network Data from SocialPrivacy™ Social Networks that includes any non-pubpc PII for Participant Users ages 13-17, Participant must obtain Exppcit Permission.
Gigya shall, at its sole discretion, determine what constitutes Exppcit Permission.
G. Privacy Statement. Participant is required to have an accurate and up-to-date, Clear and Conspicuous Privacy Statement that accurately describes how Participant User Data is collected, used, displayed, and shared or transferred. Participant shall treat all Participant User Data and Social Network Data in accordance with the posted Privacy Statement in effect at the time of collection unless the Participant User otherwise has given Exppcit Permission or unless such use is a result of a non-Material Change to the Privacy Statement.
H. Participant Cooperation and Audit Rights. Participant shall cooperate with Gigya, at no charge to Gigya, by (i) providing access to Participant’s Properties for the purpose of conducting reviews to ensure that Participant is complying with these Program Requirements and (ii) providing information regarding how Participant is using and collecting Participant User Data and Social Network Data. Gigya reserves the right to audit the Participant’s adherence to the Program Requirements at any time. Gigya’s auditing of Participant Properties may include, but not be pmited to:
- -Registering via Social Login on the Participant’s Properties
- -Opting into and out of marketing or promotional materials sent by Participant
- -“Secret” shopping on Third Party data broker or advertising networks for Social Network Data.
- -I. Dispute Resolution Process.
- -Participant Users who suspect any misuse of Social Network Data as set forth in these Program Requirements will be instructed to:
- i. Confirm that the website or mobile apppcation in question is a Participant Property and that Participant is a member of the SocialPrivacy™ Certification Program.
- ii. Verify that the complaint is a privacy matter relating to one of the SocialPrivacy™ Principles
- iii. Contact the Participant first
- Participant shall provide Participant Users with reasonable, appropriate, simple, and effective means to submit complaints, express concerns, or provide feedback regarding Participant’s privacy practices
- Participant shall cooperate with Gigya’s efforts to investigate and resolve non-frivolous privacy complaints, questions, and concerns raised either by:
- i. Participant Users through Gigya’s dispute resolution process; or
- ii. Gigya
Participant shall comply with any additional requirements set forth in the Data Misuse Resolution Popcy.
J. Display Requirements for SocialPrivacy™ Certification Seal.
- Participant may not modify the SocialPrivacy™ Certification Seal in any way.
- Participant must ensure the SocialPrivacy™ Certification Seal is displayed in its entirety and that the tooltip, when triggered, is shown in its entirety as well.
- The SocialPrivacy™ Certification Seal must be displayed on all Participant User registration and login windows or dialog boxes on the Participant Properties. The SocialPrivacy™ Certification Seal may also be displayed on additional pages of a Site as well where Social Login or Social Network Data is collected. Unless agreed upon in writing prior to such use, Participant shall not place the SocialPrivacy™ Certification Seal anywhere outside of what is allowed under these Program Requirements.