OUTLOGIC PRIVACY NOTICE
Last Updated: March 16, 2021
California Users: California residents have the right to opt-out of the sale of their personal information under the CCPA. To exercise this right, you may visit OUTLOGIC’s “Do Not Sell My Personal Information” form.
OUTLOGIC Inc., a [Delaware] company (“OUTLOGIC” “we,” “us,” and “our”), provides mobile advertising and data services to mobile application publishers (“Publishers”) and advertisers (“Advertisers”).
This privacy notice (“Privacy Notice”) explains how we collect, use, store, and share information about individuals in three different contexts (we refer to such individuals as “you,” “your,” and “yourself”): (1) visitors to our website located at www.outlogic.io and any other website on which this Privacy Notice is posted or linked (collectively, the “Site”); (2) users (“Users”) of third-party mobile applications (“Apps”) that have integrated with the OUTLOGIC Services; and (c) Users of OUTLOGIC’s owned and operated mobile applications (“OUTLOGIC Apps”). The Privacy Notice also explains certain choices you may have regarding how we use information about you, as well as rights you may have to access or correct such information.
If you are located in the European Economic Area (EEA) and would like to review your rights under the GDPR, please go to Section 9 of this Notice. If you are a California resident, you may review your rights under the CCPA at Section 11 of this Notice.
Below, we explain certain terms that we will use in this Notice that may make it easier to understand:
- SDK, or Software Development Kit: An SDK is a block of computer code that Publishers can integrate with their apps to collect data, often useful (as in OUTLOGIC’s case) to the mobile advertising and data industries.
- Services: OUTLOGIC’s Services refer to the products and insights we provide using location data and/or advertising IDs to companies for marketing and research purposes, for example, to enable their research and personalized advertising. The Services also include the SDK and other similar technologies we may use to collect information.
- Visitors: Individuals who choose to provide information directly to us via the OUTLOGIC website “Contact Us” form, i.e., Individuals who use our Site.
- Server to Server App / Server to Server Partner: OUTLOGIC sometimes partners with app developers who do not use the SDK in favor of sending us information they collect from their apps using their own SDKs. In other cases, we may obtain the same kinds of information using server-to-server transfers instead of collecting information through SDKs.
- Devices: Internet-connected mobile devices such as Apple iPhones that use iOS or Samsung Galaxy devices that use Google’s Android OS.
- OUTLOGIC Apps: Mobile applications owned and operated by OUTLOGIC or its affiliates.
- System Location Services: Device technologies that allow Apps to access information about your location (such as GPS coordinates).
- Advertising ID: A unique alphanumeric string randomly assigned by operating system manufacturers to a Device. Advertisers may use this ID to serve your Device more personalized advertising. Examples of Advertising IDs include iOS IDFAs and Android Advertising IDs.
- App Tracking Transparency/Opt-Out of Interest Based Ads: Features on iOS or Android Devices that allows users to disable, or limit Apps’ ability to access, the Device Advertising ID. Users who Opt-Out of Interest Based Ads will be opted-out from our Services. On iOS phones, users who do not give Apps permission to track zeroes out the Advertising ID.
1. Summary: Who is OUTLOGIC?
OUTLOGIC is a platform for aggregating and managing data. In particular, we focus on the curation and use of high-quality location data to help provide insights to organizations of various kinds regarding aggregated patterns of peoples’ movements. Our platform assists a variety of businesses in understanding movement patterns and trends for purposes including marketing and advertising, financial research, market research, traffic and urban planning, smart cities, or educational purposes. Certain government entities or public health organizations may also use our platform for purposes of public health research and planning, information security, physical security, to prevent crime, or for civic and traffic planning (Our specific data licensing practices may vary depending on geographic region).
2. What Types of Information Do We Collect?
A. Information We Collect Through Our Services
We collect information using our SDK. This information may include Advertising IDs, location information (described more fully below), and other information pertaining to the way Devices and their users engage with mobile advertising services. We also collect the same types of information using Server to Server transfers. We also collect information (including location information) from Publishers to assist them in meeting revenue goals for their Apps, allowing them to provide media, games, and other mobile apps, such as weather or traffic apps, without charging their users. We also may collect and use information from the OUTLOGIC Apps.
When you use an App or OUTLOGIC App on your Device that has integrated with our Services (including the SDK), we can collect certain information through or about your Device if we have been granted access to (or you have not opted-out of our use of) location services and an Advertising ID. In particular:
- Precise Location Information:
- Specific geolocation of the Device, usually described by latitude-longitude coordinates compiled through GPS features of our SDK, WiFi connection information, cell tower triangulation and other methods.
- Dwell time within or in proximity to points of interest (i.e. the length of time your device stayed at one place).
- Relative Location Information:
- Bluetooth Low-Energy (BLE) sensors, or beacons,
- Information obtained from the Internet of Things (IoT) devices.
- Near-field Communication (NFC)
- Our SDK is capable of receiving signals from each of the above technologies that indicate the proximity of a Device. For example, certain brick-and-mortar stores use beacons that sense when a Bluetooth-enabled Device is in proximity to the beacon (i.e., when a Device user enters the store). Retail locations, sports arenas, restaurants, museums and other similar businesses may also use beacons.
- Advertising IDs
- Timestamps (that may include time and date)
- Device Event Information:
- App or system crashes
- System crashes
- Device settings
- Device Usage Information
- Type of device (e.g., Samsung Galaxy S21)
- Operating system (OS) information (e.g., iOS 14.5)
- System settings (e.g., enabled/disabled status for Location Services)
- Time zone
- Mobile carrier
- IP address
- Names and/or identifiers for Apps on your Device integrated with SDK
B. Site Visitors
OUTLOGIC, along with our service providers and other vendors, collect information from visitors (“Visitors”) to our Site, including information Visitors choose to provide to us on contact forms or through our support email addresses, including firstname.lastname@example.org, as well as information collected through passive, automated means such as cookies and web pixels, as follows:
- Information Visitors Choose to Share: We may collect your full name, physical address, telephone number, and email address if you provide it to us. For example, you may choose to give us this information to register for an event, to learn more about our Services, or to set up an account with our platform. Our platform users may give us additional information, such as employer or payment information. You may learn more about our use of this type of information by emailing email@example.com.
- Information about Browsers or Devices: We may collect information about your computer (e.g. desktop or laptop), Device, tablet, or other internet-connected devices used to access the Site. This information may include technical details about your computer or Device (such as the Device type, operating system, system settings and configurations, IP address, Advertising ID or other unique Device-based IDs, and mobile network carrier information) and information about how you use the Site (including details about the parts of the Site you access, traffic to and from other websites, timestamps, web log data, and other event information, including crashes and system activity). You may exercise control over this type of data collection by adjusting the settings on your device or browser (e.g., by disallowing cookies and using other similar settings).
- Web Beacons: Web beacons or “pixels” are small, invisible webpage or email elements that may be used on the Site or in emails we send to you. We use them to deliver cookies, to count Site visits, to understand Site usage, to study the effectiveness of our advertising or marketing offers, and to learn whether you open an email or act upon it. You may limit this type of re-targeting and other types of interest-based advertising by exercising the opt-out choices explained in Section 6.
3. How We Use The Information We Collect Through Our Services
When we collect information through the Services, OUTLOGIC may use it for any of the following purposes:
- To Make Inferences based on Aggregate Data, including Movement Patterns and Research:
- Aggregate Movement Patterns: To make inferences regarding the location and movement patterns of individuals or devices. For example, we might record location data from Devices at certain points of interest over time, like shows, sporting events, restaurants, etc., and we may include this information in the Services.
- Data Products: To use these location-based observations with other data products. For example, we may add other information to the location data we collect such as the name of a venue, time spent at a point of interest, or other information to an aggregate set of Advertising IDs to enhance user profiles or to enable decision-making based on that information, such as executing a stock trade.
- Advertising and Research: For advertising and research purposes, such as use by advertising technology platforms who use the information to provide similar capabilities. The information helps these platforms to make predictions and generate insights about trends in consumer or market behavior, or to conduct scientific research in connection with human movement patterns.
- Smart Cities and Security: Real estate developers, urban planners, government entities, or security or smart city businesses may use and augment the information to tailor it to their needs. We also license the information to assist businesses and governments with planning, physical security, information security, and preventing crime.
- Interest-Based Audiences and Targeting Ads:
- Interest-Based-Audiences: We use the information we collect to organize Device users into audience segments based on their inferred interests (for example, that a Device user is interested in attending sporting events, or certain kinds of retail stores). This enables our customers to deliver advertising to those users when they are recognized on their own platforms.
- Targeting Ads: By using audience segments, advertisers increase their chances of sending an ad that is more likely to be relevant.
- Ad Measurement:
- Ad Measurement Analysis: We use information we collect (such as location information and Advertising IDs) to assist advertisers with analyzing ad campaign performance – for example, by measuring how (or whether) Devices that were served with a particular ad engaged with the advertiser’s products or services. This is sometimes called ad measurement or attribution analysis.
- For example, if certain Devices were served with an advertisement for “OUTLOGIC Sandwich Shop” on Wednesday, and location data then showed traffic at OUTLOGIC Sandwich Shop on Thursday or Friday was higher than average, OUTLOGIC Sandwich Shop might conclude that its ad campaign performed well.
- Publisher Analysis:
- Analysis and Compliance: We assist our Publisher partners with analyzing how their App users engage with their Apps, and in activating that information for advertising, to generate revenue, and to enhance App functionality.
- We may also use this information to provide Publishers with options for complying with certain laws, regulations, and other rules where applicable.
To learn more about how we collect, use and share information pertaining to our Site visitors, please refer to Section 5.
4. How Do We Use Information We Collect From Visitors?
We may use information we collect about Visitors for our corporate and internal purposes, including:
- Analyzing what products and services Visitors may be interested in, the popularity of different pages of our Site, as well as how Visitors interact with our Site in other ways. If you give your personal contact information to us (e.g., your email address), we may combine that information with other information described in Section 2 to understand how to better serve you.
- To communicate with Visitors, including to offer customer or Visitor support for the Site or the Services. For example, we may use your personal information solely for purposes of replying to your questions when you use the “Contact Us” form on the Site or send us an email at firstname.lastname@example.org.
- Market research.
- Direct marketing in accordance with applicable law.
- To improve, maintain, operate, and personalize the Site.
- For human resource purposes.
5. With Whom Do We Share Information We Collect?
We share the information we collect for purposes of operating our platform (for example, with our service providers) and for purposes of supporting the business of our customers. We may share information we collect from your Device as follows:
- With Our Customers:
- We share Advertising IDs, Location Information, App Usage Data, and audience segments generated from those data points, with our clients (“Clients”).
- Our Clients may include brand advertisers, data and technology platforms, advertising technology companies, and other organizations that study consumer behavior, provide tailored advertising, or study human movement patterns.
- With Our Service Providers:
- We have contracts with businesses that assist us with our own business operations (e.g., with our Site, with database hosting, fraud detection and prevention, verification and reporting, data hygiene, human resources, marketing and advertising, and email services), as well as billing or accounting functions, collections, technology, Clients, and other forms of operational support.
- With Our Affiliates:
- In the event we establish a subsidiary or otherwise become affiliated with another company, we may share any information that we have collected with those entities.
- In Relation to Legal Proceedings or Process:
- We may share information we have collected when we have a legal obligation to do so. This may include compliance with a binding court order, exercising, establishing or defending OUTLOGIC’s legal rights, or those of Clients or any other third party, or in good faith to comply with the requirements of any applicable law or legal process.
- Similarly, we may disclose any information we have collected as required to respond in good faith to legal process, including subpoenas (whether civil or criminal), court orders or search warrants.
- To Investigate Malfeasance and to Defend Ourselves or Third Parties:
- We may share information to assist us in enforcing our legal rights, our Terms of Service, or other policies as applicable, or to investigate any potential violation of the same. We may also share information to investigate any potential violations of the law, to defend ourselves, our Clients, or any third party from any potential harm (whether tangible or intangible).
- In Relation to a Corporate Transaction:
- If a third party seeks to acquire or actually acquires our business or assets in whole or in part, we may disclose information we have collected in connection to that transaction (including without limitation during due diligence that may be undertaken in advance of possible sales).
6. User Choices & Opt-Out Tools
You can manage the way that we use data collected passively from your Device in connection with the OUTLOGIC Site and the Services(e.g. Advertising IDs or cookies) as described below:
- Opting Out of Interest Based Advertising on Mobile Devices: You can opt out tailored advertising on mobile devices by companies that participate in the Network Advertising Initiative or the Digital Advertising Alliance by visiting the NAI’s Mobile Choices Page and following the instructions provided there.
- You can opt out of interest-based advertising on your browser by participating companies by visiting the NAI’s opt-out page or the DAA’s Consumer Choice Page. Residents of the EEA, UK and Switzerland may refer to www.youronlinechoices.com. The opt-out tools provided on these industry pages are generally based on cookie technologies. As such, if you delete your cookies (or change or update your web browser) you will need to repeat the opt out process. While our Services are generally not based on cookie technology, we are providing this information because we may partner with businesses to tailor ads for our own Services that do (for example, to retarget Visitors of Sites with advertisements). Further, certain third-party platforms may use information we have collected to match identifiers across devices – such as to tie a mobile Advertising ID by common IP address to a browser-based cookie ID.
- OUTLOGIC Opt-out: You may limit the ways we use certain information we have collected by submitting an opt-out request here.
- Our Marketing Emails: If you receive marketing or promotional emails from us, you may opt out of receiving those messages by following the “unsubscribe” instructions contained in them, or by emailing us with your request at email@example.com. If you opt out of our marketing and promotional messages, you may still receive transaction- or service-related emails about your business relationship with us.
We use administrative, technical, and physical safeguards to protect our physical infrastructure as well as in our computer systems, databases, and communications networks. These measures are intended to protect our systems (and the information contained therein) from loss, misappropriation, misuse, alteration or disclosure. No method of electronic transmission or storage is perfectly secure, however, so we cannot guarantee the security of information we collect with absolute certainty.
8. Cross-Border Transfers
Information we collect may be stored and processed by us in both the European Union and the United States. When you use the Site or our Services, the information we collect may be stored in or (if applicable) transmitted to the United States. Privacy laws in the United States and laws in certain other countries regarding the processing of personal information may not be as robust as those in your country.
9. The European Union (GDPR)
We (and those using our Services) are required to provide certain information about the processing of “Personal Data” of users in EEA, the U.K. and Switzerland under the GDPR. “Personal Data” generally refers to data that identifies or is capable of identifying a particular user or device. Names, addresses, cookie IDs, Advertising IDs, precise location information, and biometric data are examples of “Personal Data.”
If you have any questions about OUTLOGIC’s data practices in the context of the GDPR, You may contact our Data Protection Officer with any questions you may have about our processing of Personal Data in connection with the GDPR by emailing your questions to firstname.lastname@example.org.
The representations and information we provide below, which are applicable only to individuals located in the EEA, the UK and Switzerland, are provided for purposes of compliance with the GDPR. Please do not rely on the information below if you are not located in one of those regions.
- Legal grounds for processing your Personal Data: Under the GDPR, we must disclose the legal bases we rely on to process Personal Data. Our legal bases for processing Personal Data for the purposes we describe in Section 2 and Section 3 above and Section 5 as to our corporate data) include:
- Consent. We rely on your consent to provide our Services that use precise location information related to other Personal Data. We also rely on your consent to store and access information on your Device (e.g., Advertising IDs). We obtain your consent through taking our own compliance steps and in reliance on compliance steps taken by our customers that use the Services. These steps are intended to ensure that your consent is collected in compliance with the GDPR and passed on to clients and business partners in a way that ensures we only facilitate the collection of data in compliance with the law. We may rely on your consent to process Personal Data in other circumstances as well. When we do so, we will follow applicable laws pertaining to providing and withdrawing consent. We also attempt to obtain consent for certain of our clients to process Personal Data. These clients may be independent data controllers.
- Legitimate interest. We may rely on legitimate interest as a legal basis for processing Personal Data in some cases. We may do so when we use Personal Data for purposes of maintaining the security of our services (including to detect and prevent fraud or to facilitate the detection and correction of bugs or other errors). We also rely on legitimate interest when we use our own Clients’ Personal Data (or our Site Visitors’ Personal Data) to communicate with them about their use of our Services, or analyze user activity on our Site.
- Contractual Agreements. In some cases our basis for processing Personal Data is that the processing is necessary pursuant to a contractual relationship we have entered into (such as records and contact information related to our Clients).
- Legal Obligations. We may process Personal Data when it is necessary for us to comply with our legal or regulatory obligations.
- Transfers of Personal Data: When we collect Personal Data in the EEA, UK, or Switzerland, and then transfer it outside of those jurisdictions, we take measures to ensure that such Personal Data is protected by appropriate safeguards. In general, our transfers of Personal Data rely on Standard Contractual Clauses and Data Processing Agreements to safeguard that data where the GDPR or other European data protection laws require it. You may use the contact information below to request more information regarding how we safeguard your Personal Data and respect your privacy rights.
- How We Retain Personal Data: We generally retain Personal Data we collect for as long as is necessary to either (1) provide our Services; or (2) for other purposes including compliance with our legal obligations, dispute resolution, and to enforce our contracts. Our schedule for retaining Advertising IDs is generally as follows: Advertising IDs we collect in order to provide our Services are rendered inactive by us within 13 months after the time we last obtained your consent; however, we may retain data beyond 13 months where we have de-identified it (i.e., altered it in such a way that it cannot be linked to Personal Data). We may retain this (and other) information insofar as we have a legal or operational need to do so, for example, for purposes of auditing, corporate record-keeping, legal compliance, accounting, security and bug-prevention purposes.
- Rights of Data Subjects: Data Subjects have certain rights in connection with the Personal Data that data controllers process about them pursuant to the GDPR. These include the right to access Personal Data, the right to request correction of inaccurate Personal Data, the right to request the restriction of processing of Personal Data, the right to request deletion of Personal Data, and the right to object to processing of Personal Data (including when we process Personal Data to build a profile for targeted digital advertising). We describe these rights more fully below.
- Right to Access: You may contact us at email@example.com in order to exercise your right to access Personal Data we process as a data controller. We will respond to your request by explaining the steps you must follow to access your Personal Data after we receive your request. Because we are required to verify the identity of the individual making a request before we provide access to Personal Data, we will evaluate requests to exercise certain rights to access Personal Data on a case-by-case basis. In conducting this evaluation, we may consider both (1) the effort involved in verifying whether Personal Data that we process actually pertains to the data subject making the request – and only to that data subject; and (2) any potentially negative consequences that may result from erroneously releasing Personal Data to an individual other than the data subject. We may also limit the amount or kind of Personal Data we will release in circumstances where we believe it is likely that the improper release of Personal Data would adversely affect the privacy rights and freedoms of the data subject. We will only honor requests for access to Personal Data for which we act as a data controller, as explained more fully in sub-section (d) below. Where we act as a processor for Personal Data on behalf of another entity (for example, our customers), you may contact that company instead of OUTLOGIC to make a data access request.
- Right to Correct: You may exercise your right to correct Personal Data by contacting us using the contact information provided below.
- Right to Withdraw your Consent or Object to our Personal Data Processing: You may use the opt-out methods described in Section 6 of this Privacy Notice to withdraw your consent for our processing of your Personal Data (when we are relying on your consent). If you withdraw your consent, we will stop processing your Personal Data in connection with our Services within 30 days or fewer.
- Right to Request Deletion: You have the right to request that we delete Personal Data concerning you that we process as a controller. If you use the opt-out process described above, we will also delete your Personal Data. You may also contact us at firstname.lastname@example.org to request that we delete your Personal Data. We will provide further instructions on how you can exercise your right to deletion after we receive your email request. In certain circumstances we may keep copies of Personal Data in back-up files (or otherwise in inactive form), for certain of our internal purposes that are important to our business, including legal, auditing, accounting and billing, bug-detection and correction. We may keep such backups for as long as is necessary to fulfill those purposes.
- Right to Make Complaints: You have the right to lodge a complaint regarding our processing of Personal Data with a relevant data protection authority. If you have a complaint, please contact us first to allow us to assist you in resolving it.
- OUTLOGIC may act as either a data controller or a data processor in connection with the Personal Data we process, depending on the circumstances. EU data protection law distinguishes between companies that process Personal Data for their own purposes (i.e. “data controllers”) and companies that process Personal Data on behalf of and at the direction of other organizations (i.e. “data processors”). When we act as a data processor for other organizations, such as for our Clients, we may direct your requests or inquiries to the relevant data controller that is responsible for the processing of your Personal Data.
10. Children’s Data
We do not intend for our Services to be used in connection with minors under the age of 16, and we do not intentionally collect data from them. If you believe that we may have inadvertently collected of any such data, please use the contact information provided in Section 13 below to let us know.
11. Additional Information for California Residents
As required by the CCPA, we describe the personal information we collect about California residents, and the purposes for which we may use it, in the following sections:
- Categories of Personal Information We Collect; How We Use It; and How We Share with Third Parties
- The Business Purposes We Have for Collecting and Sharing Personal Information
- California Residents’ Privacy Rights and Choices (Section 3)
A. Categories of Personal Information We Collect; How We Use It; and How We Share with Third Parties
We may collect the categories of personal information about you described in the table below, depending on how you interact with us or our Services. The table also describes the categories of third-parties with whom we may share the categories of Personal Information specified. You may exercise your Right to Access in connection with any of the Personal Information Categories in the table below.
|PERSONAL INFORMATION CATEGORY||DO WE CURRENTLY COLLECT/USE THIS CATEGORY OF PERSONAL INFORMATION?||SOURCES WE COLLECT THIS CATEGORY FROM:||HAVE WE “SOLD” THIS CATEGORY OF PERSONAL INFORMATION IN THE PAST 12 MONTHS?||CATEGORIES OF THIRD-PARTIES WHOM THIS DATA WAS SHARED WITH FOR BUSINESS PURPOSES|
|Identifiers (e.g., online identifiers; IP address; mobile ad identifiers, other online or advertising platform identifiers)||Yes||Data analytics services and data aggregators Third party mobile applications and websites; and|
OUTLOGIC owned and operated mobile applications and websites
|Yes||Advertising networks (e.g., demand-side platforms, agency trading platforms); Agencies and advertisers; Data aggregators and resellers; Data analytics services; Financial institutions; Government entities and information services; and App publishers|
|Identifiers related to our own corporate “business to business” purposes and/or our Site (these are not utilized with our Services to Clients, but instead for, e.g., our own marketing and Approved Partner contact purposes): name, address, e-mail address, phone number||Yes||Data analytics services and data aggregators: Third party mobile applications and websites; and OUTLOGIC owned and operated mobile applications and websites||No||Operating systems and platforms|
|Internet or Other Electronic Network Activity Information (e.g., information regarding a consumer or device’s interaction with a website or application)||Yes||Data analytics services, data aggregators, and OUTLOGIC owned and operated mobile applications and websites||Yes||Advertising networks (e.g., demand-side platforms, agency trading platforms); Agencies and advertisers; Data aggregators and resellers; Data analytics services; Financial institutions; Government entities and information services; and App publishers|
B. The Business Purposes We Have for Collecting and Sharing Personal Information
Our purposes for collecting and sharing Personal Information are described below (with examples). These details are also described in our Privacy Notice:
- Tailored Digital Advertising:
- Working with advertisers, agencies and the technology platforms they use to: (1) send, tailor, optimize and analyze advertising and marketing messages in websites, mobile apps or across other channels; and (2) measure and analyze the effectiveness of those messages.
- Create “identity” graphs to assist our customers in finding users across multiple channels. This may include linking personal, device-based, or network-based identifiers (e.g., Advertising ID, IP address, or email address).
- Research for Marketing and Other Purposes:
- We provide information for purposes including financial and market research, for the study movement patterns, for urban planning, for smart cities research, or for educational purposes. We may also share information with government entities or public health organizations who wish to study movement patterns for disease prevention research, for physical security or information security, to prevent crime, or for civic and traffic planning.
- To Operate Our Services:
We use personal information to:
- Enhance, test, update, and verify our own data and data-related services
- Develop new products or services
- Operate, analyze, enhance, and secure our services
- Other Internal Business Purposes:
- We use personal information for internal research or operations, auditing, detecting and responding to security incidents, debugging, short-term and transient use, quality control, and legal compliance. Information we collect from our Sites and third party mobile apps may be used for the above, in addition to our own marketing purposes.
- Sharing for Purposes of Legal Compliance: We may share personal information with third parties for purposes of: (1) compliance with official legal process or a regulatory investigation (for example, a valid subpoena or court order); (2) enforcing our Terms of Service, this Privacy Notice, or other agreements, including investigation of suspected violations of the same; (3) responding to claims that certain content violates the rights of third parties; or (4) protecting the rights, property or personal safety of us (or our platform), our Clients, our affiliates, our agents, our platform users, or the general public. Similarly, we may share personal information with other entities to detect or prevent fraud, to prevent spam or malware, or other similar purposes.
- Sharing In Connection With a Corporate Transaction: In the event of a major corporate transaction (such as a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets), we may share personal information in connection with that transaction, including for purposes of associated due diligence.
- Sharing With Our Service Providers: We may share any personal information we collect with our service providers. Our service providers may include, for example, providers of: technology; support for our Clients; business operations; web or database hosting; billing; accounting; physical or information security; marketing and advertising; data management, validation, enhancement or hygiene; or providers that otherwise assist us with providing, developing, maintaining, or improving our Services.
- Aggregate Information: We may use personal information to create aggregate information, or may de-identify any personal information we collect to make it such that it cannot be linked to you or your device (“Aggregate or De-Identified Information”). We may use Aggregate or De-Identified Information for any purpose, including, but not limited to, for research and marketing purposes. We may also share Aggregate or De-Identified Information with third parties, who may include advertisers or marketers, promotional partners, our sponsors, or otherwise at our discretion.
C. California Rights and Choices
Pursuant to the CCPA, California residents have the right to request (1) that we disclose what personal information we collect from you; (2) to delete such information; and (3) to opt out of our sale of their personal information. These rights are subject to certain limitations, although you will not be discriminated against for exercising any of these rights. In certain circumstances, we may charge a reasonable fee to process your request to the extent permitted by law.
- Right to Opt-out of the Sale of Your Personal Information:
- California residents may opt out of the “sale” of their personal information. “Sale” is defined broadly by the CCPA. It includes making available a wide variety of information in exchange for any “valuable consideration.”
- To “opt out” of our “sale” of your personal information you may use either of the methods below:
- Right to Request Deletion of Your Personal Information:
- If we have collected personal information from you – for example, if you are or have been an Approved Partner — you may request that we delete such personal information. A request to delete is distinct from a request to “opt out” of our sale of your personal information. You may contact us via email at email@example.com or call us toll-free at +1 (830) 423-5996 to exercise this right.
- If you choose to exercise your right to deletion, there are certain circumstances under which we many nevertheless retain personal information as permitted by law, such as:
- To defend against fraudulent activity directed towards our business, systems, or users.
- To detect and fix technical issues that affect existing system functions (e.g., for de-bugging).
- As necessary for the protection of the free speech or other rights of us (or others).
- To assist with law enforcement requests made pursuant to lawful process.
- For certain scientific or historical research purposes.
- For our own internal purposes, provided they are reasonably related to your relationship with us.
- To comply with our legal obligations.
- Please note that we require certain information in order to provide our Services to you. If you ask us to delete that information, it may prevent you from being able to access or use our Services.
- Right to Request Access to Your Personal Information:
- The CCPA grants California residents the right to request that we disclose both the categories and specific pieces of personal information that we collect, use, or sell. We will comply with such requests if we can verify them to a legally sufficient degree. You may make such an access request by emailing us at firstname.lastname@example.org with the subject line “CCPA Access Request” or by calling us toll-free at +1 (830) 423-5996.
- We may be able to adequately verify access requests for certain information we have collected. However, and in line with certain guidance provided by the California Attorney General, we do not provide location data in response to access requests due to the fact that we are not able to verify to a reasonably high degree of certainty that the location data we have collected pertains to the individual making such a request, or whether either an individual with custody of a device — or the person making the request — is the rightful owner of the device to which the information we hold pertains. For example, it is not uncommon for a person to be in possession of another person’s phone temporarily (for example, a partner, friend or work colleague’s mobile phone or tablet), whether or not such temporary possession is authorized. We take this approach in order to avoid a scenario where such a person in temporary possession of a phone might obtain potentially detailed and sensitive information pertaining to the phone’s owner through a request for access. We also believe California law compels us to avoid a scenario like this. In addition, a recent study found that roughly 50% of mobile phones were not password protected at all, making the possibility of such “spoofing” a tangible risk. Further, we do not have other, more conventional means to confirm the identity of a device’s true owner because for consumer privacy reasons we do not collect information such as name, address or email address that could be used to do so.
- If you do not wish location data associated with your device to be used in the ways we describe above, we suggest that you make a request to opt out of sales of your information as detailed above. You can find complete information about how to exercise your right to opt out here.
- How to Exercise Your Rights and Submit a Verifiable Consumer Request:
- To exercise your CCPA rights or learn more about how to do so, California residents may contact us using any of the following means:
- In certain circumstances, we may not disclose some personal information to you in response to an access request where doing so presents too great a risk to you or our business. We may also withhold such information where we cannot verify your identity in connection to such personal information.
- To learn about how to opt out of Tailored Advertising, please review and consider whether to use the industry opt-out mechanisms provided on the NAI (Network Advertising Initiative) page. We believe that opting out using these industry tools may be more efficient, faster, and more uniform compared to using manual opt out processes.
- In the event we are not able to comply with your requests fully for any of the reasons described above, we will still explain the reasons why we could not fulfill your request.
- Right to Non-Discrimination:
- If you elect to exercise your CCPA rights, we will not deny, charge different prices for, or provide a different level of quality of goods or services for that reason.
- Information Regarding Individuals Younger than 16 Years Old:
- Unless we have obtained legally sufficient consent to do so, we do not knowingly sell personal information pertaining to minors younger than 16 years old who reside in California. In the event we learn that we have collected or sold personal information regarding such California residents, we will take reasonable steps to remove such information from our database (or we will obtain any legally required consents).
- Authorized Agents:
- You may exercise your rights under CCPA as described above by designating an agent to make requests on your behalf. If you choose to designate an agent, we will take steps to verify both (1) your identity; and (2) that your designated agent has been authorized to make a request on your behalf by providing us with a written authorization signed by you or a copy of a valid power of attorney.
12. Changes to This Privacy Notice
In the event we make material changes to this Privacy Notice that may affect you, we will post prominent notice of any such changes on our website for not less than 30 days prior to the effective date of the changes. We suggest that you check this Privacy Notice frequently in order to stay informed of any such changes.
13. Contact Information
To ask questions about the information in this Privacy Notice or for more information about how we use information we collect, or to exercise any of the rights outlined in Section 9, you may contact us at:
P.O. Box 17247