Last updated: 01.09.2023.
Welcome to Fortunable!
“Device” means any computer, mobile phone or other device that you use to access Fortunable’s Website and Services.
“Personal Information” means any information about an individual from which can be used to identify that person, such as your name, email address, home address, phone number, device information, geolocation, profile activities, etc. Personal Information does not include data where the identity of the individual has been removed (i.e., anonymous data).
PERSONAL INFORMATION WE COLLECT
Fortunable may collect, use, and store Personal Information as follows:
- Identity data includes Personal Information that could identify you, such as your full name, date of birth, gender, occupation, pets, income, and email address when you sign up for a User Account (as defined under Section 4.1 of Fortunable’s Terms of Service) on the Website;
- Contact data which includes data such as zip/postal code and email address, and any other data you provide us when registered for a User Account on the Website;
- Financial data includes your PayPal or Paysera account details, and the amount of Compensation (as defined under Section 8.1 of Fortunable’s Terms of Service) you have earned completing Surveys;
- Profile data includes your username and password, your interests, preferences, and feedback;
- Marketing data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
PERSONAL INFORMATION WE COLLECT AUTOMATICALLY
There are certain types of information that is collected automatically by technology, and which do not reveal identifiable information that may identify you, but may include the following information:
- Device data (includes device type, device identifiers, device characteristics, etc.)
- Usage data (includes your interactions, activities, and choices you make when accessing and using the Website and Services); and
- Technical data (includes your Internet protocol address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, Survey start and completion dates, and other technology on the Devices you use to access the Website and Services.
The information that Fortunable collects using technological means is solely for the purposes of improving our Website, internal analytics, and for reporting purposes.
HOW YOUR PERSONAL INFORMATION IS COLLECTED
Fortunable uses various methods to collect Personal Information from and about you including through:
- Direct interactions. You may provide us with your identity and contact data by completing our registration process and by corresponding with us via email. This includes Personal Information you provide when you:
- create a User Account on our Website;
- use the Services;
- request marketing to be sent to you;
- participate in a Survey; or
- provide us with feedback or contact us.
- Automated technologies or interactions. As you interact with our Website, we will automatically collect technical data about your browsing actions and patterns. We collect this Personal Information by using cookies, server logs and other similar technologies. This information is collected automatically and is used only to identify potential cases of abuse, resolve technical issues, optimizing the performance of the Website for a better user experience, and establish statistical information regarding your use of the Website. This statistical information is not otherwise aggregated in such a way that would identify any particular user of the system.
- Metadata. When you use our Website age we may collect metadata that results from such usage including: browser type and version, operating system and interface, website from which you are visiting us (referrer URL), date and time of accessing our Website, and internet protocol address and location. The metadata will be primarily used to improve the quality of the Website Fortunable provides to you by analysing your usage behaviour in anonymised form and to prevent fraud, misuse of our information technology (IT) systems, as well as to ensure physical and network security. We may also use metadata for other purposes, including online advertising.
- Third parties or publicly available sources. We may receive both non-personal and Personal Information about you from various third parties and public sources as set out below:
- analytics providers include but is not limited to Google Analytics;
- contact and transaction data from providers of technical, platform and payment services such as Cint AB; and
- our Third Party Providers will provide us with information on your Survey results, dates you participated in Surveys and the Compensation you earned from completing the Surveys.
In general, the Personal Information you provide to Fortunable is used to help us communicate with you. For example, Fortunable uses your Personal Information to (i) make contact with you, and/or (iii) provide you with technical support.
Sensitive information is a subcategory of Personal Information that includes (without limitation) information about your racial or ethnic origin, political views, religious beliefs, sexual orientation, and biometric data. Fortunable does not engage in the processing of your genetic data or biometric data for the purposes of uniquely identifying you as a natural person, or process data concerning your health or sex life or sexual orientation.
PERSONAL INFORMATION FROM MINORS
Fortunable does not knowingly collect Personal Information from children under the age of eighteen (18) years. We therefore encourage you to obtain the assistance and consent of a parent/legal guardian when accessing our Website. A parent/legal guardian who becomes aware that his or her child has provided us with Personal Information without their consent, should contact us at email@example.com.
HOW WE USE YOUR PERSONAL INFORMATION
Fortunable may collect, use, store, and disclose your Personal Information for various purposes, such as:
- customizing, personalizing, and improving your experience on the Website;
- marketing and advertising purposes;
- sending promotional information about other services that might be of interest to you;
- analytics and market research purposes that help us to improve the Website;
- complying with legal requirements and regulations;
- resolving any disputes that may arise;
- enabling participation in online Surveys;
- to better target specific Surveys and other market research programs to you;
- contacting you to invite you to participate in Surveys or other market research programs;
- contacting you to update your Personal Information;
- managing incentive programs and fulfilling your requests for such incentives;
- allowing you to participate in sweepstakes (if legally permitted in your jurisdiction);
- responding to any messages or requests you may send;
- validating your Personal Information or your answers to a Survey or other market research program;
- monitoring abuse, fix bugs and troubleshoot any technical issues you may experience;
- detecting and preventing any violations to Fortunable’s Terms of Service;
- investigating suspected fraudulent activity ((including, for example, performing identify checks or verifying malicious IPs) or violation of a third party’s rights;
- responding to duly authorized information requests by governmental authorities or where required by law; and
- any other purposes for which you have authorized.
Fortunable will always ensure that we have obtained your consent to process your Personal Information. However, in limited cases, Fortunable may use a statutory condition to process your Personal Information. If a statutory condition applies and allows Fortunable to process your Personal Information and you subsequently withdraw your consent for processing your Personal Information, you acknowledge that this will not necessarily mean that Fortunable will cease to process your Personal Information as it may be under a statutory duty to continue to process your Personal Information for a specific purpose.
PLEASE NOTE: You may receive email communications from Fortunable and/or our Third Party Providers when you participate in the Surveys or other market research programs, available on our Website. However, you can opt out from receiving these email communications, at any time, by deleting your User Account from your User Account’s settings dashboard or contacting us at firstname.lastname@example.org.
SHARING PERSONAL INFORMATION
Personal Information may be shared, from time to time, with our authorized third-party service providers, such as Fortunable’s Third Party Providers, vendors, consultants, agents, affiliates, business partners, and other third parties.
Personal Information may be shared with our authorized third-party service providers who are providing us with certain services, including without limitation: data analysis, hosting services, promotional purposes, customer services, and email campaigns. We also engage with third-party service providers to:
- send Surveys via email to you, we use Active Campaign, Sendgird, and SES;
- facilitate payment via Paypal and Paysera;
- detect fraud (including, for example, performing identify checks or verifying malicious IPs) we use Cloudflare; and
- help us track website conversion success metrics we use Active Campaign.
YOUR RIGHTS UNDER THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION
For the purposes of complying with the General Data Protection Regulation 2016/679 (“GDPR”), you have certain rights as provided under GDPR and applicable data protection laws in relation to your Personal Information. You have the right to:
- Request access to your Personal Information (commonly known as a ‘data subject access request’). This enables you to receive a copy of the Personal Information we hold about you and to check that we are lawfully processing it.
- Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel the processing of your Personal Information will impact on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your Personal Information. This enables you to ask us to suspend the processing of your Personal Information in the following scenarios: if you want us to establish the data’s accuracy; where our use of the data is unlawful, but you do not want us to erase the data; where you need us to hold the data even if we no longer require the data as you need the data to establish, exercise or defend legal claims; or you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use your Personal Information.
- Request the transfer of your Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
If you are a resident in the European Economic Area (EEA) or UK and you believe your Personal Information is being unlawfully processed, you have the right to complain to your local data protection supervisory authority. You can find their contact details here.
If you are a resident in Switzerland, the contact details of the data protection authorities are available here.
You may exercise any of your rights in relation to your Personal Information by written notice to Fortunable, using the contact details set out below. Should you have any cause for complaint about our use of your Personal Information, please contact Fortunable using the details provided below and we will endeavor to solve the problem for you.
YOUR RIGHTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT
To the extent that the California Consumer Privacy Act (“CCPA”) is applicable to either Fortunable or you: both parties agree to comply with all of its obligations under the CCPA; and in relation to any communication of ‘Personal Information’ as defined by the CCPA, the parties agree that no monetary or other valuable consideration is being provided for such Personal Information and therefore neither party is ‘selling’ (as defined by the CCPA) Personal Information to the other party.
The principal rights you have under the CCPA include but are not limited to:
- Right to know. You have the right to request that we provide you with details of the Personal Information (pertaining to you specifically) that we collect, use, disclose and sell. To submit a request, please submit an email request to email@example.com and include ‘CCPA Right to Know’ in the subject line. In your email, please specify the details you would like to know, and the Personal Information you would like to access. You will be asked to provide sufficient information to verify your identity. The information that we ask you to provide to verify your identity will depend on your prior interactions with us and the sensitivity of the Personal Information at issue. We will respond to your request in accordance with the CCPA. In the event we deny your request, we will provide you with an explanation.
- Right to delete. You may request the deletion of Personal Information that we collect or hold about you. To submit a request to delete Personal Information, email your request to firstname.lastname@example.org and include ‘CCPA Request to Delete’ in the subject line. Please make sure you specify in your request what Personal Information you would like us to have deleted.
- Right to non-discrimination. You have the right not to be denied access to the Landing Page just because you exercised your rights under the CCPA. However, should such Personal Information be necessary for us to provide you with access to the Landing Page or other services, we may not be able to complete the provision of the services/transaction.
- Right to opt out. You may request us to stop collecting your Personal Information (‘opt-out’ by sending us an email to email@example.com. However, please note that we must wait at least twelve (12) months before asking you to opt back into the collection of your Personal Information unless you provide us with prior authorization.
Both parties agree to notify the other immediately if they receive any complaint, notice, or communication that directly or indirectly relates to either party’s compliance with the CCPA. Specifically, Fortunable shall notify you within ten (10) business days if we receive a verifiable consumer request under the CCPA.
“DO NOT TRACK” POLICY AS REQUIRED BY CALIFORNIA ONLINE PRIVACY PROTECTION ACT (CALOPPA)
Do-Not-Track (DNT) is a web browser setting that, when turned on, allows you to not have your actions monitored online and stops all tracking activities. The DNT feature was first introduced in 2010 by the US Federal Trade Commission. By the end of 2011, it was adopted by most web browsers.
Fortunable does not track its users over time and access third-party websites to provide targeted advertising, and therefore Fortunable does not respond to DNT signals. Third parties cannot collect any other personally identifiable information from Fortunable’s Website unless you provide it to them directly.
YOUR RIGHTS UNDER THE AUSTRALIAN PRIVACY ACT 1988
Fortunable has adopted the Australian Privacy Principles as incorporated in the Privacy Act 1988 (“Australian Privacy Act”). As such, the Australian Privacy Act will govern the manner in which we collect, use, disclose, store, secure and dispose of your Personal Information.
If you believe that your privacy rights have been breached under the Australian Privacy Act, you may make a complaint to the Office of the Australian Information Commissioner (“OAIC”). The OAIC can be contacted at either www.oaic.gov.au or by calling 1300 363 992.
TRANSFERS OF PERSONAL INFORMATION OUTSIDE OF AUSTRALIA
You expressly agree to Fortunable disclosing Personal Information to recipients/third parties located outside of Australia for the following purposes:
- to Fortunable’s related body corporates, partnerships and joint venture entities; and
- to our data hosting and Cloud-based information technology (IT) service providers.
Fortunable shall endeavour to take reasonable steps to ensure that the third party service providers/entities based outside of Australia, do not breach the privacy obligations relating to your Personal Information. As such, Fortunable will take appropriate steps to ensure that: (i) Fortunable will comply with our obligations as provided under the Australian Privacy Act or any other applicable data protection legislation, in respect of the transfer of your Personal Information while such Personal Information remains in Fortunable’s possession or under our control; and (ii) the recipient/third party of the Personal Information outside of Australia is bound by legally enforceable obligations to provide a standard of protection that is at least comparable to that provided under the Australian Privacy Act or any other applicable data protection legislation.
YOUR RIGHTS UNDER THE BRAZILIAN GENERAL DATA PROTECTION LAW 2020
The General Data Protection Law (“LGPD” – in Portuguese) in Brazil regulates the use and processing of all Personal Information belonging to Brazilian residents. Under Article 18 of the LGPD you have the right to:
- confirm about the processing of your Personal Information;
- access to your Personal Information on request;
- request the correction of you Personal Information that is inaccurate, incomplete, or out-of-date;
- request the anonymization, erasure, or blocking or your Personal Information if it is unnecessary, excessive, or has been processed in violation of the law;
- request the deletion of your Personal Information;
- request the transfer of your Personal Information to another organization;
- be kept informed about the third parties your Personal Information is shared with;
- refuse consent and be informed of the consequences; and
revoke or withdraw consent to the processing of your Personal Information.
As such, Fortunable:
- Fortunable will not collect, use or store any information or data about you without first obtaining your express authorization in accordance with the LGPD.
- Any use by Fortunable of your Personal Information will comply with the LGPD.
- Fortunable will obtain your express authorization to collect, use or share your Personal Information with third parties on your behalf.
- Fortunable will obtain your consent when using cookies, so as to avail you of the option to opt-out or remove the cookies to the extent required by the LGPD.
- Fortunable will take additional measures, where necessary, to comply with any provisions of the LGPD, which limits the transmission of unsolicited commercial emails.
TRANSFERS OF PERSONAL INFORMATION INTERNATIONALLY
You expressly agree that Fortunable may transfer your Personal Information to servers located outside your country. As such, Fortunable will take appropriate steps to ensure that: (i) we will comply with our obligations as provided under the GDPR, CCPA or any other applicable data protection legislation, in respect of the transfer of your Personal Information while such Personal Information remains in Fortunable’s possession or under our control; and (ii) the recipient/third party of the Personal Information is bound by legally enforceable obligations to provide a standard of protection that is at least comparable to that provided under the GDPR, CCPA or any other applicable data protection legislation.
HOW PERSONAL INFORMATION IS SECURED
Fortunable will take all reasonable steps to keep your Personal Information protected. We have put in place appropriate administrative, technical and physical security measures that include:
- Physical security – Fortunable’s information systems and technical infrastructure are hosted within world-class, SOC 2 accredited data centers. Physical security controls at these data centers include 24×7 monitoring, cameras, visitor logs, entry limitations, and all that you would expect at a high-security data processing facility.
- Access control – Access to Fortunable’s technology resources is only permitted through secure connectivity (e.g., VPN, SSH, HTTPS). Our production password policy requires complexity, expiration, and lockout and disallows reuse. Fortunable grants access on a need-to-know basis on the basis of least privilege rules, reviews permissions quarterly, and revokes access immediately after employee termination.
- Development – Our development team employs secure coding techniques and best practices, focused around the OWASP Top Ten. Developers are formally trained in secure web application development practices upon hire and annually. Development, testing, and production environments are separated. All changes are peer reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.
- Encryption – Fortunable encrypts all data at rest in our data centers using AES 256-based encryption.
- Logging and monitoring – Application and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorized Fortunable personnel. Logs are preserved in accordance with regulatory requirements. We will provide customers with reasonable assistance and access to logs in the event of a security incident impacting their account.
You acknowledge that no data transmission over the Internet or wireless network can be guaranteed. Therefore, while Fortunable strives to protect your Personal Information, you acknowledge that (i) there are security and privacy limitations of the Internet that are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and another registered user on the Website and/or the Services cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third-party, despite Fortunable’s best efforts.
RETENTION OF DATA
Fortunable will only store/retain your Personal Information no longer than it is necessary to fulfil the purposes for which we collected your Personal Information, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements; and providing that your User account remains active (i.e. in the event of inactivity your User Account will be deleted in accordance with Section 4.7 of Fortunable’s Terms of Service).
We may retain your Personal Information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. When your Personal Information is no longer needed for the purpose for which such Personal Information was collected, we will take reasonable steps to destroy, delete or permanently de-identify your Personal Information.
ANALYTICAL DATA FROM THIRD PARTIES
Fortunable may collect or receive information that third-party service providers may provide about you when using the Website. Fortunable may also obtain information from such third-party service providers and combine that with information Fortunable collects through your use of the Website. The following information is collected and/or obtained from third parties:
- Google Analytics – We use this analytical tool to help us analyze (a) how users use the Website, by noting when you use the Website, and (b) usage data. The information collected will be disclosed to or collected directly by the applicable analytical tool Fortunable is using. Such information is collected as a means to provide, improve, and develop the Website, so as to create a safer and trusted environment when you use the Website. The data collected from Google Analytics is aggregated and anonymous, and does not therefore include identifiable information
GOOGLE ADSENSE AND DOUBLECLICK COOKIE
Fortunable’s Website runs ads from Google Adsense. In order to ensure that users are seeing ads that are relevant to their search intent and activity on the Internet, Google places cookies owned by Doubleclick. This way, Google can identify users, and run ads that are user-specific to improve digital advertising. Users may remove Doubleclick cookies by changing the settings of their browser. If you want to learn more about digital advertising and how you can keep your Personal Information from being processed this way, please visit www.aboutads.info/choices.
You can stop all collection of Personal Information by Fortunable by not accessing the Website, or by requesting to opt-out via email at firstname.lastname@example.org.