Last Modified: May 9, 2023
We collect and process certain information when visitors like you browse our website (“Visitors”), or from our customers or their end-users when our customers use our Platform and Services. We refer to our customers and their end-users as our “Partners” in this policy, and ”Visitors” and “Partners” collectively as “you”).
This Policy applies to all information about you that we collect in connection with the Services throughout the world, and explains what data we may collect from you, how such data may be used or shared with others, how we safeguard it, and how you may exercise your rights related to your Personal Data (as defined below) under the applicable privacy laws such as the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
In the event you are a California resident, and the CCPA applies to you – please review our CCPA Privacy Notice.
01. POLICY CHANGES
We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent version of the Policy will be posted on the website. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Policy will become effective within 30-days upon the display of the modified Policy. We recommend you review this Policy periodically to ensure that you understand our most updated privacy practices.
02. CONTACT INFORMATION AND DATA PROCESSOR INFORMATION
Undertone is incorporated under the laws of the State of New York, and it is the processor of your Personal Data.
You may contact our privacy team and our DPO as follows:
- By Email: email@example.com
- By Mail: One World Trade Center, 71st Floor, Suite J New York, NY 10007.
Representative for data subjects in the EU and UK Contact Information:
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website. https://prighter.com/q/11106546394 -OR- If you need you can also use the email “firstname.lastname@example.org“.
BACK TO TOP
03. DATA WE COLLECT AND FOR WHAT PURPOSE
During your interaction with our Services, we may collect and aggregate non-personal, non-identifiable information, which may be made available or gathered via your access to and use of the Services (“Non-Personal Data”). We are not aware of the identity of the user from which the Non-Personal Data is collected. The Non-Personal Data being collected may include usage information and technical information transmitted by your device, such as: the type of browser or device you use, language preference, time and date stamp, and country location. Non-Personal data is stored and used in aggregated form, only.
We may also collect from you, during your access or interaction with the Services, information that identifies an individual or may, with reasonable effort, be used to identify an individual (“Personal Data”). Any Non-Personal Data connected or linked to any Personal Data shall be deemed as Personal Data as long as such connection or linkage exists.
We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning a person’s health, or data concerning a person’s sex life or sexual orientation.
The types of Personal Data that we collect as well as the purpose for processing such data and lawful basis are specified in the table below. We typically process data subject to our legitimate interest or your consent, as detailed below. Where we process data subject to your consent, you may withdraw consent at any time by using the cookie preference settings or by using our Data Subject Request Form.
|WHAT WE COLLECT
|HOW WE USE IT (PURPOSE)
|OUR LAWFUL BASIS
|From our website visitors:
|Online Identifiers: We collect certain online identifiers such as: IP address, cookie ID, agent ID, unique identifiers.
|We use Online Identifiers collected through first-party cookies to enable the operation of the website; this information is strictly necessary. Our partners collect Online Identifiers through third-party cookies to provide us with analytic and marketing services.
We process Online Identifiers collected through first-party cookies subject to our legitimate interest.
We process Online Identifiers through third-party cookies subject to your consent.
|Behavior Data: Your click stream data, which sites you visited, and which pages you viewed on our website.
|We use tracking tools, including pixels and cookies, provided by third-party marketing providers which collect online behavior data, insights and segments on visitors to our website for our marketing purposes.
|We process Behavior Data subject to your consent.
|Contact Information: Information you decide to share with us, which may include Personal Data such as your name, job title, company name, email address, etc.
|We will use this data to respond to your inquiry. When you sign up to our newsletter, you will be requested to provide your email address. We will use your email in order to send you our newsletter and other marketing materials.
We process Contact Information subject to our legitimate interest.
With respect to our newsletter, we process your email address subject to your consent. You may withdraw consent at any time through the “unsubscribe” link within the email or by
Candidate Information: If you apply for a position with us, we will process the information included in your CV and the application form. Where allowed or required by law, we may process diversity and inclusion data regarding your candidacy, such as, ethnic, gender, or any disability.
In addition, we may collect further information from public and online sources, references, and former employers and combine such data with your other data.
We will use the Candidate Information as part of our recruitment and screening efforts to decide whether you are suited for a position in Undertone.
Further, we may process your information in order to comply with corporate governance and legal and regulatory requirements (including the retention of such information).
We may use third parties’ services and platforms to manage the recruitment process. Such providers will process your information on our behalf and will be bound by certain terms with regard to your information.
We process such information subject to our legitimate interest.
If we process sensitive data to ensure diversity, we will do so upon your explicit consent, which you may withdraw at any time by contacting us.
Further, if we reject your application, we will delete the Candidate Information, unless we have requested your consent to keep you information for a future opportunity or if we are required by law.
|From our platform and services::
|Contact Information: Email address and other business contact information you provide.
|We will use your email address to send you invoices, updates, surveys, etc.
|We process such information subject to our legitimate interest, though you can opt out from optional communications at any time.
|Support Information: Name, business contact information, and other information you may provide
|If you contact us for support, we will process your Contact Information and any other information you provide us with solely to provide you the support requested.
|We process Support Information as necessary to enter into or perform a contract with you.
|Udrive Account Information: Our publishers may choose to create and log in to their Undertone online account, called a Udrive Account. The Udrive Account contains payment information, reports, and other information related to the Services.
|We process such information as necessary to enter into or perform a contract with you or for our legitimate interests.
|Usage Data: We also collect usage data when you or end-users use our Services and the Udrive Account, which includes crash data, errors, analytic and click stream data, session data, and log data.
|Usage Data is processed for the purpose of improving the Services and ensuring an error-free experience.
|IBA Data: Data about the user and their activity online, for example, web pages visited or applications used, content viewed, and the end-users’ interaction with certain advertisements. The IBA Data is associated with a unique identifier (cookie ID, IP address, IDFA, Advertising ID, or bid request identifier).
|We, or our third party service providers, categorize end users into interest segments in order to serve them relevant advertisements. We use this data to provide our Partners with the Services, including to operate, provide, improve, update, patch and customize our Services.
|We process this data solely upon receiving consent from the end user, directly or indirectly (transferred to us from our Partners). An end user may withdraw their consent at any time by opting out of interest-based advertising as further detailed below.
|Ad Calls: A code shared with advertisers, include advertiser ID, the webpage the end user came from, the IP address, approximate location which assists the advertiser to determine which ads to place. The ad call will also include the end user’s preferences regarding interest-based advertising.
|We use this data to deliver more relevant advertising to the end user on behalf of our Partners, and to monitor, analyze and optimize the end users’ engagement with advertisements, including analyzing seasonal and annual usage trends, and providing our Partners with new functionality and features and insights on their end users.
The transfer of personal data to third-party countries, as further detailed in the Data Transfer Section, is based on the same lawful basis as stipulated in the table above.
In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on our legitimate interests.
BACK TO TOP
04. HOW WE COLLECT DATA
- When you voluntarily choose to provide us with information, such as when you contact us.
- When it is provided to us from third parties.
05. COOKIES AND SIMILAR TECHNOLOGIES
Cookies we use on our website:
Cookies we use on our Platform:
Our Partners may independently collect, through the use of such tracking technologies, some or all types of Personal Data detailed above, including combining such information with other information they have independently collected relating to your browser’s activities across their network of websites, for enhanced targeting functionality and delivering personalized ads, as well as providing aggregated analytics related to the performance of the interacted campaign or advertisement.
Additionally, the end user may opt-out of certain advertisers’ cookies and browser-enabled, interest-based advertising – see detailed information below under the User Right and Opt Out Option Section.
Once the end user chooses to opt out or disable cookies, the end user will still receive content and advertising, however, it will not be targeted content or advertising and Personal Data will not be collected and transferred from the end user’s browser.
BACK TO TOP
06. WHO WE SHARE PERSONAL DATA WITH
We share your Personal Data with third parties, including our Partners or service providers that help us provide our Services. You can find here, and in our CCPA Notice, information about the categories of such third-party recipients.
|CATEGORY OF RECIPIENT
|DATA THAT WILL BE SHARED
|PURPOSE OF SHARING
|IBA, enabling the Advertisers to display ads or content that best suit such end users, as a part of our Services.
|We may disclose Personal Data to our service providers, contractors and third parties, including, but not limited to, our cloud and hosting provider, analytics and marketing providers, payment processors, recruitment providers, CRM systems, Salesforce, etc., the service providers are limited by contracts which limit their use of the data, and requires implementing security measures. The service providers process the data solely to provide the needed services. These entities are prohibited from using your Personal Data for any purposes other than providing us with requested services.
|Any acquirer of our business
|We may share Personal Data, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale).
|Legal and law enforcement
|Determined by nature of request
|We may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose.
07. YOUR RIGHTS
Depending on your relationship with us and applicable data protection laws, you may have certain rights with regard to your Personal Data.
For California residents, please see our CCPA Notice.
For detailed information on your rights and how to exercise your rights, please see the Data Subject Request Form (“DSR”) available here.
Certain rights can be exercised independently by you without the need to fill out the DSR Form:
- You can correct your Udrive Account information, including your Contact Information, payment information, and other Partner information at any time, through the account settings;
- You can opt-out from receiving our emails by clicking the “unsubscribe” link at the bottom of the email;
- You can withdraw your consent for processing Online Identifiers and Behavior Data, for analytics or marketing purposes, at any time by using the cookie settings on the website on which the ad is served.
- Opt-out from Interest-Based Advertising, please see the section below and the CCPA Notice.
08. OPT-OUT OF INTEREST-BASED ADVERTISING
Undertone is committed to providing consumers notice and choice regarding IBA. Undertone offers an “opt-out” for those that wish to opt-out of Undertone IBA activities on the web: https://www.undertone.com/opt-out/.
This cookie will honor your IBA preferences for a period of five (5) years. We may increase this period, which means your opt-out choice will continue for a longer period. If you have multiple Internet browsers or users on the same computer, you will need to perform the opt-out operation for each browser and/or user. If you or your anti-virus or other software deletes the opt-out cookies from your computer, if you re-install your browser, or if you delete your cookies (which can happen if you clear or delete your browser history), then you will need to repeat the process.
Undertone is a member of the Network Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”). You may opt-out of web IBA conducted by Undertone and other member companies of the NAI by visiting the NAI website: www.networkadvertising.org, or you may opt-out of IBA by Undertone and other member companies of the DAA by visiting the DAA website: http://www.aboutads.info/choices/.
Undertone adheres to the Digital Advertising Alliance of Canada (“DAAC”) principles. For Canadian consumers, you may also access the opt-out tool on the Digital Advertising Alliance of Canada (DAAC) website or the Ad Choices Canada website (en Français): http://youradchoices.ca/icon/index.html
If you are a California resident and wish to opt-out from having your data used for IBA, you may exercise your right here: https://optout.privacyrights.info/.
You may also be able to configure your IBA preferences and opt-out of the collection of information for advertising purposes from your Internet connected devices (e.g., Smart TVs or Set-Top boxes). Depending on the model of your Internet connected device, please refer to the applicable manual and/or settings menu of the applicable device. In addition, you may also refer to the NAI Connected TV choices opt-out page: https://thenai.org/opt-out/connected-tv-choices/, which explains how users can activate privacy features in many common TV and OTT environments.
Undertone is also committed to providing customers the ability to opt-out of IBA in the mobile setting. For mobile opt-outs, we rely on the standard opt-out mechanism for ad traffic that we get from mobile applications. Users may choose not to be tracked for advertising purposes by accessing their mobile device’s privacy settings. When Undertone receives an in-app ad request from an in-app advertising partner, it also receives a “DNT” (do not track) indication in the ad request. The value for the DNT parameter is captured from the user’s privacy settings. When Undertone receives a DNT=1, we honor this as an opt-out request. Additional information and instructions on opting-out on mobile devices may be available on the NAI Mobile Device Opt-out page: https://thenai.org/opt-out/mobile-opt-out/.
Undertone’s website and Services also are able to recognize the Global Privacy Control preference.
Ad choices settings and options will vary depending on your browser and device settings, and this is not an exhaustive list. Please note that your opt-out choices will only apply to the specific browser or device from which you opt-out. We encourage you to explore your device and browser settings to understand your choices better. Please report any problems related to the opt-out process to email@example.com.
BACK TO TOP
09. DATA RETENTION
In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, consistent with applicable regulations, or until you express your preference to opt out, where applicable.
The retention periods are determined according to the following criteria:
- For as long as it remains necessary in order to achieve the purpose for which the Personal Data was initially processed. For example: if you contacted us, we will retain your contact information at least until we will address your inquiry.
- To comply with our regulatory obligations. For example: transactional data will be retained for up to seven years (or more under certain circumstances) for compliance purposes.
- To resolve a claim we might have or a dispute with you, including any legal proceeding between us, until such dispute is resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods.
Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice of our intention to do so.
BACK TO TOP
10. SECURITY MEASURES
We have designed the Services with strong security features to protect the Personal Data we process. We have implemented physical, technical, and administrative security measures for the Services that include encryption using SSL, data minimization, and access controls.
BACK TO TOP
11. INTERNATIONAL DATA TRANSFERS
Our data servers in which we host and store the information are located in the US. The Company’s headquarters are based in New York and Israel in which we may access the information stored on such servers or other systems such as the Company’s ERP, CRM, Salesforce, and other systems. In the event that we need to transfer your Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Furthermore, when Personal Data that is collected within the European Economic Area (“EEA”) or the United Kingdom (“UK”) is transferred outside of either jurisdiction to a country that has not received an adequacy decision from the European Commission or UK Information Commissioner’s Office (“ICO”), we will take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance with the provision of the standard contractual clauses approved by the European Union and UK. Thus, we will obtain contractual commitments or assurances from the data importer to protect your Personal Information, using contractual protections that EEA and UK regulators have pre-approved to ensure your data is protected (known as standard contract clauses), or rely on adequacy decisions issued by the European Commission or ICO. Some of these assurances are well-recognized certification schemes.
BACK TO TOP
12. CHILDREN’S PRIVACY
The Services are not intended for use by children (the phrase “child” shall mean an individual that is under the age defined by applicable law, which concerning the EEA is under the age of 16, and with respect to the US, under the age of 13), and we do not knowingly process children’s information. We will discard any information we receive from a user that is considered a “child” immediately upon discovering that such a user shared information with us. Please contact us at: firstname.lastname@example.org if you have reason to believe that a child has shared any information with us.
BACK TO TOP