Privacy Policy
Summary
- Pxl is dedicated to protecting personal data and ensuring user and visitor privacy on its website.
- Pxl complies with various privacy laws, including GDPR (Europe) and Privacy Act (USA).
- Personal data collected from users includes user account information, activity on the platform, and communication history. No personal data is collected from visitors.
- Some cookies are used only for providing essential functions, not for tracking or analyzing user behavior.
- Security measures include encryption, data minimization, and third-party safeguards.
- Users have rights to access, edit, erase, and restrict the processing of their personal data.
- Pxl does not use profiling or automated decision-making affecting users.
- Third-party service providers process data with stringent security measures.
- Users can contact Pxl’s Data Privacy Officer for any privacy-related inquiries.
- Pxl constantly works to further minimize data usage and will continue to update this privacy policy (last update: 18. July 2024).
1. Introduction
Pxl (“pxl.to”, “we” or “us”) treats personal data provided by our users with respect and integrity. We are committed to safeguarding the privacy of our website, as data protection is of a particularly high priority for the management of our company. In this privacy policy, we explain transparently what type of data we use, how we process it, and what rights our users have.
The processing of personal data shall always be in line with the:
- General Data Protection Regulation (GDPR), applicable in Europe;
- Australian Privacy Principles contained in the Privacy Act 1988,
- Privacy Act U.S.C. 552a (Privacy Act of USA),
- Privacy Acts in Latin America
Any other country-specific data protection regulations applicable.
Any individuals above the age of 18 are allowed to register and create an account for Pxl.
2. Definitions
Our data protection declaration should be clear and easy to understand for everyone, including our users and business partners. To help with this, we explain the terms we use:
- Personal data
Any information that can identify a person, like a name, IP address, email address, or any other online identifier. - Pxl users
Individuals who signed up for a Pxl account in order to create short links, QR codes, or Microsites. - Pxl visitor
Individuals who visit short links, scan QR codes, or interact with Microsites created by Pxl users. - Data subject
The person whose personal data is being processed. - Processing
Any action performed on personal data, such as collecting, storing, using, or deleting it. - Profiling
Automated processing of personal data to evaluate certain aspects about a person, like their job performance or interests.
- Controller
The person or organization that decides why and how personal data is processed. - Processor
The person or organization that processes personal data on behalf of the controller. - Recipient
The person or organization that receives personal data. Public authorities receiving data as part of a specific inquiry are not considered recipients. - Third party
Someone other than the data subject, controller, processor, and authorized persons who process personal data. - Consent
The data subject's clear agreement to the processing of their personal data, given freely, specifically, and with full knowledge.
3. Data Collection
Personal Data
Personal data or personally identifiable information (PII) refers to any sensitive data that can be used to trace back to individuals. Pxl is designed to minimize this data as much as possible.
From Pxl Users
- User account information (name, email address, encrypted password, payment information, etc.)
- User activity on the platforms (short link creation, QR code creation, etc.)
- Communication history (e.g., support requests)
- Referral activity (if participating in the Pxl Partner Program)
From Pxl Visitors
- None
We process personal data of data subjects for the purposes of providing our services, updates, and promotions, ensuring the security of our website and services, maintaining backups of our databases, and communicating.
Usage Data
We process usage data of our website in a privacy-friendly way by using aggregated, not personal, information. On a server level, we use logs to collect general data and information when a user or automated system accesses our website or API. This general data and information are stored in the server log files and analyzed by services that review these logs.
Collected data may include:
- The Internet Service Provider (ISP)
- The operating system used by the accessing system
- The website from which an accessing system reaches our website (so-called referrers)
- The sub-websites accessed
- The date and time of access to the website
- An Internet Protocol address (IP address)
- Any other similar data and information that may be used in the event of attacks on our information technology systems
When using this general data and information, Pxl does not draw any conclusions about the user. Instead, this information is needed to:
- Deliver the content of our website correctly
- Optimize the content of our website
- Ensure the long-term viability of our information technology systems and website technology
- Provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack
In addition to the specific purposes for which we may process personal data, we may also process any personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or to protect the vital interests of the user or another person. Please do not supply any other person's personal data to us unless we prompt you to do so or you have the person's explicit consent.
Publicly Available Information
Pxl may use publicly available personal information, such as profile pictures, on our website and in our promotional materials. These images may be used to represent the diversity and engagement of our user base. We will use such images without associating them with actual usernames or real names, except where explicit consent has been provided by the user.
4. Data Controller and Data Processor
In accordance with the regulations provided by the:
- Privacy Act U.S.C. 552a (Privacy Act of USA),
- Privacy Acts in Latin America
- The Privacy Act of 1988 of Australia
- The General Data Protection Regulation, aka GDPR for European Union
The data controller and data processor for Pxl is the provider of the website. We act as the controller for the personal data provided by our users when they create accounts on our website, and as the processor for the data they collect through the services we provide.
A data processor is also any third party that receives collected personal data from us. They are subject to a Data Processing Agreement, enforcing protection of the personal data they receive from us.
As controller and processor, we have taken many technical and organizational steps to protect personal data on this website. However, internet-based data transmissions can have security gaps, so absolute protection cannot be guaranteed yet we do our best to continuously improve our data privacy standards.
5. Cookies We Use
Cookies are small text files stored on a device when visiting a website. They are widely used to enhance user experience by, for example, remembering login details and preferences. However, cookies can also track user behavior for targeted advertising and analytics. Users can manage cookie preferences through browser settings or cookie consent popups, choosing to accept, decline, or delete cookies as needed.
Pxl only sets cookies that are required to deliver our services to Pxl users, but never to track or analyze behavior. We do not set cookies for Pxl visitors.
Likewise, there is no need for a cookie banner for visitors, as Pxl does not set any cookies. However, if users want to use retargeting pixels, we encourage showing a cookie consent banner to visitors to comply with data privacy laws.
| Pxl User Cookie | Purpose | Duration | Type |
|---|---|---|---|
px-auth | Recalling login status when returning to Pxl | 7 days | Optional |
px-welcome | Recalling onboarding status for first-time users | Duration of session | Required |
px-statuspx-notify | Recalling notification status within Pxl | 7 days | Required |
last_touch | Helping understand navigation to Pxl to prevent malicious attacks | 60 days | Required |
6. Your Data and Your Rights
We retain the personal information collected from our users for a period of 10 years following the end of their relationship with us, unless users actively request its deletion.
Our users have the right to:
- Access the personal data we hold about them
- Edit any inaccuracies in their personal data
- Erase their personal data under certain conditions
- Restrict the processing of their personal data under certain conditions
- Object to the processing of their personal data on grounds relating to their particular situation
- Export their personal data in a commonly used format (data portability)
- Complain to a supervisory authority if they believe their rights are being violated
- Withdraw their consent to the processing of their personal data
Requests to exercise these rights can be made by contacting us via privacy@pxl.to. Unless personal information is required to be retained by us for administrative or legal reasons, Pxl will meet such requests at the earliest possible opportunity. If detailed personal information is not immediately or easily accessible, we may charge an administrative fee for our costs in retrieving and supplying the information.
In some circumstances, users have the right to the erasure of their personal data without undue delay. These circumstances include situations where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, where users withdraw consent to consent-based processing, where users object to processing under certain rules of applicable data protection law, where the processing is for direct marketing purposes, and where the personal data have been unlawfully processed. However, there are exclusions to the right to erasure, including where processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, or for the establishment, exercise, or defense of legal claims.
Pxl is committed to maintaining transparent and fair processes regarding the use of personal data. We do not use profiling or automated decision-making methods, such as algorithms that process personally identifiable information (PII), in making decisions that have legal effects on users or similarly significantly affect them. All decisions that impact our users are made with human oversight, ensuring fairness and accountability.
To the extent that the legal basis for our processing of personal data is consent or that the processing is necessary for the performance of a contract to which users are party, or in order to take steps at their request prior to entering into a contract, and such processing is carried out by automated means, users have the right to receive their personal data from us in a structured, commonly used, and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
To the extent that the legal basis for our processing of personal information is consent, users have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
7. Data Security Practices
We are committed to ensuring the security and integrity of the personal data we collect and process. We understand the importance of protecting personal data from unauthorized access, alteration, disclosure, or destruction. Here are the key measures we have implemented:
Encryption: We use industry-standard encryption technologies when transferring and receiving consumer data exchanged with our site. This ensures that all data is securely encrypted as it travels between user devices and our servers, protecting it from interception or tampering. Furthermore, sensitive data such as passwords are stored hashed and salted in our database.
Data Minimization: We adhere strictly to the principle of data minimization, ensuring that we collect only the data that is necessary for the specified purposes. This not only reduces the amount of data that could potentially be compromised but also helps in maintaining data accuracy and relevance.
Third-Party Safeguards: We require all third-party service providers to adhere to comparable security measures, and we use contractual obligations to ensure they maintain the confidentiality and integrity of the data they process on our behalf.
Technical and Organizational Measures (TOM): We have implemented a set of technical and organizational measures to protect personal data. These include regular security checks, access controls, secure software development practices, and continuous monitoring of our IT infrastructure. Our employees receive training on data protection and security practices to ensure they are equipped to handle personal data securely.
These measures are designed to ensure a level of security appropriate to the risks associated with the processing of personal data. We continuously review and update our security practices to address new and emerging threats, ensuring that personal data is always protected to the highest standards.
8. Third-Party Data Processors
We use third-party service providers to provide our services to our users. The list below describes the third-party data processors we work with and who handle personal data, as well as their geographic locations. We try to minimize any kind of data we share with any third-party provider.
| Name | Purpose, Data Processed & Security Measures | Location |
|---|---|---|
| Amazon Web Services (AWS) | AWS hosts our servers and databases. This service is crucial as it enables the secure storage and retrieval of user data, directly impacting our ability to deliver our services as promised. Security Measures: Encryption of data in transit, strong technical and organizational measures, compliance with ISO/IEC 27001, SOC 1, SOC 2, and SOC 3 standards. | Europe (GB) |
| DigitalOcean | DigitalOcean manages our internal infrastructure. This service is crucial as it enables the secure exchange of internal information across our team, including user data. Security Measures: Encryption of data in transit, compliance with ISO/IEC 27001 standards. | Europe (GER) |
| Google Workspace | We also utilize Google Workspace for email communication and document storage. Google Workspace processes data such as email addresses and content, documents, spreadsheets, and presentations that occasionally contain personal data. Security Measures: Encryption of data in transit, compliance with ISO/IEC 27001, SOC 2, and SOC 3 standards. | Europe (IRE) | Google Captcha | To prevent suspicious activity, we utilize Google's Captcha to verify that users are human and not automated bots. This helps protect our website from fraud and abuse. Security Measures: Encryption of data in transit, compliance with industry security standards. | Europe (IRE) |
| Logflare | Logflare is used for logging and monitoring our web traffic. This is essential for maintaining the integrity and availability of our services, thereby fulfilling our commitment to providing a reliable and secure service environment. Data such as IP addresses are processed. Security Measures: Encryption of data in transit, compliance with industry security standards. | Europe (GB) |
| Notion | Notion is used for internal organization and documentation. Notion processes various types of data, including occasionally personal data, which are necessary for the operation of our services. Security Measures: Encryption of data in transit, compliance with industry security standards. | U.S.A. |
| Stripe | To collect payments via credit cards and other means, we use Stripe as payment processor. Pxl never stores any payment information about customers. Security Measures: Encryption of data in transit and at rest, compliance with PCI DSS standards. | Europe (IRE) |
| Tinybird | We use Tinybird to perform data analytics, including user data such as email addresses. This processing is necessary to generate insights that help us optimize our service delivery, ensuring that users receive the efficient and effective service they expect. Security Measures: Encryption of data in transit, compliance with industry security standards. | Europe (GER) |
| Trackdesk | Trackdesk is used for managing our affiliate marketing activities. It processes data including affiliate IDs and conversion data to ensure accurate commission payouts. Security Measures: Encryption of data in transit, compliance with industry security standards. | Europe (CZ) |
9. Legal Basis (EU)
For EU law, we refer to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. You can read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at this link.
We only process personal data if at least one of the following conditions applies:
- Consent (Article 6(1)(a) GDPR): Our users have given us their consent to process their data for a specific purpose, such as the storage of information entered in a contact form.
- Contract (Article 6(1)(b) GDPR): We process personal data to fulfill a contract or pre-contractual obligations with our users. For example, we need personal information to conclude a purchase contract.
- Legal Obligation (Article 6(1)(c) GDPR): We process personal data to comply with legal obligations, such as retaining invoices for accounting purposes, which usually contain personal data.
- Legitimate Interests (Article 6(1)(f) GDPR): We process personal data based on our legitimate interests, provided they do not override fundamental rights. For example, processing certain data to operate our website securely and efficiently is a legitimate interest.
In addition to the EU regulation, national laws also apply:
- In Austria, the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
- In Germany, the Federal Data Protection Act, or BDSG for short.
If other regional or national laws apply, we will inform our users about them in the relevant sections of this policy.
10. Amendments
We may update this policy from time to time by publishing a new version on our website. Users should check this page occasionally to ensure they are happy with any changes to this policy. We may notify users of significant changes to this policy by email or through the private messaging system within our service system.
11. Contact Us
Data Privacy Officer
Please get in touch with our certified data privacy officer for any questions related to privacy, data protection, and for any inquiries about personal data.
Bernhard Hauser