We are committed to protecting the privacy and security of our collected data. Our data collection practices are designed to prioritise user privacy while ensuring the quality and functionality of our services. This policy outlines how we collect data within our API environment, emphasising the protection of personal information and the implementation of robust security measures. 

Please note, this data provisions and encryption policy outlines how we process data in regards to attribution of sales. For our Data & Privacy Policy, which outlines how we track user behaviour on our website and within our application, please visit the Data & Privacy Policy page which can be found in the footer of our website.

Purpose of Data Collection

The data collected by our API serves specific purposes, including but not limited to:

• Tracking attributable sales through unique identifiers.
• Conducting research and analysis to better understand user needs and preferences.
  
• Fulfilling legal and regulatory requirements.

Data Collection Principles

Minimalism: We collect only the data necessary to fulfil the intended purposes mentioned above.

Anonymisation: Personal information is not collected within our API environment. We anonymise any data that could potentially identify an individual.

Encryption: All data collected within our API is encrypted using industry-standard encryption protocols to prevent unauthorised access.

Consent: Where applicable, we obtain explicit consent from users before collecting any data that may be considered sensitive or personally identifiable.

Types of Data Collected

The data collected within Avelon’s API primarily includes:

Usage Data: Information about how users interact with our clients’ websites, such as API usage patterns, session durations, and purchasing information.

Technical Data: Device information, IP addresses, browser types, and other technical data necessary to provide functionality and quality within our services.

Data Usage and Sharing

Internal Use: Data collected within our API is primarily used for internal purposes, such as improving our services and conducting research.

No Sale of Personal Data: Avelon does not sell, rent, or lease any personal data collected within its API to third parties.

Third-Party Service Providers: In some cases, we may engage third-party service providers to assist us with data processing and analysis. These providers are contractually obligated to adhere to strict data protection standards and are prohibited from using the data for any purpose other than as instructed by Avelon.

Legal Compliance: We may disclose data collected within our API in response to valid legal requests, such as subpoenas or court orders, or to comply with applicable laws and regulations.

Data Security Measures

Encryption: All data transmitted within our API is encrypted using industry-standard encryption algorithms to prevent unauthorised interception.

Access Controls: Access to data within our API environment is restricted to authorised personnel only, and stringent access controls are implemented to prevent unauthorised access.

Monitoring and Auditing: We continuously monitor and audit our systems for any potential security threats or vulnerabilities, taking proactive measures to address any issues that may arise.

Data Retention: We retain data collected within our API only for as long as necessary to fulfil the purposes outlined in this policy or as required by law. Once data is no longer needed, it is securely deleted or anonymised to prevent any unintended use or disclosure.

Compliance and Accountability

Avelon is committed to upholding the highest standards of data protection and privacy. We regularly review and update our data collection practices to ensure compliance with applicable laws and regulations. Any inquiries or concerns regarding our data collection practices can be directed to our Data Protection Officer.

This Data Collection Policy is subject to periodic review and may be updated from time to time to reflect changes in our data processing practices or regulatory requirements. Users will be notified of any significant changes to this policy through appropriate channels.