This policy was last updated on Oct 06, 2022.
What Information Is Collected?
We collect two basic types of information from you in conjunction with your use of the Sites: non-personally identifiable information and personally identifiable information. Non-personally identifiable information does not individually identify you, but it may include tracking and usage information about your general location, demographics, and use of the Sites and the Internet. Personally, identifiable information is any information that can individually identify you and includes your name, address, phone number, and email address, or non-personally identifiable information that has been linked to such personally identifiable information.
Personally Identifiable Information
As a general matter, you may browse the Sites without submitting your personally identifiable information to us. However, there are many circumstances in which you may provide us with your personally identifiable information, including when you subscribe to our Articles and other content; register for any site or any part thereof; Complete a survey or participate in market research; enter a contest; upload content; Or when you want employment in Espere.
Non-Personally Identifiable Information
When you interact with the Sites, we may collect certain information that does not identify you individually (“non-personally identifiable information” or “non-PII”), such as demographic data; information about your computer, mobile device, or another device that you use to access the Sites, including IP address, general location information, unique device identifiers, browser type, browser language, and other transactional information.
We may also collect information about your use of the Sites, including your search terms and search results, and additional “traffic data” such as time of access, date of access, software crash reports, session identification number, access times, and referring website addresses. Our servers may automatically keep an activity log of your use of our Sites. In addition to non-identifiable individual information, we may collect aggregate data regarding the use of the Sites.
Collection of Personally Identifiable Information From or Through Social Media Sites
In addition, when you interact with any Espere property page or account on a social media platform, such as Facebook, Twitter, Instagram or LinkedIn, we may collect the personally identifiable information that you make available to us on that page or account including your social media account ID. However, we will comply with the privacy policies of the corresponding social media platform and we will only collect and store such personally identifiable information that we are permitted to collect by those social media platforms. If you choose to link or login to your Espere account with or through a social networking service, Espere and that service may share certain information about you and your activities. With your consent, we also may share information about your activities, including what you view on the Sites, with that social network’s users.
Collection of Your Source IP Address/Location Information
We collect and store your device’s source IP address which may disclose the general location of your device at the time you access the Sites. Advertisements and certain content may be directed to you as a result of this data.
Information From Other Sources: We may supplement the information we collect with information from third parties or collect offline and add it to your account information. This information may include but is not limited to, demographic information, additional contact information, group affiliations, occupational information, and educational background.
How Do We Use Your Information?
We use the information we learn from you to help us personalize and continually improve your experience on the Sites, including:
- Provide you with the content, products and services you request
- Post your user-generated content to our Sites as you request
- Communicate with you about your account or transactions with us and send you information about features and enhancements on or to our Sites
- Communicate with you about changes to our policies
- Communicate with you about your comment on a story or topic
- Personalize content and experiences on our Sites, including providing you recommendations based on your preferences
- Send you newsletters, offers and promotions for our products and services, third-party products and services, or special events by e-mail, text, or other another medium
- Provide you with advertising including advertising based on your activity on our Sites or activity on third-party sites and applications
- Administer our loyalty programs
- Administer contests, giveaways, promotions, and polls
- Optimize or improve our products, services and operations
- Detect, investigate, and prevent activities that may violate our policies or be illegal
- Perform statistical, demographic, and marketing analyses of users of the Sites and their purchasing patterns
We may use the information from one portion of the Sites on other portions of Sites in our network of Sites, all of which are owned and operated by Espere, and we may combine information gathered from multiple portions of the Sites into a single user record. We also may use or combine information that we collect offline or we collect or receive from third-party sources for many reasons, including to enhance, expand, and check the accuracy of our records. Additionally, data collected from a particular browser or device may be used with another computer or device that is linked to the browser or device on which such data was collected.
Who Can See Your Information?
We have third-party agents, subsidiaries, affiliates and partners that perform functions on our behalf, including, but not limited to, hosting, content syndication, content management tools, social media integration, marketing, analytics, billing and customer service. These entities may have access to personally identifiable information if needed to perform their functions. If such access is required, the third parties will be obligated to maintain the confidentiality and security of that personally identifiable information. They are restricted from using, selling, distributing or altering this data in any way other than to provide the requested services to the Sites. Below is a list of Third-party scripts or SDKs that may be used on Espere:
Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Application, prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Personal Data collected: Cookies and Usage Data.
Facebook Like button and social widgets (Facebook, Inc.)
The Facebook Like button and social widgets are services allowing interaction with the Facebook social network provided by Facebook, Inc.
Personal Data collected: Cookies and Usage Data.
Twitter Tweet button and social widgets (Twitter, Inc.)
The Twitter Tweet button and social widgets are services allowing interaction with the Twitter social network provided by Twitter, Inc.
Personal Data collected: Cookies and Usage Data.
YouTube video widget (Google Inc.)
YouTube is a video content visualization service provided by Google Inc. that allows this Application to incorporate content of this kind on its pages.
Personal Data collected: Cookies and Usage Data.
Google Analytics for Firebase (Google Inc.)
Google Analytics for Firebase or Firebase Analytics is an analytics service provided by Google Inc. In order to understand Google’s use of Data, consult Google’s partner policy.
This Application uses identifiers for mobile devices (including Android Advertising ID or Advertising Identifier for iOS, respectively) and technologies similar to cookies to run the Firebase Analytics service.
Personal Data collected: Cookies, unique device identifiers for advertising (Google Advertiser ID or IDFA, for example) and Usage Data.
Business Partners and Other Third Parties
Through our Digital Properties, you are able to exercise choice with respect to certain data practices of companies participating in the choice tools we provide. When you exercise your choice, we may share some information collected from you, your computer, or your mobile device with these companies so that they may honour your requests concerning their data collection practices. Additionally, we may share information with service providers who may assist us in responding to your inquiries or requests, or otherwise perform some business or operational function for us. We may also disclose personal information about you if required to do so by law, including without limitation, by search warrant, subpoena or court order; to protect our and third-party rights, and for purposes disclosed at the time of collection.
Links to Third-Party Sites
Law Enforcement, Legal processes, and Emergency Situations
In some cases, we may use or disclose your personally identifiable information to a third party if we are required to do so by law or if we in good faith belief that such action is necessary to comply with the law or legal process; to protect and defend our rights or to prevent misuse of our Sites; or to protect the personal safety of our employees, agents, partners, the users of the Sites, or the public.
Use of Non-Personally Identifiable Information
We may disclose or share individual, non-personally identifiable information and aggregate information in any manner other than that described herein that we deem appropriate or necessary. Among other things, we will disclose non-personally identifiable information to third parties to help us determine how people use parts of the Sites and who our users are so we can improve our Sites. We will also disclose non-personally identifiable information to our partners and other third parties about how our users collectively use the Sites.
Common ID Cookie
Advertising Privacy Settings
FOR EU USERS ONLY: When you use our site, pre-selected companies may access and use certain information on your device and about your interests to serve ads or personalized content. You may revisit or change consent choices at any time.
Most web browsers automatically accept cookies, but, if you prefer, you can usually modify your browser setting to disable or reject cookies. If you delete your cookies or if you set your web browser to decline cookies, some features of the Sites may not work or may not work as designed.
The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website. The Websites do not use Google Analytics to gather the information that personally identifies you.
The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies.
These online advertising partners do not have access to or use your name, address, e-mail address, telephone number or other personally identifiable information from us, without your consent. They may, however, use persistent identifiers to anonymously track your Internet usage across other websites in their networks beyond these Sites. While we restrict their further use of such information, such third parties may, with sufficient data from other sources, be able to personally identify you, unknown to us.
Third-party ad-serving companies and other unaffiliated advertisers also display advertisements on our site. As part of their service, they may place a separate cookie on your computer or utilize other data collection and tracking technologies, to collect information such as your IP address, browser type, the server your computer is logged onto, the area code and zip code associated with your server, and whether you responded to a particular advertisement. We do not control these third parties tracking technologies, how they may be used, or the information they may collect and we are not responsible for the privacy policies or the content of those third parties. Please visit the sites of those businesses at the links above to review their privacy policies. We may add or change the list of third-party ad servers from time to time and we encourage you to check this section for changes. You can learn more about online advertising at www.youradchoices.com/control.
Similarly, you can learn about your options to opt out of mobile app tracking by certain advertising networks through your device settings. For more information about how to change these settings for Apple, Android or Windows devices, see:
Please note that opting out of advertising networks services does not mean that you will not receive advertising while using our Websites or on other websites, nor will it prevent the receipt of interest-based advertising from third parties that do not participate in these programs. It will, however, exclude you from interest-based advertising conducted through participating networks, as provided by their policies and choice mechanisms.
What Are Your Choices?
Collection of personally identifiable information
All personally identifiable information is provided on a voluntary basis. If you do not want Android Authority to collect such information, you should not submit it to the Sites. However, doing so will restrict your ability to access some content and use some of the functionality of the sites.
Emails and Newsletters
You may always opt-out of receiving future e-mail marketing messages and newsletters from Android Authority by following the instructions contained within the emails and newsletters, or by emailing, calling or writing us at the addresses below.
GDPR Compliance for Asian Territories
Over recent years, Asian regulators have put rigorous effort into ramping up their data protection regimes. Several Asian countries such as India, China, South Korea, Vietnam, Malaysia, Thailand and Indonesia have introduced or enhanced their existing cybersecurity or data protection laws. Recently, China gave a final read to its Personal Information Protection Law (“PIPL”) and enacted it as its first comprehensive law on data protection in 2021. India, Indonesia and Vietnam are most likely to follow suit in the short term.
The EU’s General Data Protection Regulation (“GDPR”) in 2018 and other similar regulations elsewhere in the world has increased the awareness of the rights of individuals in protecting their privacy and data protection in general. As opposed to the EU, the Asia-Pacific landscape entails numerous legal systems of diverse characters and historical backgrounds, making it close to impossible to generalise how the data protection laws operate in this region. Corporations in these jurisdictions must bear with the intricacies that each prescribes while developing a privacy compliance programme.
Most of the data protection regimes in Asia are analogous to each other at their core as they are aligned to the globally recognised principles of data privacy; however, a few tweaks have been made to customise them to the specific regional requirements of these States. These countries have drawn inspiration from the EU’s GDPR, but some, on the other hand, have extended the reach of their regional laws beyond that of their European counterparts.
This article is a high-level overview of the commonalities and differences present in the privacy regimes in the Asia-Pacific region.
Regional comparison of Asian Data Protection regimes – Commonalities and Differences
To date, twenty jurisdictions in this region have comprehensive privacy regulations in place. China, Thailand and Uzbekistan are the newest members to join the party. Laws in Japan, Kazakhstan, South Korea, New Zealand and Singapore have been recently amended. They have been included in this overview to get an up-to-date understanding of the difference in privacy regulations in this region.
- Scope – Extraterritorial application: The GDPR applies to organisations “established” in the EU that personnel process data, regardless of whether the processing occurs in the EU. Concerning the extraterritorial scope, it applies to the processing activities of data controllers and data processors that do not have any presence in the EU, where processing activities are related to the offering of goods or services to individuals in the EU or the monitoring of the behaviour of individuals in the EU.
Most of the countries in the Asia-Pacific region have laws that prescribe the processing of data within the jurisdictional boundaries of the country. However, seven countries provide extraterritorial provisions that are similar or sometimes exceed the scope of the extraterritorial requirements of the GDPR. Australia, Japan, China, Indonesia, the Philippines, New Zealand and Thailand.
- Cross-border transfer of data: A majority (sixteen) of the countries in the Asia-Pacific region impose restrictions on cross-border transfers of personal data. However, the laws of Hong Kong, Indonesia, Taiwan and Nepal allow the cross-border transfer of personal data without any restrictions. The legal bases for such transfers vary significantly depending upon the adequacy, consent from data subjects/data regulation authority (or any other legal requirements), treaty obligations or even binding corporate rules or agreements. Thus, although these countries allow the cross-border transfer of data with restrictions, the similarities are said to end there as the conditions attached to determine whether countries can transfer the data or not. No country in the Asia-Pacific region has laid out a list of jurisdictions that provides adequate protection to safeguard the data transferred or any model contractual clauses as seen in the EU. For example, Japan, New Zealand and recently South Korea have been approved to provide adequate protection by the EU. Taiwan is currently working its way to obtain a proper decision as well.
Breach Notification: Mandatory breach notification laws are spreading quickly as they are currently perceived as “best practice” and “politically popular” in the prevailing geopolitical scenario. In the event of a data breach, half (ten) of the countries listed in this region require some form of mandatory notification to be made to the relevant authorities and the affected individuals. Some laws only require entities to notify the affected individuals and the data protection authority “promptly” or “without any delay”. Some jurisdictions have specified the period as seventy-two hours, such as in the case of the Philippines, Singapore and Thailand, five days in the case of South Korea and fourteen days in the case of Indonesia. Singapore also requires entities to submit a report within fourteen days of the initial notification detailing the causes of the incident, its impact and remedial measures taken by the organisation to tackle the data breach incident.
- Legal basis for the processing of data: The GDPR provides seven major fundamentals for processing data: consent, the performance of a contract, legitimate interest, vital interest, legal requirement, and public interest. Most of the countries in the Asia-Pacific region (thirteen) do not allow data processing based on legitimate interests. The range of legal basis for the processing of data varies widely from one jurisdiction to another. For instance, the consent of the data subject is considered the most common legal basis for processing in these States.
Rights of data subjects: The right to provide access to and correct the personal data stored is provided in all jurisdictions. Erasure rights are available in eleven countries, whereas only four countries- China, the Philippines, Singapore and Thailand- provide data portability rights. The time frame within which an entity must respond to a data subject’s rights varies in this region. Under the GDPR, one month is provided for an organisation to respond to a request made. Here, four countries provide requests to be attended to within 30 days, three within 15-21 days, two within 10 days, and five within 1-7 days. The others do not prescribe a specific period
- Appointment of Data Protection Officer (DPO): Data protection officers are independent experts in data protection who are responsible for monitoring and advising on an organisation’s data protection compliance programme, monitoring and assessing DPIAs and acting as a point of contact for data subjects and relevant supervisory authorities. China, Japan, Kazakhstan, Korea, New Zealand, Philippines, Singapore and Thailand are the eight countries that mandate the appointment of a DPO in this region.
Data Localisation Requirements: Currently, only three jurisdictions mandate data localisation in this region. However, the pressure to uniformly implement the same continues to grow significantly after China adopts the PIPL. Now, organisations in China that have high process volumes of personal data and operators of “critical infrastructure” are required to store such information within the borders of China. When such information is critically needed to be transferred to a third-party operator abroad, such an organisation must clear the security assessment conducted by the CAC except in those cases where they are exempted by law from taking such an assessment. Kazakhstan’s privacy regulation mandates entities to store their data locally. In Uzbekistan, the owners or operators processing their citizens’ data must use technical means located in Uzbekistan itself. Additionally, such technical standards must also be registered in the State Register of Personal Data Databases, even if the processing occurs through information technologies or the internet.
- Registration: Under Article 30 of the GDPR, all companies are now required to maintain an internal electronic registry of all the information of the personal data processing activities carried out to provide for the principle of accountability. The trend prevalent around the world is to minimise registration requirements. However, Kyrgyzstan, Macao, Malaysia, the Philippines, Uzbekistan, and Tajikistan are the six countries requiring organisations to register their processing activities with a data protection authority.
Data Protection Impact Assessments (DPIAs): Under the GDPR, a DPIA is required to be performed every time a new project is taken on by an organisation that poses a “high risk” to people’s personal information. In the Asia-Pacific region, Singapore, South Korea, China and the Philippines are the only four countries that require organisations to carry out DPIAs. In contrast, most other local laws do not require organisations to carry out such assessments.
- Enforcement: The enforcement authorities or the data protection authorities (DPAs) in South Korea, Japan, Hong Kong, Singapore and Australia have responded to the ongoing massive data breaches with the utmost strictness. They have carried out aggressive inspections and have prosecuted organisations that have failed to implement the proper security measures mandated by law, resulting in heavy fines and sometimes corrective orders. These countries are also focussing on enhancing their private sector security practices. Enforcement is expected to increase in the coming years due to new and amended laws that increase the penalties. Other types of privacy violations, the Korean Personal Information Protection Commission (PIPC) imposed a fine of KRW 6.6 billion on an online platform operator for violating lawful processing requirements, consent particulars, and processing of pseudonymised information, are also in play.
Please email espereblog[at]gmail[dot]com with the subject line “GDPR Request” for any questions about exercising any of the above rights.
Other Important Information
How Your Information Is Secured
We take reasonable security measures to protect your information, including the use of physical, technical and administrative controls. Please understand, however, that while we try our best to safeguard your personally identifiable information once we receive it, no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. You need to help protect the privacy of your own information. You must take precautions to protect the security of any personally identifiable information that you may transmit over any home networks, wireless routers, wireless (WiFi) networks or similar devices by using encryption and other techniques to prevent unauthorized persons from intercepting or receiving any of your personally identifiable information. You are responsible for the security of your information when using unencrypted, open access or otherwise unsecured networks.
The time period for which we keep information varies according to the purpose for which it is used. In some cases, there are legal requirements to keep data for a minimum period. Unless there is a specific legal requirement for us to keep the information, we will retain it for no longer than is necessary for the purposes for which the data was collected or for which it is to be further processed.
Contests, Giveaways or Games
The Sites are not intended for children under 13 years of age. Espere does not knowingly collect personal information from children under 13 years of age. If you are under 13 years of age, do not provide personal information to Espere without providing us with consent from your parents. If Espere discovers that a child under the age of 13 has provided Espere with personal information and we do not have parental consent, Espere will immediately delete that child’s information from the Sites.
If you believe that the company has been provided with the personal information of a child under the age of 13 without parental consent, please notify us immediately at espereblog(at)gmail(dot)com.
Questions About this Policy or Access to Your Information
You may also use the contact information provided to request access or changes to your personally identifiable information; however, you will not be permitted to examine the personally identifiable information of any other person or entity and may be required to provide us with personally identifiable information to verify your identity prior to accessing any records containing information about you. We may not accommodate a request to change or delete personally identifiable information if we believe doing so would violate any law or legal requirement, or cause the information to be incorrect.