RewardLion Privacy Guide for Customers

The following serves as a privacy guideline for RewardLion customers, whether they are using services offered on: www.rewardlion.com and/or www.rewardlion.net. (“Collectively or separately referred to as the “Platform”). It's important to note that this is simply a guideline intended to assist our customers and does not constitute legal advice.

1 - Navigating Privacy Regulations

In today's digital landscape, privacy regulations serve as crucial guidelines governing the acquisition and utilization of personal data, spanning identifiable information, healthcare records, and financial particulars. These regulations exhibit variances across diverse jurisdictions, including countries, regions, states, and territories, yet they converge on core principles regarding rights, obligations, and enforcement mechanisms.

For entities engaging with data governed by privacy laws, adherence is non-negotiable and contingent upon the geographic origin of the individuals involved. For example, organizations gathering personally identifiable information from European patrons must uphold the rigorous standards delineated in the EU’s General Data Protection Regulation (GDPR). Similarly, businesses interacting with consumers in California, United States, must conform to the stipulations outlined in the California Consumer Privacy Act (CCPA), where applicable.

2 - Utilizing This Guide

Privacy laws and regulations undergo constant evolution, presenting a complex landscape for compliance. RewardLion endeavors to simplify compliance for our clientele amidst the dynamic regulatory environment. While RewardLion strives for compliance with privacy regulations, customers must also proactively undertake measures to ensure adherence.

This guide serves as a resource to facilitate the utilization of the RewardLion Platform in accordance with privacy mandates. It is important to note that this document does not serve as legal counsel, nor does it guarantee compliance with privacy laws and regulations.

3 - Data Roles and Controller Checklist

Privacy regulations delineate responsibilities contingent upon whether an entity functions as a controller or processor of personal data. Controllers ascertain data processing objectives and methodologies, assuming specific responsibilities regarding personal data. Processors manage data on behalf of controllers, adhering to controller directives.

As a user of the RewardLion Platform, you serve as a controller, accountable for uploaded and processed data. Profound comprehension of controller responsibilities is essential, necessitating updates to protocols and procedures to facilitate lawful data transmission to RewardLion. The supplied checklist facilitates compliance, furnishing directives for both platform and external endeavors.

It is underscored that RewardLion does not furnish legal guidance or act as a legal representative. Recommendations are suggestive, and legal elucidation should be sought from qualified professionals. The checklist predominantly addresses GDPR controller obligations while acknowledging the fluid nature of privacy laws, underscoring the imperative for continual compliance initiatives and input for platform enhancements.

4 - Controller Checklists

RewardLion endeavors to equip our customers with the necessary tools to ensure compliance with privacy laws within their business operations facilitated by RewardLion. Below, you will find recommended actions to be undertaken within your RewardLion Platform account, as well as additional steps for compliance beyond the platform.

It's important to note that while this checklist is designed to encompass general privacy laws, it is particularly tailored to address controller obligations under GDPR, which is recognized as one of the most stringent privacy regulations. However, given the dynamic nature of privacy laws, updates to this checklist may be necessary as new laws emerge or existing ones are amended. We strongly advise consulting with legal experts to ensure comprehensive compliance with privacy regulations. Your feedback on enhancing the RewardLion Platform for improved compliance is also greatly appreciated!

Privacy Law Requirement	What You Need To Do In Your RewardLion Platform Account	What You Need to Do Outside RewardLion Platform
Right to Be Informed Explanation: Ensure customers understand how their data is processed, and make notice accessible during offline interactions Lawfulness of Processing Explanation: To legally process an individual's data, you must establish a valid foundation. This "legal basis" may stem from informed consent, contractual obligations, or other legitimate interests. It's essential to seek advice from your legal counsel to ascertain whether you possess a legal basis for processing someone's data. Top of Form	Inform customers about data processing methods Link privacy notice on webforms, landing pages, etc.- see section 6.1 below for a reference Establish tags to monitor the lawful basis or implement consent checkboxes to gather explicit consent. Refer to Section 6.2 below for a help. Develop a systematic procedure for removing EU contacts if their data processing lacks a lawful basis or if they retract their consent	If you opt to gather customer data via offline means, such as in-person interactions, it's imperative to ensure that your privacy notice is readily accessible during those encounters. Regularly review and update consent mechanisms Implement procedures for lawful processing of EU contacts Ensure offline data collection is documented and complies with consent requirements
Consent Explanation: When choosing consent as the lawful basis for processing customer data, it's essential to adhere to certain requirements: Clarity in Consent Request: Clearly specify the type of consent you're seeking and reference your privacy notice for further details. Unchecked Consent Checkboxes: Avoid pre-checking consent checkboxes to ensure that customers explicitly consent by actively checking the box themselves. Documentation of Consent: Maintain records to demonstrate proof of consent for both prospects and customers who have granted it.	Regularly update your webpages and landing pages with the proper CONSENT CHECKBOXES	Make sure to apply the instruction thoroughly and make a timetable whenever updating your Webpages and Landing Pages and everywhere else.
Right to Rectify/Correct Inaccuracies and to Delete Explanation: If your customer requests at any point of time to stop processing their information and to be deleted entirely from your data records	Provide a simple method for customers to request data deletion- find here a form as a reference	As a user of RewardLion, it is your responsibility to fulfill your customer’s requests to erase their data. You can perform this action within your RewardLion Platform account. Ensure that you have established an internal process to monitor these requests and guarantee they are addressed promptly. Furthermore, if you maintain customer contact records or data outside of the RewardLion Platform, it is imperative to erase them upon request as well.
The Right to Access Data Explanation: Your customers have the right to understand if their data is being processed. Should you be processing their data, they possess the entitlement to comprehend what information you are processing. They should have the ability to request access to view their data in a portable and visually accessible format.	Establish an easy method for RewardLion customers to request access to the data being processed on their behalf. Within RewardLion, you can facilitate this in a couple of ways: 1) Capture a screenshot of the customer record and forward it; or 2) Extract the contact's details into a CSV file and share it	It is your duty to promptly address your customers' requests. Establish an internal procedure to monitor and manage requests efficiently. Remember, the right to access and portability extends beyond the data in your RewardLion account. You must devise a secure method to gather other relevant customer data and transfer it to them safely.
Right to Rectify Explanation: Your customers have the right to review their data and verify its accuracy. Should any errors be present, they are entitled to request timely updates to ensure the information is correct.	Establish an easy method for your customers to request updates to their data. Consider implementing a request form similar to the one provided for data deletion requests mentioned earlier.	Ensure the presence of an internal mechanism to oversee data update requests and guarantee their prompt handling. Beyond updating contact details within the RewardLion system, remember to revise customer information across other platforms and inform any third parties authorized to process customer data.
Assign a Data Protection Officer Explanation: Consider designating a Data Protection Officer (DPO) or a Chief Data Security Officer within your organization. Additionally, if your clientele includes individuals from the EU or the UK and you haven't appointed a Data Protection Officer specific to these regions, it's imperative to appoint a representative for each area to oversee data and security matters. Third-party services are available to fulfill these roles if needed	Ensure that your privacy notice specifies the individuals responsible for the EU and UK representative roles. Additionally, identify your Data Protection Officer and Chief Data Security Officer, if applicable, and include their details in your privacy documentation. Top of Form	Please ensure that your privacy notice includes the names of the individuals who serve as the representatives for the EU and UK roles. Additionally, if applicable, identify your Data Protection Officer and Chief Data Security Officer in your privacy documentation.

6- Resources

6.1 How to Incorporate Privacy Policy When Collecting Personal Data on RewardLion

Disclaimer: Please note that this section does not constitute legal advice. It serves solely for informational purposes. For legal guidance, always seek assistance from your legal advisor.

General Considerations for Privacy Policies:

1. Types of Personal Data Collected:

Identify the specific personal data you collect from your leads or customers.

2. Collection Points for Personal Data:

Funnels & Websites
Forms
Surveys
Web Chat
Order Forms
Calendars

3. Creating Your Privacy Policy Using Funnels or Websites:

Dedicated Page Creation:

Develop a dedicated page within your funnel or website, usually located on the homepage for easy access.
Utilize online resources such as privacy policy templates available on platforms like Google.
For specific and tailored policies, seek assistance from your legal counsel to draft and finalize your privacy policy to suit your business needs.

4. Linking to Your Privacy Policy:

In Funnels & Websites:

Incorporate a text or button linking to your privacy policy.

In Forms:

Add a text or link directing users to your privacy policy.
Integrate Terms and Conditions (T&C) form elements.

In Surveys:

Provide a text or link guiding users to your privacy policy.

Web Chat:

Include a text or link within the widget description leading to your privacy policy.

Order Forms:

Display a text or link on the order page.
Activate Terms and Conditions in the Advanced settings of the Order Form and insert a link.

Calendars:

Present a text or link on the page where the calendar is embedded.
Utilize a custom form with a T&C element containing the link (Please note: Ensure the link directs to a page on your website housing your Terms and Conditions for reference).

6.2 Guide: Obtaining Customer Consent and Tracking Legal Basis for Processing Personal Data

Disclaimer: The information provided in this guide is for informational purposes only and should not be construed as legal advice. Always consult with your legal counsel for personalized advice.

Understanding Personal Data: Personal data refers to any information related to an identified or identifiable natural person.

Collection Points for Personal Data: Personal data can be collected through various channels, including Funnels & Websites.

Pre-Requisites: Ensure that a privacy policy is prominently displayed whenever personal data is collected. Obtain explicit consent from customers before processing their personal data, or ensure that there is a legal basis for processing.

Methods to Obtain Consent from Customers:

Utilize forms and forms embedded on websites or funnels.
Implement surveys and surveys embedded on websites or funnels.
Utilize webchat services.
Leverage calendars and calendars embedded in funnels or websites.
Implement order forms embedded in funnels or websites.

Tracking the Legal Basis for Processing Personal Data: In cases where customers have not expressly consented to the processing, create a designated tag and apply it to relevant contacts either manually or through automation processes.

6.3 General Resources

GDPR EU: https://gdpr.eu/
GDPR UK: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/
CCPA: https://oag.ca.gov/privacy/ccpa
Colorado Privacy Act: https://coag.gov/resources/colorado-privacy-act/
Washington My Health My Data: https://www.atg.wa.gov/protecting-washingtonians-personal-health-data-and-privacy?

7. DISCLAIMER & ACKNOWLEDGMENT:

RewardLion hereby affirms that it is not licensed to offer legal representation, dispense legal advice, or engage in the interpretation of legal statutes or regulations. Customers are strongly advised to seek guidance from their respective legal advisors regarding matters concerning legal interpretation, compliance obligations, and the development of legal strategies.

While RewardLion endeavors to assist its customers in aligning their business operations with the rigorous standards delineated in the General Data Protection Regulation (GDPR), recognized as a leading and comprehensive privacy regime, it is essential to recognize that the resources, recommendations, and informational materials provided by RewardLion are intended solely for educational and informational purposes.

It is underscored that the contents of this document do not constitute legal advice, nor should they be construed as a substitute for professional legal counsel. Customers are urged to conduct their own comprehensive assessments and consult with competent legal practitioners to obtain tailored legal guidance and ensure adherence to relevant laws and regulations.

By availing themselves of RewardLion's services and resources, customers acknowledge and affirm that RewardLion does not assume the role of a legal advisor, and any reliance placed on the information provided herein is undertaken at their own discretion and risk.