At Rybbon, we build and maintain the trust of customers with a deep dedication to protecting customer data through our stringent Data Processing Agreement (DPA) that supports major legislative standards.
Currently, there are two primary pieces of legislation that protect personal data: (1) The European’s Union’s General Data Protection Regulations (GDPR) and (2) the California Consumer Protection Act (CCPA). GDPR is the European Union’s legal standards for any company that collects, holds, or uses personal data. CCPA refers to new California legislation that is used as the current best-practice guideline for personal data protection in the United States. Under GDPR, Rybbon is considered a data processor, and under CCPA, we are considered a service provider. What this means is in order to provide our services to you, our customer, we collect and process limited amounts of personal data on your behalf.
Rybbon has always been committed to protecting customer data by offering the highest levels of protection worldwide. Rybbon’s DPA supports compliance with legislative requirements imposed by GDPR and CCPA through several key provisions outlined below.
Minimal Personal Information Is Needed
An email address is the only personal information Rybbon needs for reward delivery. Unlike birthdates, social security numbers or health information, email addresses are not considered sensitive personal information.
If for some reason, your reward recipients are hesitant or unlikely to share their email, Rybbon has a solution for your rewards program. If you don’t want to process recipient emails, we have an option called Gift Links which lets you distribute rewards yourself through secure links. With Gift Links, Rybbon does not collect any personal data at all. Zero personal data collection means zero risk and compliance required for personal data.
Use of Customer Data is Limited to What Is Necessary
Rybbon’s DPA clearly defines and limits the customer data we collect and how we use it. We use customer data only to:
- Perform and provide our service to you, our customer.
- Provide administrative and customer support to customers and reward recipients.
- Protect the security of Rybbon systems.
- Detect use of the service that is fraudulent or not compliant with our terms of service.
- Meet all legal and regulatory obligations applicable to Rybbon
- Improve and enhance the service we provide.
Customer Data Is Kept Confidential
Your data belongs to you. Rybbon never sells or markets customer data to third parties. And we ensure that only authorized persons under a statutory obligation of confidentiality access customer data as part of providing our service.
Customer Data Is Secured
Rybbon maintains strong technical and organizational security measures to prevent unauthorized access to customer data. Examples of measures we have in place include firewalls, data encryption, two-factor authentication, and internal security training.
Deletion Rights Are Supported
Customers may request the deletion of customer data, and Rybbon will delete customer data in a timely manner. If for technical or policy reasons, we are unable to delete customer data, Rybbon will ensure the customer data is blocked from any further processing.
At Rybbon, we are proud of our long-standing commitment to protecting all customer data through our rigorous policies and security practices. Our Data Processing Agreement (DPA) supports compliance under GDPR and CCPA. Your trust is important to us, and one way we earn it is with our diligent attention to protecting your data so that we can deliver your rewards safely and securely anywhere in the world.