GoCPA cares about how end user data is collected, used, and shared. We are a “data processor” that collects and analyzes end user data at the specific request of our clients, the “data controllers”.
GoCPA Platform and Data Pledge
GoCPA is the leading partner marketing platform, used by the world’s top mobile and desktop advertisers and networks to measure and manage their online advertising relationships. Clients use GoCPA to assess the effectiveness of their partner relationships and act on those results.
Pursuant to the GoCPA Data Pledge, our clients determine the data that they provide to and collect through GoCPA. Clients’ use, collection, exportation, or any other use of end user data is governed by their own privacy policies and applicable laws, rules, or regulations.
What Information Does GoCPA Collect From Clients?
At the direction of our clients, who act as data controllers, GoCPA collects the following types of information from end users to help clients measure and manage their marketing partner relationships:
Our clients may also choose to share certain account information for both clients and their partners on the GoCPA Platform. This may include corporate and employee information necessary to maintain the services and up-to-date contact information, including: name, mailing and/or billing address, email address, company name, website url, user name, password, and phone number. Clients using GoCPA to manage payouts to their partners may also choose to share certain banking information as necessary to carry out the services.
Clients can also choose to view and measure information provided by other third-party sources in the GoCPA Platform. Those sources may include advertisers, publishers, marketing partners, and other advertising networks and analytics partners. Marketing partners may sign up with advertisers through the GoCPA Platform or through their own customer website.
Clients own the data that they provide to and collect through the GoCPA Platform. When clients remove or export their data from the GoCPA Platform, their use of data is governed by their own privacy policies and applicable laws, rules, or regulations. GoCPA serves as a data processor, acting at the direction of our data controller clients. Specific fields that likely contain personal data, such as IP address or device ID, may be obfuscated or blanked, respectively, by the GoCPA client.
What Information Does GoCPA Collect On the Websites From End Users?
When you visit the Websites, GoCPA collects information about your device and use of the Websites to understand how to improve its Websites. GoCPA also collects any information you voluntarily provide when you visit the Websites to learn more about GoCPA and its products, sign up for GoCPA services, or apply for employment at GoCPA. The type of information collected will depend on your request and interaction with the Websites. Categories of information may include specific times of day you accessed the Websites, the IP address of the device you used to access the Websites, the pages on the Websites that you viewed, the pages you visited before navigating to the Website(s), and information about the device you use to access the Websites, including hardware model, operating system and version, and browser.
GoCPA uses the information collected on the Websites for various purposes, including:
How Do Clients Use GoCPA To Collect Information From Users?
Clients may use GoCPA for pixel or server postback tracking to collect certain performance marketing information about end users. Pixel tracking (also called “cookie-based tracking” or “client-side tracking”) methods store a GoCPA session identifier in a user’s browser cookie on click. In postback tracking (also called “server-side tracking”), GoCPA directly sends a session identifier to the advertiser on click. On conversion, the advertiser then communicates that identifier to GoCPA for validation.
GoCPA also supports server-to-server measurement for some clients. With any of the mentioned methods, when an end user clicks on an advertisement and goes to a specific web page or mobile app action that a client chooses to measure, GoCPA collects information from the user’s device, including but not limited to IP address and ad identifiers.
How May Clients Use GoCPA To Process Information From End Users?
In Which Instances Might GoCPA Share End User Data With Third Parties?
We may also share aggregated or anonymized information in a form that does not directly identify you or any end users with any third parties.
GoCPA undertakes to ensure that personal data are stored and processed only within EU/EES- the same applies to access to the personal data, e.g. in regard to service, support, maintenance, development, operation or similar.
End User Choice, Opt Outs, and Disabling Cookies and Advertising Identifiers
End users can disable cookies in most internet browsers. An overview of the process is available here. Disabling cookies will not, however, stop receipt of all advertisements. If an end user would like to opt out of a particular ad network, publisher, or advertiser’s ads, they will need to contact those companies directly to inquire whether they have an opt-out option.End users can also disable collection of Ad Identifiers for targeted advertising by enabling the Limit Ad Tracking setting on their smartphone. End users can also reset the Ad Identifier altogether using their smartphone’s privacy settings. GoCPA collects data on behalf of its business clients, and is not an end user facing company. Nonetheless, GoCPA provides end user data rights guidance at https://optoutmobile.com.
Learn more about how to control your data via our third party partners’ relevant privacy documentation regarding end user rights: Pendo, Intercom, Marketo, Zendesk, NetSuite by Oracle, SalesForce, Google Analytics, LiveChat, TransferWise, and Inspectlet.
Local Shared Objects (Flash Cookies) and Local Storage (HTML5) Opt Out
Third parties with whom we partner may use local shared objects (flash cookies), and we and our third parties use local storage (HTML5) to provide certain features on our Websites, to display advertising based on your web browsing activity, and to store content information and preferences. Various browsers may offer their own management tools for removing HTML 5. To manage Flash cookies, please click here.
GoCPA (formerly known as HasOffers) is a participant of the Google Third Party Serving Compatibility Program. Clients that choose to advertise with Google must abide by Google’s Third-Party Ad Serving Policy available at https://support.google.com/adspolicy/answer/94230, as well as privacy principles to which GoCPA ascribes, including with regard to data collection, functional cookie opt-outs, and ad identifier tracking.
How Does GoCPA Adhere to GDPR Principles?
GoCPA serves as a data processor under GDPR, and adheres to the principles and rules of GDPR. Specifically, GoCPA implements privacy by design and default principles, ensures limited data retention protocols, adheres to incident response norms, allows for appropriate third party audits, ensures data is only transferred internationally with a lawful basis, only contracts with subprocessors with adequate written commitments to data processing, respects data subject rights, does not process sensitive personal data, and provides data processing agreements to all appropriate clients and partners. (In addition to GDPR, GoCPA respects and adheres to similar data privacy laws in other jurisdictions, such as the California Consumer Privacy Act.)
To end users who access the Websites: GoCPA retains your information for as long as your account is active or as needed to provide you GoCPA services. GoCPA applies data retention rules to abide by data minimization principles. In most cases, reliance on GoCPA’s existing data retention rules will satisfy the end user request within a reasonable period of time. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, unless a longer retention period is required or permitted by law.
GoCPA as data processor shall not engage sub-contractors to perform all or part of the processing of personal data (including access to), unless controller has given its prior specific written approval.
Data Retention, Use, Access, Corrections, and Removal
GoCPA retains your information for as long as your account is active or as needed to provide you GoCPA services. GoCPA applies data retention rules to abide by data minimization principles. In most cases, reliance on GoCPA’s existing data retention rules will satisfy the end user request within a reasonable period of time. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, unless a longer retention period is required or permitted by law and helpful for the service to function properly.
Under GDPR, you have the right as a data controller to:
Your data will be processed on the following legal bases:
GoCPA uses commercially reasonable efforts, including a variety of security technologies and procedures, to help protect client and end user data from unauthorized access, use, or disclosure, both during transmission and once it is received.
Venture Crew Limited
+357 96 665 268
12, Le Corbusier, Limassol, Cyprus