GDPR
Q: When I access your websites, how do you handle privacy?
A: Please see our privacy policy located at: https://cheq.ai/privacy-policy/;
Q: When I use your services, do you have access to personal information?
A: Yes. We process any personally identifiable information in accordance with applicable laws. By engaging with you under our Terms of Service, you also enter with us into a Data Processing Agreement, located at: https://cheq.ai/data-processing-agreement/
Q: Do you collect and store personal information?
A: Yes, but only in accordance with applicable laws, for more information on how we collect and store personal information please look at our DPA located at: https://cheq.ai/data-processing-agreement/
Q: Do I need to get consent from my users to use your SaaS product and Services?
A: The obligation to get consent from your users resides within your sole discretion, however, we believe the collection of the IP address serves your legitimate business interest, and that the cookies and tags placed by using our Services are required.
Q: What is the legal basis of your collection and processing of personal information of users of our services and websites?
A: The legal basis is a legitimate business interest to prevent malicious and fraudulent activity on your website and services, in addition, we only collect and process IP Addresses. Such use is not invasive, it is done for a short period of time, and provides the best protection for the users.
(for more information in this regard please see Article 6(1)(f) of the GDPR).
Q: How and where do you store personal information?
A: We use sub-processors, the full list is located at: https://cheq.ai/sub-processors/
For CHEQ SaaS Product’s users we use Amazon Web Services. For EU data subjects we store personal information in Ireland, and for any other data subjects, in the US.
For Clickcease SaaS Product’s users we use Azure. For any EU data subject, we store personal information in Ireland, and for any other data subjects, in the US.
Q: What is your data retention policy?
A: Please see our DPA located at: https://cheq.ai/data-processing-agreement/
ePrivacy
Q: Do you use cookies on your websites?
A: Yes, as part of your access to our websites. You may opt-out of such use as detailed in our privacy policy located at: https://cheq.ai/privacy-policy/.
Q: Do you use cookies as part of your SaaS Products?
A: We use cookies as part of our SaaS Products based on the election of the specific customer using our SaaS Product. We do not collect in this regard any personal information on the users that visit our customers’ websites and services, but rather for the limited purpose of evaluating the legitimacy of the device having access to our customers’ products websites, and services.
Q: If I do not want any cookies placed on my websites or my users, can I still use your services?
A: Our CHEQ SaaS Product has a cookie-less solution, performing based on the IP address and other un-identified data collected by our javascript.
Q: Under the opinion by the Article 29 Working Party/guidelines by the ICO/guidelines by CNIL, the cookie consent exemption does not apply to third-party operational advertising cookies, including ad-fraud detection. As an adtech company, how does this apply to CHEQ?
This category applies to *third-party advertising* related cookies. CHEQ cookies are top-level domain cookies, and therefore do not fall under this category.
This category was set forth to prevent the advertisers tracking behavior for targeted advertising, to track users without consent for any purpose, due to the fear that it will be further used for serving targeted ads.
This category therefore applies to third parties serving the ads, and the cookies they place to validate clicks for accounting.
It does not apply to the website owner trying to block fraudulent traffic to its site. Hence, this doesn’t apply to CHEQ tracking technologies.
This is merely an opinion document, interpreting the directive.
Furthermore, the ePrivacy Regulation, currently in reconciliation proceedings and scheduled to be adopted by the EU legislative bodies during 2022, further clarifies this issue, by adding an exemption from consent where the use of tracking is necessary “to … prevent fraud”. This further strengthens the position that the EU governing bodies view fraud prevention as a legitimate business interest of the website owner.
If need be, we have a document detailing it further, and we’d love to schedule a call for your legal team with our legal team who are well versed in the matter and could go into further (and far more granular) details.
CCPA
Q: Are you CCPA compliant?
A: Please see our DPA located at: https://cheq.ai/data-processing-agreement/ we are defined as “Service Provider” under the CCPA.
HIPAA
Q: Are you HIPAA compliant?
A: We do not process Protected Health Information under HIPPA and thus HIPPA does not apply to us.
Last Updated August 2022