This Application collects some Personal Data from its Users.
Users may be subject to different protection standards and broader standards may therefore apply to some. In order to learn more about the protection criteria, Users can refer to the applicability section.
Personal Data collected for the following purposes and using the following services:
- AdMobPersonal Data: Cookies; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example); Usage Data
- AdColony, AppLovin, Chartboost, Fyber and StartAppPersonal Data: Cookies; Usage Data
- InMobi, Media.net, Smaato and Tapjoy
- Contacting the User
- Mailing list or newsletterPersonal Data: email address
- Managing contacts and sending messages
- MailchimpPersonal Data: email address
- Registration and authentication
- Owner and Data ControllerEO Interactive Ltd.
186, 918 -16th Ave NW
Calgary, AB Canada
T2M 0K3Owner contact email: email@example.com
Owner and Data Controller
EO Interactive Ltd.
186, 918 -16th Ave NW
Calgary, AB Canada
Owner contact email: firstname.lastname@example.org
Types of Data collected
Among the types of Personal Data that this Application collects, by itself or through third parties, there are: email address; Cookies; Usage Data; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example).
Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application.
Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services. In cases where this Application specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.
Users are responsible for any third-party Personal Data obtained, published or shared through this Application and confirm that they have the third party’s consent to provide the Data to the Owner.
Mode and place of processing the Data
Methods of processing
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.
Legal basis of processing
The Owner may process Personal Data relating to Users if one of the following applies:
- Users have given their consent for one or more specific purposes. Note: Under some legislations the Owner may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
- provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
- processing is necessary for compliance with a legal obligation to which the Owner is subject;
- processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
- processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
The Data is processed at the Owner’s operating offices and in any other places where the parties involved in the processing are located.
Depending on the User’s location, data transfers may involve transferring the User’s Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.
If broader protection standards are applicable, Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.
If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
- Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
- Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
The purposes of processing
The Data concerning the User is collected to allow the Owner to provide its Services, as well as for the following purposes: Managing contacts and sending messages, Contacting the User, Advertising and Registration and authentication.
Users can find further detailed information about such purposes of processing and about the specific Personal Data used for each purpose in the respective sections of this document.
Detailed information on the processing of Personal Data
Personal Data is collected for the following purposes and using the following services:
- AdvertisingThis type of service allows User Data to be utilized for advertising communication purposes displayed in the form of banners and other advertisements on this Application, possibly based on User interests.
This does not mean that all Personal Data are used for this purpose. Information and conditions of use are shown below.
LAST UPDATED: May 2018
EFFECTIVE: May 25, 2018
2. INMOBI ADVERTISING
2.1 WHAT IS THE INMOBI AD NETWORK?
InMobi may engage in cross-device data collection, which refers to the process of collecting data from devices that have been determined through statistical analysis to be linked or related. We, or third parties whom we engage to provide this service, may use cross-device data to provide interest-based advertising services and to deliver tailored ads to users across multiple devices.
2.2 WHAT INFORMATION DO WE COLLECT?
When you view an InMobi ad on a site or app, we may collect information about your device that you have viewed. This information enables us to improve our services including recognising your device when you use other sites and apps that have partnered with us.
(a) Information about your device
InMobi may collect some or all of the following information about your device: device type (e.g. smartphone, tablet, etc.),operating system (e.g. iOS, Android, Windows, Blackberry), network provider, mobile browser used (e.g. Safari, Internet Explorer etc.),platform, SDK version, timestamp, API key (identifier for application), application version, iOS Identifier for Advertising, iOS Identifier for Vendors, model, manufacture of device, OS version of device, session start/stop time, locale (specific location where a given language is spoken), time zone, network status such as WiFi, the geo-location of your device (using GPS or other geo-location data) and the Identifier for Advertising (IDFA) or the Google Advertising ID (AAID) etc. In some countries, we also collect information such as international mobile equipment identity (IMEI), Internet (IP) addresses or geo-location data, which may be considered to be personal information and in which case, we ensure compliance with applicable laws in our collection or use of the same, to the extent applicable in such jurisdictions.
InMobi may collect the geo-location of your device only when an app or site, which leverages InMobi’s offerings through integration of InMobi’s technology/software (whether SDK, API or other integration) is active on the device. One way InMobi derives a device’s location is by collecting the device’s latitude and longitude coordinates through GPS. InMobi may infer the geo location of a device based on data collected through a WiFi identifier that the device is connected to, subject to country specific laws and/or industry guidelines related to such collection or inference practices. e.g: In the U.S. and UK, InMobi may infer geo-location through WiFi identifiers pursuant to obtaining user consent through applicable apps or sites.
(b) Information about ads presented on your device
InMobi also collects some or all of the following information about an ad presented on your device: (i) the content type of the ad (what the ad is about, e.g. games, finance, entertainment, news); (ii) the ad type (e.g. whether the ad is a text, image, or video based ad); (iii) where the ad is being served (e.g. the address of the site on which the ad appears); and (iv) certain information about post-click activity in relation to the ad including user interaction with such ad.
On occasion, our partnering mobile publishers or app developers may also disclose to us certain information including email addresses of users in a hashed format (not in raw format) they have separately collected about you so that we can improve the relevance of the ads we serve on their behalf. They do this in accordance with their own specific privacy policies and subject to their own applicable legal requirements. We do not use the information they provide to us for any purpose other than serving you with interest-based ads or for reporting or analytical purpose(s).
2.3 HOW DO WE USE INFORMATION THAT WE COLLECT?
InMobi uses the information that we collect from your device to display advertising on your device, which may include interest-based advertising customised to individuals’ inferred interests, preferences and locations and to perform analysis aimed at improving our services.
The information we collect from your device also helps us to provide filtering options for publishers and developers to manage ads appearing on their sites and in their apps, and to provide targeting options for advertisers. We rely on your consent to process your personal data in this way. If you do not consent, the ads you see will be less tailored to your interests. In particular, processing your data in this way help our publishers and developer clients, for example, to avoid presenting you ads that you have already seen, and helps our advertiser clients serve advertisements that are more likely to be of interest to you.
2.4 WHO DO WE SHARE INFORMATION WITH?
(a) Publishers, Developers, Advertisers, Data Partners and Measurement Companies
InMobi may share the information we collect or receive regarding you as described in this Policy with our publishers, developers, data partners, measurement companies and advertisers. These partners may use this information to show you relevant ads, measure your ad/site interaction, identify your interest areas, better understand the site and app traffic usage or user behaviour in order to refine and improve their services. Such partners’ use of the information we share with them will be governed by their privacy policies.
(b) With InMobi Affiliates
We may also share your information with InMobi affiliates so that we can better provide advertising that is relevant to you.
(c) Sharing Info with third parties such as advisors and law enforcement authorities.
From time to time, we may also need to disclose your information to other third parties, such as law enforcement authorities or our legal advisers, where it is necessary to: comply with the law or regulations; enforce or apply our user terms and conditions; protect our rights, or; preserve the safety of our users. This may include exchanging information with other companies and organizations for fraud protection.
InMobi may also share your information in connection with any merger, a sale of InMobi assets, or a financing or acquisition of all or a portion of our business to another company.
3.YOUR INTERACTION WITH INMOBI WEBSITE
3.1 WHAT INFORMATION DO WE COLLECT?
If an individual or entity chooses to create an account on the InMobi website we collect username, password, email address, phone number, country, and preferred account type that is provided at the time of registration.
A registering party can also provide us with other optional information, such as name, picture, postal address, phone number, social network profiles, questionnaire responses, general business information, and other personal, biographical, or demographic info. The optional information may not necessary for use of the InMobi site or to maintain an account with us, but by sharing this information we can better serve and improve overall website and marketing experience. Please note that we may use some or all such data in conducting business transactions with the registering party or for marketing purposes.
If the name and email address of another individual or entity is provided, we may use that information to send such individual or entity a one-time invitation to visit or register with our site. Please do not share such information, if such individual or entity has not authorized provision or use of the same. In the course of registration or other modes of providing the data sets referred above, we advise all visitors to only share their business information with us.
3.2 THE USAGE INFORMATION WE COLLECT
In addition to the personal information described above, we also collect certain information about the usage of the site. Specifically, our servers collect the following information automatically about a visitor’s usage of the site:
1.the type of web browser used (e.g. Internet Explorer, Mozilla Firefox, Google Chrome or another)
2.vistor’s travel within the site (e.g. the pages visited within the InMobi site)
3. browsing preferences, such as screen size, resolution and other viewing preferences
4.the links and adverts that clicked on
5.information about how the visitor arrived at our site (e.g. whether directed to our site by a search engine or another third party website)
6.Information about how a visitor leaves our site (e.g. which website is visited immediately after visiting our site).
3.3 HOW DO WE USE THE INFO WE COLLECT?
For account management purposes
We use the account information and other personal information provided by a visitor to manage account, communicate with such individual or entity, conduct business (e.g. reporting and payment), personalise the InMobi website and comply with requests.
To contact visitors with marketing information
We will handle personal information (such as name, email address, postal address, telephone number and sector preferences) for marketing purposes and inform about products and services in accordance with marketing preferences.
When we send marketing emails because it has been opted-in by a visitor to receive them, we rely on consent to contact such visitor for marketing purposes.
If not opted-in and we send marketing emails, we do this because of our legitimate interest to promote the success of InMobi.
Every email we send for marketing purposes will also contain instructions on how to unsubscribe from receiving them.
A visitor is not under any obligation to provide us with personal data.
Visitor(s) can notify InMobi of their election of personal information to be not processed in this way at any time by contacting us at email@example.com or, where relevant, by following the unsubscribe link shown in every marketing communication received from us.
To conduct web analytics
We use usage information to analyse our web traffic, to figure out how often customers use parts of the site, to improve the site and generally to make it appealing to as many users as possible.
3.4 WHO DO WE SHARE INFORMATION WITH?
We will share personal information only in the ways that are described in this privacy statement. We do not sell any such personal information to third parties.
From time to time, we may need to disclose such information to third parties such as to law enforcement authorities or our legal advisers, where it is necessary to comply with the law or regulation; enforce or apply our user terms and conditions; to protect our rights, or to preserve the safety of our users. This may include exchanging information with other companies and organizations for fraud protection.
We may also share personal information with companies that provide services to help us with our business activities (e.g. processing payments or submitting emails on our behalf), in connection with any merger, a sale of InMobi assets, or a financing or acquisition of all or a portion of our business to another company. We need to process personal information in this way to provide the ongoing services and benefits. Whenever we share personal information for this reason we will ensure that the recipient is bound by all appropriate confidentiality obligations and that it commits to using such personal information only for the purposes for which it is originally provided.
Please be aware that the information submitted to public areas, such as our blogs, may be read, collected, and used by others who access them.
4. OPTING OUT OF INTEREST-BASED ADVERTISING
If you prefer not to receive interest-based advertising from InMobi, you can opt out of interest-based advertising at any time by going to the InMobi Opt Out page and submitting your device ID.
Please note that if you opt-out of interest-based advertising you will still receive “generic” ads from InMobi.
To effectively opt-out of our cross-device data collection activities, you must opt-out on every device browser and device using the appropriate opt-out methods.
5. HOW DO WE KEEP INFORMATION SECURE?
InMobi uses reasonable technical and organisational measures to protect the information it collects about you and your device. We may anonymise the information we collect using one-way hashing technology before sharing it with any third parties. We also seek appropriate contractual protection from our partners regarding their treatment of user data.
6. HOW LONG DO WE KEEP INFORMATION FOR?
InMobi may retain the information relating to your device collected from partnering mobile publishers or app developers for a period of up to thirteen (13) months, unless otherwise required by law or applicable contract. After the 13-month period, InMobi may retain and use such data in aggregated format, as necessary for internal analytical purposes, to comply with its legal obligations, resolve disputes and enforce agreements.
Where we are using personal information to contact for marketing communications, if opted-in we will contact you periodically, if required by applicable laws, to ensure you are happy to continue receiving such communications.
If informed of election to no longer receive marketing communications from us, InMobi will stop sending the same.
7. INTERNATIONAL TRANSFERS
InMobi may share your information with clients, affiliates and other third parties described above who are based in countries outside of your country of residence (for example, if you are an EU resident, we may share your information with our non-EU clients or affiliates), subject to any contractual or legal requirements. This means that their processing of your personal information will involve a transfer of data outside of the EEA.
Whenever InMobi transfers your personal information outside of the EEA, we ensure it is protected by making sure at least one of the following safeguards is in place:
by transferring your personal information to a country that has been deemed to provide an adequate level of protection by the European Commission;
by using specific contracts approved by the European Commission which give your personal information the same protection it has within the EEA including to US;
where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
If you wish to learn more about the specific circumstances when each of these protection measures are used, you can contact us at firstname.lastname@example.org for the details as to how we protect specific transfer of your data.
All information you provide to InMobi is stored on our secure servers or those of our third party data storage providers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. You must not share your password with anyone.
8. INFORMATION COLLECTED ON BEHALF OF THIRD PARTIES
InMobi may offer advertising solutions to clients that include the collection of voluntary information from you as part of an advertisement, e.g. serving an ad that contains an advertiser questionnaire or suveys. Such information may consist of personally identifiable information, non-personally identifiable information, or both. All of the information that you voluntarily provide in response to this form of advertisement is typically forwarded directly to the relevant client and will be governed by that client’s privacy policies in place. This information may be temporarily stored by InMobi for the aforesaid purpose and reporting to client, subject to applicable legal requirements. For more information see www.inmobi.com/leadgen.
10. WHAT ABOUT CHILDREN?
InMobi complies with the age gating provisions of the General Data Protection Regulation in EEA and Children’s Online Privacy Protection Act (COPPA) in the U.S and does not knowingly collect any personal data of children, as applicable.
11. WHAT ABOUT OTHER WEBSITES?
Right of access: Where we hold personal information about you, you can ask us for access to this personal information, to correct or update any inaccurate personal information we hold, to stop sending you direct marketing or to stop using your personal information altogether.
Right to rectification: You have the right to require InMobi to rectify any inaccurate personal information we hold about you. You also have the right to have incomplete personal information we hold about you completed, by providing a supplementary statement to us.
Right to restriction: You can restrict InMobi’s processing of your personal information where:
you think we hold inaccurate personal information about you;
our handling of your personal information breaks the law, but you do not want us to delete it;
InMobi no longer needs to process your personal information, but you want us to keep it for legal reasons; or
where we are handling your personal information because we have a legitimate interest, as described above, and are in the process of objecting to this use of your personal information.
Where you exercise your right to restrict InMobi from using your personal information, we will then only process your personal information when you agree, except for storage/archival purposes and to handle billing and legal claims.
Right to data portability: You have the right to receive your personal information in a structured, standard machine readable format and to send this to another organisation controlling your personal information. This right only applies to your personal information we are handling because you consented to us using it or because there is a contract in place between us.
Right to erasure: You have the right to require InMobi to erase your personal information which we are handling in the following circumstances (anonymization would satisfy erasure):
where we no longer need to use your personal information for the reasons we told you we collected it for;
where we needed your consent to use your personal information, you have withdrawn your consent and there is no other lawful way we can continue to use your personal information;
when you object to our use of your personal information and we have no compelling reason to carry on handling it;
if our handling of your personal information is in violation of applicable law; and
when we must erase your personal information to comply with a law we are subject to.
Right to complain: You have the right to lodge a complaint with the Information Commissioner’s Office, the supervisory authority for data protection issues.
If you would like to exercise any of these rights, you may be able to make the update within your account settings or by contacting us using the details provided below.
13 HOW DO WE KEEP INFORMATION SECURE?
We use appropriate technical and organisational security measures to protect the information we collect. We use multiple electronic, procedural, and physical security measures to protect against unauthorised or unlawful use or alteration of information, and against any accidental loss, destruction, or damage to information. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure.
Media.Net Advertising FZ-LLC, including our affiliates and subsidiaries, (individually and/or collectively, “Media.Net,” “we,” “us” or “our”) makes available the website located on the Internet at uniform resource locator (URL) www.media.net/ (“Website”).
About Our Business
We are a member in good standing of the Network Advertising Initiative (NAI), an industry body committed to responsible data collection for digital advertising and establishing responsible business and data management practices and standards. We are in compliance with the NAI’s Code of Conduct and you can learn more about the NAI by visiting http://networkadvertising.org.
Media.net adheres to the Digital Advertising Alliance (“DAA”) Self-Regulatory Principles and you can learn more about their practices by visiting http://digitaladvertisingalliance.org.
Personally Identifiable Data
When you register to participate in Media.net’s program for use of Media.net Technology as an advertiser or publisher, we require you to provide us with some Personally Identifiable Data. “Personally Identifiable Data” is information that can specifically identify you. Your provision of your Personally Identifiable Data to us is completely voluntary. We do not collect Personally Identifiable Data unless you submit that information to us. Personally Identifiable Data is not collected on Partner Sites through the operation of our Technology itself. Categories of Personally Identifiable Data we may collect include:
Identity Data, which includes name or other similar identifiers.
Contact Data, which includes address, email address and telephone numbers.
Financial Data, which includes payment details including details about payments to and from you.
Additionally, we may also collect certain others types of information that, along Personally Identifiable Data, may be considered and specifically named “Personal Data” in certain jurisdictions, including the European Union (“EU”), such as:
Technical Data, which includes internet protocol (IP) address, cookies, browser and device information, location data and your login data.
Usage Data, which includes information about how you use our Website and Partner Sites and advertising we serve on those sites including how many times you viewed the ad, clicked the ad etc to improve our Services and also mitigate fraudulent activities.
We collect Technical Data and Usage Data regarding your behavior and usage patterns on our Website and on our Partner Sites. We collect this type of information about you using cookies, web beacons, and other web tools (“Tools”). We do not use these Tools to store any Personally Identifiable Data. We do not have access to or control the Tools used by third parties on our Website or on any Partner Sites, and this policy does not govern the use of Tools by these third parties. Some of the Tools and the ways in which we use them are further described below:
To inform us if an advertisement has been served to the same computer before, and if so, when the advertisement was served. These cookies are not used by Media.net to build a profile of a user’s behavior nor are they used by Media.net for the purposes of behavioral tracking or behavioral targeting.
To conduct research and identify fraud and malicious activity
When you visit one of our Partner Sites, we may assign your computer one or more cookies which enable us and our Partners to deliver targeted advertisements. This form of advertising is called “behavioral advertising” or “interest based advertising”. We believe that such advertising is helpful because you will see ads that are relevant to your interests. However, if you would like to opt-out of these interest-based advertisements, please see the section titled “Opt-Out” below.
Unless you choose to provide it to us, our Technology does not collect any sensitive consumer information about you during the ad delivery process. Our Technology does not, for example, collect any social security numbers, insurance plan numbers, financial account numbers, precise real-time geographic location derived through location-based services, nor any specific information about your past, present, or potential future health or medical conditions or treatments, including genetic, genomic or family medical history.
Further, while our Technology does not deliver targeted ads based on precise medical conditions or treatments or market prescription drugs, we may generate and serve targeted ads for general health products that do not require a prescription. Examples may include certain health categories like dietary supplements, fitness equipment, weight-loss products, skin-care products etc. For a full list of our health related segments, please click here.
IF YOU ARE SITUATED IN THE EU, PLEASE SEE THE SECTION “ADDITIONAL EU DISCLOSURES” THAT PERTAIN TO OUR COLLECTION, USE AND DISCLOSURE OF YOUR PERSONALLY IDENTIFIABLE DATA AND PERSONAL DATA AND ADDITIONAL RIGHTS YOU HAVE UNDER APPLICABLE LAW.
Subject to the section titled “Additional EU Disclosures”, Personally Identifiable Data is generally only submitted to us by our publisher or advertiser Partners in connection with their use of our Technology and we use this Personally Identifiable Data to service their accounts and respond to inbound inquiries related to sales or technical support requests.
In addition, we use your Personal Data for a variety of purposes, including:
sharing it with third parties such as advertising partners, ad networks, publishers, data providers and corporate affiliates in order to provide our services, conduct internal analysis to perform and improve our services and associated technologies;
combining data we collect about you with data we obtain from our business partners, ad networks, and/or other companies such as data providers, including our corporate affiliates in order to provide our services, conduct internal analysis in order to perform and improve our services;
inferring eligibility of users for interest, geographic and demographic-based segments;
presenting advertisements tailored to interests you have shown;
determining whether you have seen a particular advertisement before so as to avoid sending you duplicate advertisements;
identifying fraud and malicious activity
understanding the patterns of people who see advertisements;
providing insights and reporting back to our business partners, including statistical reporting in connection with the activity on a website or mobile application, optimization of location of ad placement, ad performance, reach and frequency metrics, billing, and logging ads served on a particular day to a particular website or application;
evaluating the probability and nature of connections between devices; and
creating online advertising models through lookalike modelling or similar research methodologies.
Subject to the section titled “Additional EU Disclosures”, we may share the information we collect about you with certain third parties in the following ways:
We provide information to third parties for legal process (e.g., in response to a subpoena or civil or criminal investigative demand, court order, or a request from law enforcement or other government agency); to establish or exercise our legal rights; to defend against legal claims; to protect the security and integrity of our assets and business operations; or as otherwise required by law. In addition, we may disclose your information when we believe it is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of Media.net, our Partners, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce the terms of service of our Website or other agreements or policies.
We may also provide information to third parties in connection with a substantial corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.
Opting out of interest based advertising
We will only retain information relating to you for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for such information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we process your information and whether we can achieve those purposes through other means, and the applicable legal requirements. Unless contrary to applicable laws, except with respect to information about our Partners with whom we have an ongoing relationship, our policy is to retain the non-aggregated information we collect for up to 24 months, after which the data is either anonymized or deleted from our systems. And as permitted by law, we may continue to retain aggregated information. In some circumstances, if you are an EU data subject, you can ask us to delete your Personal Data by sending us an email to email@example.com.
Our Website is intended for an audience above the age of 18. Neither our Website nor our Technology / advertising services are developed for, intended for, or directed at, children, and we do not knowingly collect information about children under the age of 13 (or such other age as may be restricted under local law). If you believe your child has provided his or her information to us, please contact us at firstname.lastname@example.org.
Additional EU Disclosures
Media.Net Advertising FZ-LLC. Is the data controller of all Personally Identifiable Data collected through our Website. If you are situated in the EU and have any complaints regarding our privacy practices, you have the right to make a complaint at any time to your local Supervisory Authority. We would, however, appreciate the chance to deal with your concerns before you approach your Supervisory Authority so please contact us in the first instance. If you have a complaint, please contact our privacy manager per the details listed in section titled “Contact Us” below.
Legal basis for our processing of your Personal Data
Below are the types of lawful basis that we will rely on to process your Personal Data:
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at email@example.com.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject.
Consent means where you have consented to a certain use of your Personal Data.
Withdrawing your consent
If we are relying on your consent to process your Personal Data, you have the right to withdraw your consent at any time. You have the right to withdraw your consent at any time by contacting us at firstname.lastname@example.org.
Cross border transfers
Third Party Practices
Media.net Advertizing FZ-LLC
2701 Aurora Tower, Dubai Media City,
Dubai 215028 Smaato Effective Date: May 25, 2018
Information we receive about end users (“End Users”) of third-party mobile applications (“apps”) that use our Software Development Kit (“SDK”), other collection interfaces (collectively, “APIs”), the Smaato Demand Platform (“SDX”), or the Smaato Publisher Platform (“SPX”) (collectively, the “Smaato Ad Services”), and
Information we receive through our corporate website at www.smaato.com or any other website on which this Policy is posted, as well as information we get through other corporate services and web portals we make available to clients and business partners (“Smaato Websites”). We describe the information received through the Smaato Websites in Section 5 below, titled “Privacy Practices for the Smaato Websites.”
We encourage consumers to learn about how information (including information we collect) can be used to market to them, and how to exercise their choices to permit or limit such marketing. We describe ways consumers can exercise that choice or opt out of marketing in Section 4 below, titled “Consumer Control and Opt-Out Options.”
1. Introduction and Background
Smaato provides mobile advertising technology services that facilitate transactions among advertisers, app developers, publishers of mobile websites and/or apps, and ad exchanges (collectively, “Clients”), and service providers and other data partners (collectively “Partners”). We do this by making available the Smaato Ad Services and other tools to Clients. Clients use the Smaato Ad Services and other tools to deliver advertising to End Users, and we in turn provide our services to help Clients (and their own customers) to deliver ads that are of interest to End Users. We explain what SDKs and APIs are in Section 3 below, titled “Cookies, Pixel Tags, and SDKs,” which also explains how cookies and similar technologies (which we also use to provide the Smaato Ad Services) work.
2. Privacy Practices for the Smaato Ad Services
a. Information Collected Through the Smaato Ad Services
Through the Smaato Ad Services, we may (but do not necessarily, or always) collect a variety of information about End Users (whether through our SDK or through other partnerships and tools such as Client-facing APIs), including:
IP addresses, from which geographic location may be inferred, as well as system configuration information such as information about End Users’ operating system;
Precise geolocation information (generally an End User’s latitude and longitude data);
Mobile advertising identifiers, such as iOS IDFAs and Android Advertising IDs (collectively, “Mobile IDs”). These Mobile IDs may be associated with other information we collect through the Smaato Ad Services, from third parties, or through any other services we offer;
Apps that you have installed, mobile websites that you have interacted with, and how you interact with them, including whether and how you interact with ads (including time-stamp information);
Device type and other device information (e.g., whether you are using a smartphone or tablet, and related information);
Mobile browser (e.g., Firefox, Safari, and Chrome);
Carrier user ID (a number uniquely allocated to you by your network provider); and
Other unique identifiers that may be associated with an End Users’ device, including identifiers provided by Clients or their service providers.
We may combine and merge the various types of information collected from the Smaato Ad Services, and may also enhance it (or permit our Clients to enhance it) with information collected from third parties. We refer to all of the above information as the “Service Information.”
b. How We Use the Information Collected Through the Smaato Ad Services
We use the Service Information to provide a variety of services to our Clients related to advertising and marketing, including services we may describe elsewhere on Smaato Websites. This includes use of the Service Information for purposes such as to:
Provide and improve the Smaato Ad Services. This includes, for example, providing customer, technical, and operational support for these features, detecting and protecting against errors, fraud, or other criminal activity, and resolving disputes and enforcing our terms and conditions and other rights we may have. This may also include analyzing, customizing, and improving the features of the Smaato Ad Services;
Provide information and analytics to Clients about the use of app features provided through the Smaato Ad Services, or help Clients create or enhance user profiles for marketing or analytics purposes;
Create inferences about End Users categorized into “Audience Segments” or to help Clients do so. For example, if the information we collect indicates that an End User likes apps (or clicks on ads) about travel, we may categorize the End User of that device as someone who is interested in travel;
Develop and use data models that try to predict End Users’ potential future behavior and interests on a per-device basis or across devices;
Analyze ad performance, for example, by attributing End Users’ app installations or mobile web visits to ad campaigns;
Resolve identities across multiple devices, such as to match IP addresses to link an End User across, for example, mobile browsers, mobile devices, tablets, set top boxes, or other devices; and
Combine the Service Information to perform (including by working with Clients and Partners) any of the above functions, or other advertising, marketing, or analytics services. Or, we may aggregate and create data models to do this, by creating algorithms in order to predict common interests among End Users.
We, or our Clients, may deploy online cookies to track End Users across mobile websites and/or apps, or to associate End Users and these cookies with Mobile IDs. We, or our Clients, may perform such functions to resolve End Users’ identities across mobile devices and to better or more accurately target relevant ads to End Users (such as to a brand’s customers). We may also append or combine certain elements of the Service Information to other information provided by third-party data providers, to learn more about End Users or to provide advertising and analytics services. You can learn more about cookies and similar technologies, such as web beacons and SDKs, in Section 3 below, titled “Cookies, Pixel Tags, and SDKs.”
c. How We Share Information We Collect Through the Smaato Ad Services
Generally, we share the Service Information with Clients and Partners in order to provide the Smaato Ad Services. For example, we share the Service Information with:
Clients and their marketing and service providers, so they may provide targeted content and advertising to End Users on mobile websites and/or apps;
Other third parties that target advertising. This may include, for example, platforms that work directly with marketers (sometimes called demand-side platforms), analytics companies, data management platforms that help marketers maintain and use data, proximity solution providers, and other advertising technology providers. These companies may, for example, provide targeted content and advertising to End Users and others on third-party mobile websites and/or apps or other advertising media (such as email, direct mail, and display media);
Clients and their marketing and service providers, to help measure the effectiveness of marketing or analyze their End Users’ likely interests or demographics;
Partners to enhance consumer privacy, hash information, or send advertising offers by email or display advertising (which may be linked to a cookie as described above); and
Third-party platforms to help advertisers identify common users across different mobile devices and/or mobile browsers.
Even when you no longer access our SDK, we may continue to use and share your information as described in this Policy.
The processes we described above often involve cookies or similar technologies, which may be associated with other information about End Users, such as End Users’ interests, demographics, or transactions. This is generally known as “interest-based advertising.” We encourage individuals who are interested in controlling or learning about this type of advertising to go to Section 4 below, titled “Consumer Control and Opt-Out Options,” or go to the Digital Advertising Alliance’s (DAA’s) website at www.aboutads.info.
We may also share Service Information with third parties:
Pursuant to a request or authorization by an End User or Client;
If the disclosure is provided to: (a) comply in good faith with applicable laws, rules, regulations, governmental and quasi-governmental requests, court orders, or subpoenas, including for purposes of national security and law enforcement; (b) enforce our terms and conditions or other agreements; or (c) protect our, or any other person’s or entity’s, interests, rights, property, or safety, or in connection with an investigation of suspected or actual unlawful activity;
Where the information is aggregated or de-identified; and
As part of a business purchase, sale, merger, consolidation, investment, change in control, transfer of all or substantially all of our assets, reorganization or liquidation, bankruptcy, or in connection with steps taken in anticipation of such an event (e.g. due diligence).
3. Cookies, Pixel Tags, and SDKs
a. Cookies and Pixel Tags
Cookies are small data files containing a string of characters, such as unique browser identifiers. Cookies are stored on your computer or other device and act as unique tags that identify your browser. Our servers may deploy a cookie on your browser when you visit the Smaato Websites. Our Clients and Partners may do likewise on the Smaato Websites, our Clients’ and Partners’ websites, and elsewhere. Smaato may use both session cookies and persistent cookies. Persistent cookies, unlike session cookies, remain after you close your browser, and may be used by your browser on subsequent visits to any given website. Using persistent cookies, a site operator (or a third party they work with) can “remember” what you have previously done on a website and personalize the site, or ads you see, for you. This technology may also provide a site operator or third party (or us, when you visit the Smaato Websites) with information regarding your IP address, browser type, the web pages that you visit just before or after visiting a website, the web pages viewed, and the dates and times of your visits.
A pixel tag (also commonly known as a web beacon or clear GIF) is an invisible 1 x 1 pixel that is placed on certain web pages. When you access a web page with a pixel tag, the pixel tag may generate a generic notice of the visit, and permit us, or our Clients or Partners, to set or read cookies. Pixel tags are used in combination with cookies to track the activity on a website by a particular browser on a particular device. If you disable cookies, pixel tags simply detect a given website visit.
b. Mobile Device Identifiers and SDKs
We, or our Clients or Partners, may use or work with mobile SDKs (including our own SDK(s), which are described in more detail in this Policy) to collect information, such as Mobile IDs, and information related to how mobile devices and their users interact with our Smaato Ad Services and those using our Smaato Ad Services. The SDK is computer code that app developers can include in their apps to enable ads to be shown, data to be collected, and related services to be implemented. Sometimes, we obtain data through other (generally, simpler) interfaces that deliver similar data to us, which are commonly referred to (and which we refer to) as APIs. We may use these technologies, for example, to analyze or measure certain advertising through apps and browsers based on information associated with your mobile device. If you would like to opt out from having ads tailored to you in this way on your mobile device, please follow the instructions in Section 4 below, titled “Consumer Control and Opt-Out Options.”
Our Clients or Partners may use the above technologies (sometimes, in combination with each other or other data such as IP addresses or hashed or de-identified data files) to coordinate identifiers across platforms, browsers, or devices, in order to more efficiently analyze or target advertising.
4. Consumer Control and Opt-Out Options
In most cases, consumers have control over whether or not they would like to receive relevant ads and marketing email from our Clients.
a. Opting Out of Online Interest-Based Advertising
You can opt out of many of the platforms and service providers we work with that support online interest-based advertising by visiting the Digital Advertising Alliance’s consumer education and opt-out page at http://www.aboutads.info (or the European Interactive Digital Advertising Alliance’s opt-out page at http://www.youronlinechoices.eu if you are located in the European Union). This type of opt out is cookie-based, which means that if you replace or upgrade your browser, or delete your cookies, you will need to opt out again. Opting out in this way will not prevent you from receiving ads; rather, the ads you see will be less customized to you.
Although we do not ourselves deliver interest-based advertising on browsers, we or companies that we work with may sometimes use them for “cross device” advertising. For instance, they may use the mobile identifiers that we collect and share to try to connect user identities across different platforms, channels and devices — such as by using a common IP address to “match” a use on a mobile device to a use on a browser. The above opt-out methods will in most cases opt your device out of browser-based online advertising.
b. Opting Out of Cross-App Advertising on Mobile Devices
You can opt out of having your Mobile IDs used for certain types of interest-based mobile advertising (also called “cross-app advertising”), including those performed by Smaato, by accessing the settings on your Apple or Android mobile device, as follows:
Apple Devices: If you have an Apple device, you can opt out of most cross-app advertising by updating to iOS 6.0 or higher and enabling “Limit Ad Tracking.”
iOS 7 and Higher: Go to Settings → Privacy → Advertising, and toggle “Limit Ad Tracking” to ‘ON.’
iOS 6: Go to Settings → General → About → Advertising, and toggle “Limit Ad Tracking” to ‘ON.’
Android Devices: If you have an Android device, you can opt out of most cross-app advertising by going to Google Settings → Ads, and selecting the option to opt out of interest-based ads.
Please note that these platforms control how these settings work, so the above instructions may change, and the precise language may be different on certain (particularly, on older) devices. Likewise, if your device uses other platforms not described above, please check the settings for those devices.
c. Additional Choices
Advertisers may also provide ways for you to opt out from, or limit their collection of, certain information from and about you. Please refer to the privacy policies for retailers, apps, and mobile websites to learn more about their privacy practices.
You may opt out from receiving promotional emails from us, such as emails to inform you about events and new services, by following the “unsubscribe” instructions in any promotional email you receive, or by contacting us at email@example.com. Please note, however, that we may still send you non-promotional emails relating to your relationship with us.
5. Privacy Practices for the Smaato Websites
a. Information We Collect Through the Smaato Websites
The Smaato Websites provide information regarding Smaato and our products and services. Through the Smaato Websites, we collect information you voluntarily disclose to us, and we may also obtain automatically-collected information.
i. Information You Disclose to Us
When registering for an account, expressing an interest in obtaining additional information about Smaato or our products and services, or otherwise contacting us through the Smaato Websites, we collect information you voluntarily disclose to us, such as your name, mailing address, email address, telephone number, credit card number, and other billing information. You may also provide us with certain information about your business or other individuals.
ii. Automatically-Collected Information
We may also use third-party services, such as Google Analytics, that gather information such as your IP address, browser type, the web page from which you came to the Smaato Websites, and the times of your visit. In addition, as you browse the Smaato Websites, advertising cookies may be placed on your computer so that we can “remember” your interests. Our display advertising partners may then help us retarget ads to you on other sites based on your interactions with the Smaato Websites. To opt out of such interest-based mobile advertising, please see Section 4 above, titled “Consumer Control and Opt-Out Options.” Opting out in this way will not prevent you from receiving ads; rather, the ads you see will be less customized to you.
b. How We Use Information We Collect Through the Smaato Websites
In addition to the uses described elsewhere in this Policy, we use the information we collect through the Smaato Websites (alone or in combination) to provide, market, improve, and operate the Smaato Websites, Smaato Ad Services, and any other products or services we have or may develop. This includes use of the information to:
Fulfill your requests;
Send information about our products and services, including marketing communications;
Respond to your questions, concerns, or customer service inquiries;
Create aggregated or de-identified information;
Comply with applicable laws, prevent fraud, mitigate risk, and perform similar purposes;
Understand usage trends and preferences;
Analyze, improve, and provide products and services;
Customize the content and advertising you see on the Smaato Websites, across the Internet, and elsewhere; and/or
Perform other purposes at your request.
c. How We Share Information We Collect Through the Smaato Websites
We may share the information we collect through the Smaato Websites in the following situations:
With your consent, including through this Policy;
With our affiliates;
With third parties that help us to operate our business and provide our services, such as entities that provide us with technical, customer, billing, administrative, event planning, marketing, or operational services;
As part of a business purchase, sale, merger, consolidation, investment, change in control, transfer of all or substantially all of our assets, reorganization or liquidation, bankruptcy, or in connection with steps taken in anticipation of such an event (e.g. due diligence);
When required by law or in response to lawful process, such as a subpoena, or to cooperate in good faith with a request from a government or law enforcement agency or official, including for purposes of national security and law enforcement;
If we believe sharing the information may prevent physical, financial or other harm, injury, or loss; or
If we believe sharing the information is necessary to protect our, or any other person’s or entity’s, interests, rights, property, or safety, or in connection with an investigation of suspected or actual unlawful activity.
With respect to aggregated or de-identified information, we may share such information without restriction.
6. Data Access and Retention
Generally speaking, we retain the information collected from the Smaato Websites and Smaato Ad Services for as long as necessary to achieve our objectives as detailed in this Policy, and to comply with our legal obligations, resolve disputes, and enforce our agreements.
If you are a resident of the European Economic Area (EEA), Switzerland, or the United Kingdom (UK), you may obtain a copy of the information we have about you, and correct or amend such information, by contacting us at firstname.lastname@example.org. You may read more about this and other rights in Section 12 below.
7. Data Security
We have administrative, technical, and physical safeguards in place in our physical facilities and in our computer systems, databases, and communications networks that are designed to protect the information from loss, misuse, or alteration. No method of electronic transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security of your information.
To assist with data security, you understand that YOU ARE RESPONSIBLE FOR MAINTAINING THE SECRECY OF ANY ACCOUNT CREDENTIALS THAT CAN BE USED TO ACCESS ANY ACCOUNT WITH SMAATO. ANY ACTIONS TAKEN USING YOUR ACCOUNT CREDENTIALS ARE YOUR SOLE RESPONSIBILITY.
8. Third-Party Websites and Apps
This Policy only applies to the Smaato Websites and the Smaato Ad Services. We are not responsible for the privacy practices or disclosures of websites, developers, or apps that access or use the Smaato Websites or Smaato Ad Services. Likewise, when you access the Smaato Websites, you may be directed to other websites that are also beyond our control. We encourage you to read the applicable privacy policies and terms and conditions of such third parties and websites, and the industry tools that we have referenced in this Policy.
9. Users from Outside the United States
The Smaato Websites and Smaato Ad Services are provided, supported, and hosted in the United States, and their operation is governed by United States law. If you are using the Smaato Websites or Smaato Ad Services from outside the United States, be aware that your Information may be transferred to, stored, and processed in the United States and other countries where our facilities are located. The data protection and other laws of the United States might not be as comprehensive as those in your country. By using the Smaato Websites or Smaato Ad Services, you consent to your information being transferred to our facilities and to the facilities of those third parties with whom we share your information as described in this Policy.
Please see Section 12 below, titled “The EU General Data Protection Regulation (GDPR)” for additional information we provide for the benefit of residents of the EEA, Switzerland, and the UK.
10. California Do-Not-Track Statement
We do not currently recognize or respond to browser-initiated Do-Not-Track signals, as there is currently no industry-wide consensus as to uniform Do-Not-Track standards, implementations, or solutions. Please review Section 4 above, titled “Consumer Control and Opt-Out Options,” for information about your marketing choices.
11. Privacy Shield
As a business under the jurisdiction of the Federal Trade Commission, Smaato has certified with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (the “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the European Union (EU) member countries and Switzerland. Smaato certifies that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. Consistent with these Principles, where Smaato uses service providers to process personal data of EU or Swiss residents, Smaato shall remain liable where the agent processes such personal data of EU or Swiss residents in a manner inconsistent with the Privacy Shield Principles, except where Smaato establishes that Smaato is not responsible for the damages caused by the agent. To learn more about the Privacy Shield, and to view the list of entities who have current certifications under the Privacy Shield, please visit this page.
If you have any questions or complaints about Smaato’s privacy practices, you may contact Smaato at the contact information in Section 14 below, titled “Contacting Us,” and we will work with you to resolve your issue. If you are a resident of the EU or Switzerland, you may also contact your appropriate European Data Protection Authority or the Swiss Federal Data Protection and Information Commissioner, respectively, with questions or complaints about our privacy practices.
If you are a resident of the EU or Switzerland and are dissatisfied with the manner in which we have addressed your concerns about our privacy practices, you may seek further assistance from our designated Privacy Shield independent recourse mechanism, the JAMS EU-U.S. and Swiss-U.S. Privacy Shield Program:
Claims shall be arbitrated free of charge by our arbitration provider, JAMS, though each party shall be responsible for its own attorneys’ fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles.
Under certain conditions, residents of the EU and Switzerland who have unresolved complaints after: (1) contacting Smaato to resolve the issue; (2) seeking assistance from our independent recourse mechanism; and (3) contacting the U.S. Department of Commerce (either directly or through a European Data Protection Authority or the Swiss Federal Data Protection and Information Commissioner) and affording the Department of Commerce time to attempt to resolve the issue, may elect to invoke binding arbitration through the Privacy Shield arbitration process, more fully described on the Privacy Shield website.
12. The EU General Data Protection Regulation (GDPR)
As of May 25, 2018, a new data privacy law known as the EU General Data Protection Regulation (the “GDPR”) will be in effect through the EEA, Switzerland, and the UK. The GDPR requires Smaato and those using our services to provide users with certain information about the processing of their “Personal Data.” “Personal Data” is a term used under the GDPR that means, generally, data that identifies or can identify a particular unique user or device – for instance, names, addresses, cookie identifiers, Mobile IDs, precise location data, and biometric data.
To comply with the GDPR, we provide the below representations and information, which are specific to persons located in the EEA, Switzerland, or the UK.
a. Legal Grounds for Processing Personal Data
The GDPR requires us to tell you about the legal ground we are relying on to process any Personal Data about you. The legal grounds for us processing your Personal Data for the purposes set out in Sections 1 and 2 above (and Section 5 as to the Smaato Websites) will typically be because:
You provided your consent. In order to store and gain access to information stored on your device, we rely on your consent. For this “cookie consent” (which applies not only to “cookies” but also to Mobile IDs), we rely on mobile app developers and oblige them contractually to pass on only legally obtained data. We do so to fulfill our obligations under the ePrivacy Directive. We may choose to obtain consent in other cases as well, in which case we will adhere to applicable laws relating to such consent and its withdrawal;
The processing is in our legitimate interest. In some cases, we rely on legitimate interest as a legal basis for processing Personal Data, in order to provide our and/or other data controllers’ services. Such processing goes beyond the original collection of Mobile IDs. A legitimate interest we rely on, for instance, is the tailoring of promotional communications within mobile apps and services, which is beneficial to End Users and is an integral part of the ecosystem by which freely available content is funded through advertising revenue. This also may include providing analysis of and reporting about ad campaigns. We also rely on legitimate interest when we use Personal Data to maintain the security of our services, such as to detect fraud or to ensure that bugs are detected and fixed;
Contractual relationships. Sometimes, we process certain data as necessary under a contractual relationship we have (such as our customer records and contact information);
Legal obligations. Finally, some processing of data may be necessary for us to comply with our legal or regulatory obligations.
b. Transfers of Personal Data
As Smaato works with global companies and technologies, we may need to transfer your Personal Data outside of the country from which it was originally provided. For instance, we may transfer your data to third parties that we work with who may be located in jurisdictions outside of the EEA, Switzerland, or the UK, and which have no data protection laws or laws that are less strict in comparison to those in Europe.
When we transfer Personal Data outside of the EEA, Switzerland, or the UK, we take steps to ensure appropriate safeguards are in place to protect your Personal Data. For example, Smaato is Privacy Shield certified, and thus self-certifies to protect Personal Data from the EEA, Switzerland, and the UK in accordance with established data privacy principles. You can learn more about Smaato’s Privacy Shield certification in Section 11 above, titled “Privacy Shield.” Please contact us at the contact information below for more information about the safeguards we have put in place to protect your Personal Data and privacy rights in these circumstances.
c. Personal Data Retention
As a general matter, we retain your Personal Data for as long as necessary to provide our Smaato Ad Services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements. We generally render Mobile IDs inactive within 13 months, provided that we may retain them if we have a legal or significant operational need to do so, such as for auditing, corporate record-keeping, compliance accounting, or bug-fixes.
If you are a Client of ours and thus have an account with us, we will typically retain your Personal Data for a period of 3 years after you have requested that your account be closed, or such account has been inactive.
d. Your Rights as a Data Subject
The GDPR provides you with certain rights in respect to Personal Data that data controllers hold about you, including certain rights to access Personal Data, to request correction of the Personal Data, to request to restrict or delete Personal Data, and to object to our processing of your Personal Data (including profiling for online ad targeting).
Right to Access: If you wish to exercise your right to access Personal Data we process as a data controller, you may do so by requesting access through the e-mail address email@example.com. When we receive your request, we will provide you with current, step-by-step instructions to follow in order to obtain access. We will then assess requests to exercise data access rights on a case-by-case basis; in doing so, we consider the difficulty of verifying whether a mobile identifier and data we have linked to it truly and solely belongs to the data subject making the request, as well as the potential adverse effects on disclosure of personal data to the wrong individual. Because such improper disclosure would likely adversely affect the privacy rights and freedoms of the data subject, we may limit the Personal Data we make available. Please note that we will only grant requests submitted via email for Personal Data for which we are a data controller, as explained further below. Where we act as a data processor for one of our Clients, we will refer your request to that Client. Please identify the Client your request refers to (if possible), to simplify this process.
Right to Correct: If you wish to exercise your right to correct Personal Data, you may do so by contacting us at the contact information below.
Right to Object to Processing or to Withdraw Consent: By using the device-based “opt-out” signals described in Section 4(b) above, you may withdraw consent for processing on which we rely on consent. If you do so, we will cease processing your Personal Data for purposes of our services within 30 days or less. We either collect these opt-out signals ourselves or receive them from the mobile apps we work with.
Right to Erasure. You also have the right to obtain the erasure of Personal Data concerning you that we hold as a data controller. The above opt-out process satisfies this right. When an End User opts-out through device settings, and we receive this signal from our Clients, the Personal Data we use to provide our services will be deleted within 30 days (if you have an Android device) or permanently rendered disconnected to your device (if you have an iOS device). We will also manually delete your Personal Data, subject our identity verification process mentioned above, if you prefer that we do so; please contact us at firstname.lastname@example.org for further instructions on exercising this right manually. Please note, however, that we may retain copies of certain Personal Data on inactive or back-up files, for our own internal and necessary purposes, such as auditing, accounting and billing, legal, or bug detection. We will retain your Personal Data for the period necessary to fulfill any important purposes that we have in retaining it, principally regarding legal, auditing, accounting, and billing obligations.
Right to Lodge Complaints. You have the right to lodge a complaint with a supervisory authority. However, we hope that you will first consult with us, so that we may work with you to resolve any complaint or concern you might have.
e. Smaato as a Data Controller and a Data Processor
EU data protection law makes a distinction between organizations that process Personal Data for their own purposes (known as “data controllers”) and organizations that process Personal Data on behalf of other organizations (known as “data processors”). If you have a question or complaint about how your Personal Data is handled, we encourage you to direct your inquiry to the relevant data controller, since data controllers hold primary responsibility for your Personal Data.
Smaato may act as either a data controller or a data processor in handling your Personal Data, depending on the precise circumstances. For instance, for Personal Data that we use internally and independently to create our own data tools and operate the Smaato Ad Services, and for Personal Data that we collect about our Clients, we are a data controller. But when we handle Personal Data strictly on behalf of our Clients or Partners in order to provide our services to them, we are a data processor. Thus, for instance, if you have questions about data that is used primarily by a mobile app on which our technology is embedded – or companies that serve ads that use our technology – you should contact those companies regarding questions about the Personal Data they handle and control.
f. Questions or Concerns
If you are a resident of the EEA, Switzerland, or the UK and have concerns regarding this Section 12, you may contact our data protection officer by email at email@example.com or by post to the following address:
External Data Protection Officer
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21, 20354 Hamburg, Germany
We may occasionally update this Policy to reflect changes to our privacy practices. The amended Policy will be displayed on the Smaato Websites. Please check our Policy regularly to ensure you have read the latest version and to stay informed of our privacy practices. Your continued access to and use of the Smaato Websites and Smaato Ad Services constitute your acknowledgement of this Policy and any updates.
14. Contacting Us
If you have any general questions regarding this Policy, you may contact us by email at firstname.lastname@example.org or mailing the following address:
240 Stockton Street, 10th Floor
WHAT IS TAPJOY?
Tapjoy, Inc. operates a platform that enables advertisers to reach mobile in-app ad inventory, mobile app users to be compensated for their attention, and mobile app publishers to receive revenue from the ad space in their applications.
Tapjoy is a member of the Interactive Advertising Bureau (IAB). More information about the IAB may be found here [http://www.iab.net/public_policy/codeofconduct].
Publishers use Tapjoy by adding our SDK to their apps; this allows us to display ads on behalf of our advertisers in ad space within the app (our advertising and monetization service). (“SDK” is short for “software development kit”, meaning software that an app publisher can include in its app to enable Tapjoy services in the app.)
Advertisers use Tapjoy by placing orders for our ad services, and in turn, we pay publishers for the right to show ads in their apps.
Users use Tapjoy through engaging with ad offers we display through our ad placements in a participating publisher’s app. Tapjoy ad placements include offerwall, which allows a user to choose from a page of various rewarded ad offers (“rewarded” meaning that the user receives a reward in the form of virtual currency for the app they’re using); video, which offers the user virtual currency reward in exchange for engaging with a video offer; and interstitial, which rewards the user with virtual currency or access to premium content in exchange for a short commercial break.
To further support our publishers, we also offer related optional services, such as analytics, which helps publishers understand how their users use their apps, and virtual currency management services, which helps publishers manage in-app virtual currency.
We provide customer support for users who did not receive an expected in-app reward; this involves working with the advertiser, the user, and the publisher to identify and resolve the issue.
WHAT INFORMATION DOES TAPJOY COLLECT, AND FOR WHAT PURPOSE?
That depends on how you interact with Tapjoy. Read on to learn about the following categories:
If you are an individual who uses a mobile app that uses Tapjoy ad placements, go to the section titled Information collected through our ad platform
If you are an individual who submitted a customer support ticket relating to a Tapjoy ad, go to Customer support information
If you access Tapjoy’s corporate website (www.tapjoy.com), or if you use Tapjoy’s dashboard to manage your Tapjoy advertiser or publisher services, go to the section titled Website and dashboard user information
All users should also review the section titled General privacy practices
INFORMATION COLLECTED THROUGH OUR AD PLATFORM
FIRST, WHAT IS NOT COLLECTED?
It may be helpful to know what information is not collected about you or your device: Tapjoy’s ad platform does not access, collect, or receive your name, your email address, your username, your physical address, your phone number, your credit card or other financial information.
(One exception: If you submit a customer support request, you provide us with additional information, such as your email address, and we use that information to respond to your request; see Customer support information, below.)
OK; WHAT INFORMATION IS COLLECTED THROUGH TAPJOY’S AD PLATFORM?
If you are an individual who uses a mobile app, and the app’s publisher uses Tapjoy services, we receive and collect information about your device and the Tapjoy ad offers that you view, and we use this information to reward you for offer engagement, to draw inferences about which offers may be more or less interesting to you, and to provide publishers with information about how their apps are used. This information is collected through our SDK, as integrated into the app you use to access Tapjoy ad placements, and through your interactions with ads on our ad platforms.
Here are the types of information that we collect:
Device identifiers (a device identifier is a string of numbers and letters unique to your smartphone or tablet assigned by the manufacturer or platform provider), such as
Google Advertising ID (GAID), or Android ID in its absence (or MAC address, in the absence of both), for Android devices, and
ID for Advertisers (IDFA), for iOS devices
The publisher’s user identifier
Information about the device itself, including
Whether it is a smartphone or tablet
What operating system and version it uses (e.g., iOS, version 11.0)
Model and manufacturer (e.g., Apple iPhone X, Samsung Galaxy S8)
Screen size, screen density, and other information relevant to ad formatting and display
Information about the internet connection used to access our services, including
Network type (e.g,. wifi)
Timestamp and duration (i.e., when the device connected to our services began and how long the connection lasted, for a given session)
Information about the app and our SDK, including
Which version of our SDK is integrated in the app used to access our services
API key (identifier for application); Partner App version; list of installed apps (the applications and/or processes which are installed or run on your device while the Partner App is active or inactive).
Location-related information – We infer the perceived general location of the device based on:
The IP address used to access our services
Location-related device settings, such as the device’s country code, language setting, and time zone
Ad-related information – We collect information about the ads you view, such as:
What the ad offer is about;
What type of ad it is (e.g., text, image, or video);
Which ad placement is involved (i.e., where the ad offer is displayed within the mobile app in which you accessed it); and
Whether you respond to the ad’s “call to action” – for example, did you click through to the advertiser’s website?
Tapjoy surveys – We occasionally run ad offers for surveys so we can learn more about the people who use Tapjoy. If you opt to complete one of these surveys, we associate the responses with the device identifier for the device you used to access and complete the survey offer. The data collected for these surveys include some or all of the following data elements;
Time and Date of survey completion
Time and Date of survey view
Associated currency reward
Information from our advertisers or publishers. The advertisers and publishers using our services may provide us with information they have separately collected about you (for example, whether you already have the app that is being advertised), so that we can improve the relevance of the ads we serve on their behalf (for example, by not showing you ad offers for an app because you already have it).
HOW DOES TAPJOY USE INFORMATION COLLECTED THROUGH THE AD PLATFORM?
We use the information we collect through our ad platform in the following ways;
To show you ads customized to what our system infers to be your interests, preferences, and locations, based on the information associated with your mobile device’s advertising identifier; this is referred to as behavioral or interest-based advertising
To show you ads based upon the context of the app you’re using instead of based on your inferred interests; this is called contextual advertising
To determine which ads are more or less effective
To target and filter ads for publishers and advertisers – for example, an advertiser may want to reach an audience in a specific country, or a publisher may want to exclude some categories of ads from its app
To avoid showing you ads for an app you already use, or the same ad offer too many times
To track the ad offers you complete so we can provide you with the reward you earned
To respond to and resolve your customer support requests
For analysis and research, both to improve our services and to report our services’ results to our advertisers and publishers
To prevent and detect fraud, and to maintain our services’ and systems security
We keep this collected information as long as it remains necessary to provide the Tapjoy Services.
HOW DOES TAPJOY SHARE INFORMATION COLLECTED THROUGH THE AD PLATFORM?
Tapjoy does not buy, sell, or trade information with unrelated third parties. We collect the information we use through our ad platform, and we use it internally within our ad platform. This information is shared in only with authorized partners or vendors, as follows:
Publishers using Tapjoy’s analytics service can access aggregated information about how their users interact with their apps. No information is provided on an individual basis.
Advertisers using Tapjoy’s advertising service receive the device identifiers associated with those who view an ad offer via Tapjoy and go on to buy the advertiser’s advertised product or service from its website or app.
Vendors and service providers working for Tapjoy, or for our advertisers or publishers, have access to information collected via our ad platform as necessary for them to perform their services for us. Under our agreements with our service providers, they can use this information only as needed to perform their services; they cannot use it for their own purposes.
Our corporate family includes international subsidiaries; we provide each other with access to our shared resources as needed to fulfill our shared business responsibilities, including providing and supporting our ad platform. More about Tapjoy ‘s corporate family is here -https://www.tapjoy.com/legal/#affiliates
Business Transaction. We may share your information with another company if they merge with us or purchase our assets, or as part of due diligence for such a transaction.
Consent. We may share your information in any circumstances where we have your consent.
HOW LONG DOES TAPJOY KEEP INFORMATION COLLECTED THROUGH THE AD PLATFORM?
We keep information as long as necessary to provide our services, generally speaking. Information used for interest-based ad targeting is rotated out on a 90-day basis. Conversion data and non-production backups of production data are retained for longer due to financial records and disaster recovery requirements.
HOW CAN I OPT OUT OF INTEREST-BASED ADVERTISING?
If you prefer not to receive ads and offers that are tailored to your perceived interests, you can enable device-based “opt-out” options in your device’s settings. If you do so, we will cease processing your personal data for such purposes. We collect these opt-out signals ourselves, and will also respect consent flags if passed by the publisher of the app you are using. To adjust your advertising preferences in iOS, visit Settings > Privacy > Advertising > Limit Ad Tracking. To adjust your advertising preferences in Android, visit Settings > Google > Ads > Opt out of interest-based ads. You can also request an opt-out specific to Tapjoy by emailing us at email@example.com and following the directions we provide you.
Opting out of interest-based advertising does not mean opting out of advertising altogether. You will still receive advertising, but it will not be targeted based on your inferred interests.
CUSTOMER SUPPORT INFORMATION
To submit a request for Tapjoy customer support (for example, for help with a missing Tapjoy ad offer reward), you must submit a working email address; this is required for us to be able to communicate with you about investigating and resolving your support issue. Emails and other information submitted for support purposes are used only for support purposes; depending on the circumstances, this may require us to share your information with the advertiser and publisher whose advertisement and app are involved.
WEBSITE AND DASHBOARD USER INFORMATION
Our advertisers and publishers have access to a Tapjoy dashboard, which allows them to manage their use of Tapjoy services and review their results. When you create a dashboard account, you provide information such as your name, the name of your company, your username and password, your email address, postal address, phone number, and payment information, as well as any required financial information (e.g., tax ID, VAT, or sales tax registration number). We use Stripe to process Advertiser credit card payments. We use this information to provide you with Tapjoy services and support. If you invite other users to your Tapjoy dashboard account, we will collect the email address of the employee or other individual you wish to add and use it to send them a one-time email informing them they have been added. If they are not your employee, you must have their consent before providing us with their email address to invite them to join your dashboard account.
TAPJOY WEBSITE AND SOCIAL MEDIA
Our corporate website, www.tapjoy.com, provides general information about Tapjoy and our products and services; we also maintain a blog and various social media channels. If you post information through one of these channels, you understand that we cannot control what other users do with any content (including without limitation images, ratings, captions, and comments) you voluntarily post. You should not post any sensitive personal data, such as details of your ethnicity, health or political preferences or photos of yourself to any Tapjoy board, blog, social media channel, or forum, nor should you allow other users to have access to your content if you do not wish them to make your content publicly available to be collected and used by others, or to be redistributed through the Internet and other media channels.
COOKIES AND RELATED TRACKING TECHNOLOGIES.
When you use our website and dashboard, we may place and read cookies or access information on your device to obtain information about the performance of our site, enable you to move around the site, to record your preferences and to serve you with advertising that is relevant to your interests. This information may, where permitted by applicable law, then be combined with other information we hold about you. Information and technologies we may use include:
Device and usage information. When you interact with our website or dashboard, we may collect information such as (a) IP addresses, unique device identifiers, and other information about your device(s), browser types, browser language, operating system, the state or country from which you accessed the services; and (b) information related to the ways in which you interact with our website, such as: referring and exit pages and URLs, platform type, the number of clicks, internal Tapjoy subdomain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the services, error logs, and other similar information. As described in Online Analytics below, we may use third party analytics providers and technologies, including cookies and similar tools, to assist us in understanding how the Tapjoy Web Services are used.
Location information. We may market to you based on your location, inferred from the IP address you use to reach our website or dashboard.
To help understand your use of our website and dashboard, we use third-party web analytics providers, such as Google Analytics, which in turn use the technology described above at Cookies and related tracking technologies. Our service providers collect and use this information to evaluate how websites are used. To opt out of tracking via Google Analytics, you may install the Google Analytics Opt-Out Browser Add-on.
HOW TAPJOY USES INFORMATION COLLECTED THROUGH OUR WEBSITE AND DASHBOARD
We use the information we collect through your use of our corporate website and our dashboard to provide our services, to manage your publisher or advertiser account, to do business with you as a publisher or advertiser (including taking orders, reporting results, and so on), to communicate with you (including responding to your inquiries, informing you about products and services based on your marketing preferences, and notifying you of new features), to analyze our user base and usage patterns, and to provide and improve our services. We also use this information to improve our corporate website content and to personalize the dashboard for you. We keep the information we collect for so long as we continue to provide our website, dashboard, and services.
HOW DOES TAPJOY SHARE INFORMATION COLLECTED THROUGH THE WEBSITE AND DASHBOARD?
We don’t buy, sell, or trade in information collected through our website and dashboard. We share it only as described here:
Vendors and service providers working for Tapjoy, or for our advertisers or publishers, have access to information collected via our ad platform as necessary for them to perform their services we engaged them to do. Unless we tell you otherwise, under our agreements with our service providers, they can use this information only as needed to perform their services; they cannot use it for their own purposes. These service providers include analytics providers, payment processors, product fulfillment providers, providers of technical infrastructure, technical support, email providers, and customer support vendors.
Our corporate family includes international subsidiaries; we provide each other with access to our shared resources as needed to fulfill our shared business responsibilities, including providing and supporting our ad platform. More about Tapjoy ‘s corporate family is here – https://www.tapjoy.com/legal/#affiliates
We may share your information in connection with any merger, reorganization, a sale of some or all Tapjoy assets, or a financing or acquisition of all or a portion of our business by another company (including in the course of due diligence for any such transaction).
We may share your information in any circumstances where we have your consent.
WHAT CHOICES DO I HAVE ABOUT USE OF INFORMATION RELATED TO TAPJOY’S WEBSITE OR DASHBOARD?
Commercial Marketing. We will comply with applicable marketing laws; for example, where applicable law requires prior consent, Tapjoy will only send you marketing email if you have opted in. To opt out of receiving marketing emails or other commercial communications from us, use the “unsubscribe” option in a commercial email from us or send us an email at firstname.lastname@example.org. It may take several days for us to process your request, consistent with applicable law.
Publisher and Advertiser Accounts. If you have access to a dashboard publisher or advertiser account and do not want your email address used, contact us at email@example.com.
Dashboard Account Deactivation. To request deactivation of your dashboard account, email us at firstname.lastname@example.org. Some information may remain in our records after deactivation of your account based on business needs. After deactivation, we may continue to use aggregated data derived from or incorporating your personal information but not in a manner that would identify you personally.
We no longer collect information from or about users of our legacy apps (TapDefense, TapOut, Coloroid, TapColors, Void Walker) and legacy app-discovery and currency-management services (MyTapjoy). We are no longer maintaining, updating, or supporting these apps and services; continued use is at the sole option and risk of the user.
GENERAL PRIVACY PRACTICES
HOW DOES TAPJOY SECURE PERSONAL INFORMATION?
Tapjoy processes personal information only as relevant or necessary to provide our services. We use physical, electronic, and managerial procedures designed to safeguard your information and data security, and to prevent unauthorized access to. These safeguards take into account the sensitivity of the information that we collect, process, and store and the current state of technology. Although we take such measures to safeguard against unauthorized disclosures of information, the Internet and the services are not 100% secure so we cannot assure you that all information we collect or store will be protected from all unauthorized access.
CHILD AND YOUTH USERS
In compliance with applicable laws, including the Children’s Online Privacy Protection Act (“COPPA”), Tapjoy does not knowingly collect personal information from children, except as permitted by applicable law for support for internal operations. (In the US, the minimum age of consent is 13; in the EEA and Switzerland, it is age 16 unless your country has adopted a lower age.)
Please inform us by emailing email@example.com if you learn that we have been provided with personal information from a child under the applicable minimum age without verified parental consent, so that we may take appropriate steps to delete that personal information.
THIRD PARTY SITES AND SERVICES
NOTICE TO CALIFORNIA USERS
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. As explained above, we do not sell or share your personal information (as that term is defined under California law) with third parties for use for their own marketing purposes.
Accessing and Deleting Your Information.
You may, under applicable European law, have the right to access, correct, update or delete personal information Tapjoy holds about you. Please see Exercising your rights as an app user below for more information about those rights.
If you have a Tapjoy publisher or advertiser dashboard account, you may use your account settings to access and update your account information. You may also email us at firstname.lastname@example.org to request access to or removal of personal information we have about you. In some cases, we may not be able to remove your personal information (e.g., for legal reasons), in which case we will let you know if we are unable to do so and why.
THE EU GDPR
The EU General Data Protection Regulation (“GDPR”), effective May 25, 2018 in the EEA countries and Switzerland, requires Tapjoy and the publishers and advertisers using our services to provide app users with information about the processing of personal data. (“Personal data”, as used in the GDPR, means information relating to an identified or identifiable natural person, including name, address, cookie identifiers, mobile device identifiers, and more; “app user” here means the person involved; and “processing” of data includes collection, storage, and use.)
This section provides representations and information in compliance with our GDPR obligations, for the benefit of our users located in the EEA countries and Switzerland only.
LEGAL GROUNDS FOR PROCESSING YOUR PERSONAL DATA
You provided your consent. To store and access information on your device, we rely on your consent. For this “cookie consent” (which applies not only to “cookies” but also to mobile ad identifiers), to fulfill our obligations under the ePrivacy Directive, we rely on mobile app developers and oblige them contractually to pass on only legally obtained data. We may choose to obtain consent in other cases as well, in which case we will adhere to applicable laws relating to consent and its withdrawal.
The processing is in our legitimate interest. In some cases, we use legitimate interest as a legal basis for processing personal data to provide our and our commercial partners’ services. A legitimate interest we rely on, for instance, is the tailoring of offers and opportunities to obtain in-game rewards to users of mobile applications and services, which is beneficial to users and offers them a value exchange and goes beyond the original collection of mobile ad identifiers and also includes providing analysis of and reporting about ad campaigns. We also rely on legitimate interest when we use personal data to maintain the security of our services, including fraud detection and identifying and fixing bugs.
Contractual Relationships. Sometimes, we process personal data as necessary under a contractual relationship we have, such as our customer records and contact information).
Legal Obligations. Finally, some processing of data may be necessary for us to comply with our legal or regulatory obligations.
TRANSFERS OF PERSONAL DATA
We are based in the United States with offices around the world, and work with other global companies and technologies. As a result, we may need to transfer your personal data outside of its country of origin. For instance, we may transfer your personal data to commercial partners or service providers located in jurisdictions outside the EEA and Switzerland, which have data protection laws less strict than those in Europe.
When Tapjoy receives personal data that is transferred from the EEA or Switzerland to Tapjoy in the US, we take steps to make sure that appropriate safeguards are in place to protect it; we use European standard contractual clauses and data processing agreements where required by European Data Protection Law, and are in the process of certifying to EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. If approved, our Privacy Shield certification will be available at https://www.privacyshield.gov/list. We comply with Privacy Shield Principles for all transfers from the EU, EEA, and Switzerland, including the onward transfer liability provisions. When Tapjoy receives information under the Privacy Shield and then transfers it to a third-party service provider acting as an agent on our behalf, Tapjoy has certain liability under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) Tapjoy is responsible for the event giving rise to the damage. Contact us at email@example.com for more information about the safeguards we use to protect your personal data and privacy rights.
PERSONAL DATA RETENTION
As a general matter, we retain your personal data for as long as necessary to provide our services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements. We generally rotate through personal data used for ad personalization on a 90-day timetable, provided that we may retain data if we have a legal or significant operational need to do so, such as for auditing, corporate record-keeping, compliance, accounting or bug-fixes.
If you are a Tapjoy advertiser or publisher, we retain your information as long as your account is active and for as long as necessary for legal or operational purposes, such as auditing, corporate record-keeping, compliance, or accounting, after its closure.
EXERCISING YOUR RIGHTS
As an individual covered by the GDPR, you have certain rights about the personal data that data controllers hold about you, including right of access, right to request correction, right to be forgotten (i.e., deletion), and right to object to processing (including profiling for online ad targeting).
RIGHT TO ACCESS
If you are a consumer and wish to exercise your right to access personal data we process as a data controller, you may do so by requesting access through the e-mail address firstname.lastname@example.org and following the instructions we provide you to authenticate your request and obtain access. We will assess requests to exercise data access rights on a case-by-case basis, factoring in the difficulty of verifying whether a mobile device identifier, and the data we have linked to it, truly and solely belongs to the person making the request, as well as the potential risk of harm through disclosure of personal data to the wrong individual. Because improper disclosure would likely harm the privacy rights and freedoms of the person involved, we may limit the personal data we make available. We only grant requests where we are the data controller, as explained further, below. Where we act as a processor for one of our advertisers or publishers, we will refer your request to that company; if your request involves an advertiser or publisher, please identify them (if possible) to simplify this process.
If you have a Tapjoy publisher or advertiser dashboard account, you may use your account settings to access and update or delete account information. You may also request access by emailing us at email@example.com.
RIGHT TO CORRECT
If you wish to exercise your right to correct Personal Data, you may do so by contacting us at the contact information below.
RIGHT TO OBJECT TO PROCESSING OR TO WITHDRAW CONSENT
By enabling device-based “opt-out” options in your device’s settings, you may withdraw consent for processing where we rely on consent. If you do so, we will cease processing your personal data for such purposes within 30 days. We collect these opt-out signals ourselves, and will also respect consent flags if passed by the publisher of the app you are using. To adjust your advertising preferences in iOS, visit Settings > Privacy > Advertising > Limit Ad Tracking. To adjust your advertising preferences in Android, visit Settings > Google > Ads > Opt out of interest-based ads. You can also request an opt-out specific to Tapjoy by emailing us at firstname.lastname@example.org and following the directions we provide you.
RIGHT TO ERASURE
You also have the right to request erasure of personal data that we hold as a controller. The above opt-out process satisfies this right, because when a user opts-out (whether through device settings or by submitting a request to email@example.com and following our instructions), we stop using your personal data to provide our services to you; the data is permanently rendered disconnected to your device and will be automatically deleted from our production system. We may retain copies of some personal data for our own internal and necessary purposes, such as auditing, accounting and billing, legal, bug-detection, backups, and (if applicable) to ensure that you receive and that we are able to track the rewards you have received.
RIGHT TO LODGE COMPLAINTS.
We encourage you to contact us at the contact information below should you have a Privacy Shield-related (or general privacy-related) complaint. If you are a resident of the European Union or Switzerland and are dissatisfied with the manner in which we have addressed your concerns about our privacy practices, you may seek further assistance, at no cost to you, from our designated Privacy Shield independent recourse mechanism, JAMS, on their website at https://www.jamsadr.com/eu-us-privacy-shield. As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. Prior to initiating such arbitration, you must: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from our designated independent recourse mechanism; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. Each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the individual. Tapjoy is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
TAPJOY: A DATA CONTROLLER AND A DATA PROCESSOR
EU data protection law makes a distinction between organizations that process personal data for their own purposes (known as “data controllers”) and organizations that process personal data on behalf of other organizations (known as “data processors”). If you have a question or complaint about how your personal data is handled, we encourage you to direct your inquiry to the relevant data controller, since data controllers have primary responsibility for your personal data.
Tapjoy may act as either a data controller or a data processor in handling your personal data, depending on the precise circumstances. For instance, for personal data that we use internally to create our data-related services, such as interest-based ad targeting, and for personal data that we collect about our publisher and advertiser customers for use in marketing to them, we are a data controller. But when we handle personal data strictly on behalf of our customers to provide our services to them (for example, if they provide us with a list of device identifiers to use for targeting or suppression), we are a data processor. If you have questions about data that is used primarily on behalf of one of our publishers or advertisers, you should contact them.
QUESTIONS OR CONCERNS
To opt-out of Tapjoy services, email firstname.lastname@example.org and follow the provided instructions.
To access your personal information, email email@example.com and follow the provided instructions.
If you have other questions or concerns regarding our privacy policies, please send a message to firstname.lastname@example.org, or mail us at Tapjoy, Inc., 111 Sutter Street, 12th Floor, San Francisco, CA 94104, U.S., Attn: Privacy.
Our representative in the EU may be reached by writing to Tapjoy Limited, International Buildings, 5th floor, 71 Kingsway, London WC2B 6ST, UK.
Please note, these communication channels do not support customer support matters. Please visit http://tapjoy.force.com/ to address any customer support questions or concerns.
Last updated January 23, 2019.
- Contacting the UserMailing list or newsletter (this Application)By registering on the mailing list or for the newsletter, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning this Application. Your email address might also be added to this list as a result of signing up to this Application or after making a purchase.Personal Data collected: email address.
- Managing contacts and sending messagesThis type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.
- Registration and authenticationBy registering or authenticating, Users allow this Application to identify them and give them access to dedicated services.
The rights of Users
Users may exercise certain rights regarding their Data processed by the Owner.
Users entitled to broader protection standards may exercise any of the rights described below. In all other cases, Users may inquire with the Owner to find out which rights apply to them.
In particular, Users have the right to do the following:
- Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
- Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
- Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
- Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
- Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
- Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
- Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
- Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
Details about the right to object to processing
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
How to exercise these rights
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.
Applicability of broader protection standards
While most provisions of this document concern all Users, some provisions expressly only apply if the processing of Personal Data is subject to broader protection standards.
Such broader protection standards apply when the processing:
- is performed by an Owner based within the EU;
- concerns the Personal Data of Users who are in the EU and is related to the offering of paid or unpaid goods or services, to such Users;
- concerns the Personal Data of Users who are in the EU and allows the Owner to monitor such Users’ behavior taking place in the EU.
Additional information about Data collection and processing
The User’s Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Application or the related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.
Additional information about User’s Personal Data
System logs and maintenance
For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (System logs) use other Personal Data (such as the IP Address) for this purpose.
Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.
How “Do Not Track” requests are handled
This Application does not support “Do Not Track” requests.
To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.
Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.
Definitions and legal references
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.
The individual using this Application who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
Data Processor (or Data Supervisor)
Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
The means by which the Personal Data of the User is collected and processed.
The service provided by this Application as described in the relative terms (if available) and on this site/application.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Small sets of data stored in the User’s device.
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).
Latest update: September 19, 2019