Logo

Data Management

Welcome to Filtroo’s Data Management Policy

At Filtroo, we prioritize the protection and management of your personal data. Here is how we handle and secure your information.

Data Management

Ensuring Data Security and Integrity

  • Critical Data Masking: Yes, payment card data is masked and encrypted to ensure that access is limited to authorized individuals only.
  • Protection of Digital Identities: We use AES 256-bit encryption for data at rest to secure digital identities.
  • Data Collection and Storage: We only store personal information such as names, emails, and contact numbers. This data is not used beyond its intended purpose and can be deleted upon the tenant’s request.
  • Third-Party Access: Your data is completely secure. Third parties, including government agencies, do not have access to your data without proper authorization.
  • Shared Logs and Resources: Your data is encrypted and secure, ensuring no critical information is revealed to third parties.
  • Data-Integrity Monitoring: No, our data is stored in secured databases, and any alterations are logged within the system records.
  • Data Loss Prevention (DLP): Yes, we have DLP solutions for web, email, and endpoints to prevent data loss.
  • Customer Data Retention Policies: Enforced through technical controls.
  • External Infrastructure: No, we rely solely on our infrastructure for maximum security.
  • Backup Policies and Procedures: Data is securely destroyed when no longer required.
  • Data Deletion: Our data cleansing process ensures deleted data cannot be accessed by other users.
  • Identity Checks for Privileged Access: Access is provided via OAuth 2.0 with checks based on resources accessed.
  • De-provisioning Privileged Credentials: Requires a support ticket, handled promptly.
  • Authentication of Privileged Accounts: Managed to secure confidential data.
  • Segregation of Duties: Allocated to ensure no conflict of interest.
  • Emergency Privileged Access: Can be requested through customer support or account manager.
  • Monitoring and Logging Privileged Actions: Logs collected using AWS, stored in Elastic Search, and retained long-term.
  • Mutual Authentication: Strong authentication via AES 256-bit encryption.
  • Audit Logs: Regularly reviewed to ensure data integrity.
  • ISPs and DDoS Protection: Multiple ISPs for uninterrupted service with DDoS protection.
  • Historical Data Availability: Not provided due to confidentiality.
  • Downtime Plan: Ensures uninterrupted service even during upgrades.
  • Forensic Investigation: Accommodated when necessary.
  • Data Integrity and Quality Control: Follows quality control processes for system availability, confidentiality, and integrity.
  • Data Classification and Access Control: Data is classified based on sensitivity with enforced access controls.
  • Data Security and Lifecycle Management: Compliance with data security and lifecycle management requirements.
  • Operating System Hardening: Hardened to support antivirus and file integrity monitoring.

Third-Party Providers and GDPR Compliance

To provide seamless services, Filtroo works with several trusted service providers. These providers are responsible for specific aspects of data management related to their services, including:

  • Payment Gateway Provider: Handles payment transactions securely.
  • Debit Card Connection Provider: Manages connectivity with debit cards for linked card transactions.
  • Gift Card Providers in the Marketplace: Facilitates the redemption and management of gift cards offered through Filtroo.
  • Public APIs of Social Media Platforms: Provides data based on user interactions with social media channels.

While Filtroo ensures compliance with GDPR regarding how user data is processed within our platform, each provider is independently responsible for their management and use of user data. Filtroo does not assume liability for how these providers handle user data. Users are encouraged to review the privacy policies and terms of service of these third-party providers for more information on their data management practices.

Linked Cards and Transaction Monitoring

You can connect credit or debit cards via a Third Party Service Provider in your Account settings. By using the Site, you authorize the sharing of personal information with Filtroo and its Third Party Service Providers, including Card Payment Networks and Merchants, to monitor Linked Card transactions for Rewards eligibility. Transaction details, such as Merchant, time, and amount, are shared to enable card-linked Offers. Please note that PIN-based and certain other transactions may not qualify as Eligible Transactions for Rewards. You may disconnect a Linked Card at any time in your Account settings or opt-out of monitoring.

Data Use in Challenges Sponsored by Third Parties

When users choose to participate in challenges sponsored by partner brands through the Filtroo platform, the necessary data will be collected to fulfill the challenge’s purpose and, if explicitly consented by the user, facilitate direct contact with the sponsoring brand.

  • Types of Data Collected: Contact information (e.g., name, email, phone number) and/or psychographic data (e.g., interests, preferences, consumption habits), depending on the challenge’s requirements.
  • Purpose of Data Processing: Allow user participation in the sponsored challenge, granting points or rewards as outlined.
  • Provide sponsoring brands with necessary information to contact the user directly—only with explicit user consent—for products, services, promotions, or related updates.

Participation in challenges is voluntary. Users will be informed about data collection purposes before providing personal data. Explicit consent is required to share data with brands.

  • Security Measures: Filtroo and sponsoring brands apply technical and organizational measures to safeguard personal data, preventing unauthorized access, alteration, or misuse.

Data Use in Third-Party Landing Pages

Any data registered through a third-party landing page promoted by Filtroo may be used by the third party for commercial purposes. Please refer to the third party’s data management and privacy policies for further details on their use of your data.

More Information

  • Data Access Permissions: Based on Authentication, Authorization, and Accountability (AAA) principles.
  • Physical Media Access: Role-based control mechanisms.
  • Secure Disposal: Secure data disposal aligned with our policies.
  • Environment Segregation: Separate development, test, and production environments.
  • Retention Policy: Logs retained for at least 180 days for compliance.
  • PCI Compliance: Security measures ensure secure data management.

Scope and Application of Policies

All actions and procedures outlined in contracts and policies are the responsibility of Filtroo Estonia, solely authorized to implement and oversee these measures in compliance with laws and regulations. By engaging with our services, users agree that Filtroo Estonia is exclusively responsible for data management, support, and application of contractual terms.