11WorldSync Global Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

FAQ: Privacy & Security

1WSCGomez
Moderator
Moderator

‎06-22-2023 08:53 AM - edited ‎10-24-2024 10:06 AM

Do you gather any personally identifiable data (PII), E.g. name, address, phone, email, photo, IP address?

  • IP address is collected as part of the web server (for debugging purposes) and reporting logs but is anonymous (i.e. cannot be tied back to a specific user)
  • Name, phone and email address entered as part of our lead gen Contact Us form is passed through an email system to the designated partner contact without being stored in 1WorldSync systems.

At no point is performance data ever combined with PII data. The end-user performance data captured is anonymous as it does not collect any PII information such as name, email, phone, etc.

Do you share the data with third-parties?

  •  Unless required by law, the metrics regarding the content performance are provided back to the partner using the service, content providers and manufacturers. The data is never sold or shared with any outside agency.

Does ccs_video_cart cookie contain any personal information?

  •  No, the cookie ccs_video_cart does not contain any personal information. This cookie only contains flags (one for each target product) to store whether the shopper has seen the "Buy" video or not and whether we need to display it again.

Does DownloadLinkUserData cookie contain any personal information?

  •  It could contain personal information if the shopper has entered it in the Download form/lightbox so we can pre-fill the fields in case the download form is opened again. This information is encoded using base64 and is saved until the current session expires.

How is the data used?

  •  The data is used to provide the services requested by the partners and owners of the content. The metrics regarding the content performance such as products requested, content impressions and interactions are provided back to the partner using the service, content providers and manufacturers. No personally identifiable information of the shoppers are ever shared with anyone.

What are the cookie names and respective expiry times?

  • t_sid
    1. Value:unique id generated by 1WorldSync's internal systems.
    2. Use: This is used to track user navigation during a particular session.
    3. Lifetime: current active session

  • t_rnd2
    1. Value: random number within [1..255] range.
    2. Use: This cookie is set for all partners but only used when a partner is setup/configured for A/B testing.
    3. Lifetime: one month

  • ccs_video_cart
    1. If the partner has hook-level setting 'EnableAddToCartInVideo = true' then after playing a video the shopper will be asked to add a product to cart.
    2. This cookie 'ccs_video_cart' is used to remember shopper's choice, i.e. if the shopper clicked "No" to add the product to cart then this will be stored in this cookie so we don't suggest it next time.
    3. IMPORTANT: this cookie is only relevant for partners who are configured for this feature ('EnableAddToCartInVideo = true')
    4. Lifetime: session
  •  

What information is collected during the Portal registration process?

  •  We collect Company and Contact information. Retailers who register in the ContentCast portal provide basic company and contact information:
    • Name
    • Company
    • Address
    • Phone
    • Email
    • Website URL.

    Additional company or contact information is voluntary.

What other information is collected via the JavaScript? 

  • Web Server Logs (IIS)
    The Logs are anonymous and contains the following fields:
    1. Time
    2. IP Address (last octet is anonymized)
    3. User Agent

  • Reporting Events
    ContentCast uses tracking to collect basic web analytics within scope of the content served from our platform.
    1. Timestamps
    2. Session ID (Auto-generated)
    3. User Agent (Browser Version, OS Version, IP Address (last octet is anonymized))
    4. Site Referral URL
    5. Retailer Subscriber Key as assigned by 1WorldSync
    6. Requested Product Information (Manufacturer Name, Manufacturer Part Number and UPC/EAN as voluntarily sent by the retailer)
    7. Requested Locale/Market
    8. Content interaction metrics (events such as requests, context, content impressions, asset interactions, video plays)

  • Contact us and Gated Content Forms
    applicable only if you are syndicating Web Campaigns and Brand Showcases

We pass-through the lead generation form information entered in the 'Contact Us' form and transmits it to the partner via email. 1WorldSync does not
store any of this information.

Where is the data stored?

  •  The data is stored on multiple fault-tolerant Microsoft Azure instances (stacks) in the US and EU.

Is a record maintained of staff and visitor access?

  •  Yes

Is all access recorded and authorized by designated management?

  •  Yes

Is physical access to your technology stacks controlled at all times?

  •  Yes. All data centers used by 1WorldSync maintain state-of-the art physical security, including 24x7x365 surveillance, environmental protections and extensive secure access policies.

Is your organization ISO27001 certified?

  •  Our technology platforms: Azure and BIRST reporting platforms are both ISO27001 certified.

Do you use Change Management Control?

  •  Yes.

Are data centers protected against damage from fire, flood and other forms of natural or man made disaster?

  •  Yes. 1WorldSync has implemented geo-redundancy as a back-up measure.

Are security event logs on systems considered business critical, or that contain confidential information, proactively monitored?

  • Yes

Are you SAS 70 Level II certified?

  •  Yes.

Does adding your script put my website or CMS at risk?

  •  Any system including your own website is always at risk of being hacked when the proper precautions are not taken. 1WorldSync uses the similar content delivery approach as other 3rd party scripts such as Google Analytics, Google AdSense, Bing Ads, Social sharing scripts like AddThis, Facebook Like buttons or Twitter. The key differences are:
    1. We are not Open Source - our primary script delivery mechanism is proprietary and doesn't use open source code to deliver the content. Our CMS for the content ingestion is proprietary and not affected by common CMS vulnerabilities.
    2. Azure Built-in Security - The syndication platform that 1WorldSync Content Solutions uses is built on top of the 's Azure Cloud which contains many security services and layers.
      1. ISO27001 Certified
      2. SAS 70 Level II Certified
      3. Built in Virus Protection
      4. Access-controlled data centers
    3. Expert Experience - 1WorldSync Content Solutions is owned by CBS, a fortune 500 company. 1WorldSync Content Solutions rolls up into CBS Interactive which is a top 10 global web property with sites including CBS, 1WorldSync, GameSpot, TVGuide and ZDNet. We implement the same security standards and protection that is used in all of the top web properties.
    4. Proven track record - Ever since our platform was launched 5 years ago, we have never had an incident.

    Some of the top reasons for hacked websites are:

    1. Personal computer security - weak passwords, untrusted browser plugins, sending confidential information unencrypted, etc.
    2. 3rd party Open Source software - Content management systems, such as Joomla and Drupal, can easily be targeted by the use of untested and insecure plugins and widgets.
    3. CMS Vulnerabilities - Some of the most popular CMS platforms such as Wordpress, Joomla, Drupal, Magento are all vulnerable to security exploits. Keeping your core application and modules up-to-date with the latest security patches are critical.
    4. Indirect Server attacks - If you are hosting your website on a shared server, you increase the risk of being hacked as intruders can access the server through other unprotected websites being hosted on the same server.

Does your script and service support HTTPS or SSL?

Labels:
0 Kudos
Version history
Revision #:
5 of 5
Last update:
‎10-24-2024 10:06 AM
Updated by:
Moderator
 
View Article History
Contributors