1. About BitBounce Ads’ Services
The Company provides targeted advertising and marketing services for its advertising clients (the "Advertisers”).
The Company’s products help show its customers’ ads to the people that are most likely to find them interesting or compelling. To that end, the Company endeavors to make advertising more useful and relevant to consumers by displaying ads that are best aligned with their specific interests and specifically and meticulously chosen or created by each Advertiser for a particular one-off or recurring campaign. The Company displays these ads solely through email services available to virtually all Internet users, often for free.
For the Company to perform to the satisfaction of its Advertisers, whenever a user visits a website or mobile application operated by an Advertiser (collectively, the “Digital Properties”) or the Company serves a user an ad on behalf of an Advertiser through email, the Company may collect some or all of the data described in this Notice. The Company’s platform uses that data, as well as other data described below, in order to help Advertisers provide ads that are both more relevant and more interesting or compelling to each and every user.
2. What Data the Company Collects
The Company collects the following categories of information for the purposes explained below.
- Activity on Advertisers’ Digital Properties: This is data about a user’s browsing activity on the Advertiser's website or app. For instance, which pages the user visited and when, what items were clicked on a page, how much time was spent on a particular page, whether a user downloaded a white paper on a business to business website, what items a user placed into their online shopping cart, what products were purchased, and how much was paid.
- Device and Browser Information: This is technical information about the device or browser a user uses in order to access the Advertiser's website, app, or services. For example, a user’s device's IP address, cookie string data, operating system, and, in the case of mobile devices, the mobile device’s type and unique identifier, such as the Apple IDFA or Android Advertising ID.
- Ad Data: This is data about the online ads the Company have either served, or attempted to serve, upon users. This includes things such as how many times an ad has been served to a user, what email service the ad appeared on, and whether the user clicked on or otherwise interacted with the ad.
- BitBounce Data: This is data about users of the BitBounce service. For instance, a price that a user defines via BitBounce may be used for determining the cost of delivering an advertisement to that user.
- Emails from Advertisers: To best use the Company’s services, Advertisers choose to share actual email addresses from their users with the Company, so that the Company can help the Advertiser serve targeted ads to customers. For instance, if a user has given Brick & Mortar Co. their email address, then, through the Company’s service, Brick & Mortar Co. may send the user a promotional email for a product that the user looked at but did not purchase. Similarly, if the user provided their email address to a software website when they downloaded a whitepaper, then, through the Company’s services, the software company may send the user a follow-up email providing the user with more information about the software company’s products or services. The Company will use clear emails supplied by Advertisers only for the purpose of assisting that particular Advertiser with its own advertising efforts and, in some cases, so that the Company can report performance data back to the Advertiser’s CRM or reporting system. In no way will the Company share email addresses with other third parties for their advertising purposes.
3. How the Company Uses the Data It Collects
The Company uses its collected data in order to best help its Advertisers identify and serve ads to users that are both more relevant and more interesting or compelling to them. The Company also uses its collected data in order to operate, improve, and enhance its services, from time to time, as needed. Such improvements include, but are not limited to, enhancing the data points that the Company possesses about a particular user, browser, or device in order to serve the most relevant and interesting or compelling ads to the particular user and, in turn, improve performance of an Advertiser’s ad campaigns. Specifically, the Company uses its collected data for:
- Targeting: Selecting ads that are more likely to be relevant and interesting or compelling to a particular user based upon the interests previously associated with the user’s device and the time of day the user may be most interested in viewing these specific ads. For instance, the Company may elect to show a user ads for their favorite shopping website, or similar sites that the Company believes that the user may like or be interested in, during lunch or commute hours.
- Frequency Capping: Ensuring that a particular user does not see the same ad too many times.
- Sequencing: If the user is being served a sequence of ads, then the Company makes sure that it displays the right ad next in the sequence for the user.
- Cross-device Matching: Identifying all devices that are likely to be associated with a user so that ads can be targeted, capped, and subsequently sequenced across those devices. For instance, cross-device matching helps the Company to not show a user ads for the jacket a user was looking at on their phone but that they had already purchased on their laptop. Instead, the Company will consistently endeavor, to the best of its reasonable abilities, to display to a user ads for a related product, event, or service in or for which the jacket may be used (e.g., an upcoming concert in the user’s area or promotion for ice skating lessons). Importantly, cross-device matching also considerably helps the Company match devices so that it can honor any user’s opt-out choices across all devices that the Company reasonably knows or should know are connected to the opted-out cookie.
- Attribution: Monitoring when, where, and at what price the Company served certain ads on behalf of an Advertiser so that the Company can measure its influence on the marketing result of the Advertiser’s campaigns and overall marketing strategy. For instance, this involves being able to measure if a certain ad campaign, which includes the ads displayed and to whom they were displayed, actually resulted in Brick & Mortar Co. selling more of its products or services.
- Reporting: Providing Advertisers insights into how their ads are performing and gaining insights into their users. Reporting may include ad metrics such as impressions, clicks, and conversions (contingent upon a particular Advertiser’s own definition of what constitutes a “conversion,” such as either a traditional sale or a download of a whitepaper). For instance, if an ad is not performing well, then the Advertiser will be able to see that data, strategically utilize it to identify where (if at all) the ad needs to be improved, and update the ad accordingly. Regarding specific cookie data, the Company limits reporting to cookie activity on the specific Advertiser’s website and which ads were shown whether there was engagement with those ads.
Data is reported in the aggregate for the campaign and, at times, at the cookie level. For some users, ad metrics are reported at the domain level or at the contact level. For some others, ad metrics, such as impressions, clicks, conversions, and so on, are aggregated at the domain level (the domain representing the company/account the Advertiser wanted to target) as well as at the contact level (the individual to whom the ad is being targeted) represented with an email address that was initially provided by the Advertiser.
4. The Company’s Legal Basis for Processing Personal Data (European Territory Visitors Only)
The Company provides the representations and information in this Section 4 wholly and fully in compliance with European privacy laws, in particular the European General Data Protection Regulation (the “GDPR”). They are specific to persons located within the European Economic Area (the “EEA”) countries or Switzerland, so please do not rely upon the below if you are not located within one of those countries.
If the user is located within the European Territories, the Company’s legal basis for collecting and using the user’s personal data described above will depend upon the personal information concerned and the specific context in which the Company collects it. As it relates to this Notice, "European Territories" refers to the EEA and Switzerland. For the purpose of this Notice, the term "European Territories" shall continue to include the United Kingdom, even after the United Kingdom leaves the EEA following Brexit.
However, the Company will normally collect personal data from any and all users where the processing is in the Company’s legitimate business interests to, for instance, administer its platforms and services and fulfil its contractual obligations as a service provider.
In some cases, the Company may collect and process personal data based on consent. To the extent the Company’s clients need to collect and share, or allow the Company to facilitate collection and sharing of, personal data in order to enable the Company’s services, it is the responsibility of these parties to provide any and all necessary privacy notices and to obtain any and all required consent(s).
If you, as a user, have questions about or need further information concerning the legal basis on which the Company collects and uses your personal information, including if you would like to better understand how our legitimate interests to process your data are balanced against your data protection rights and freedoms, then please do not hesitate to contact the Company using the contact details provided in Section 13 below.
Finally, please note that when an Advertiser sends the Company email addresses to be used for targeted advertising purposes, the Company processes that data only on behalf of the relevant Advertiser as its processor. If a user has any questions about the use of this data by an Advertiser for the purpose of serving targeted advertising to him or her, please contact the relevant Advertiser. The Company will not be able to satisfactorily answer any such questions or resolve any such matters.
5. Data Sharing
The Company may disclose information about a user:
- With an Advertiser whose Digital Properties a User Has Visited: The Company may share information about how a user has interacted with that Advertiser’s Digital Properties or its Ads.
- With the Company’s Service Providers: The Company currently does, or may in the future, contract with companies who help with parts of its business operations (e.g., fraud prevention services), as well as billing, collections, tech, customer, and operational support.
- With Service Providers to the Company’s Advertisers: The Company’s Advertisers currently do, or may in the future, contract with companies who handle data for them. Such data handling may include, but is not limited to, the management of an Advertisers’ customer lists.
- With the Company’s Parent(s), Subsidiary(ies), and Related Companies: Such companies will, from time to time, only process a user’s data for the purposes already explained within this Notice. Outside the scope of this Notice, the related companies will not in any other manner or degree interact with the user data covered by this Notice. Our related companies are: Turing Technology, Inc. and CredoEx LLC.
- In Connection with Legal Proceedings: When the Company is under a legal obligation to do so, the Company may disclose information about a user without fault, penalty, liability, etc. For instance, while the following is not meant at all to be construed as an exhaustive list, the Company may be required to comply with a binding order of a court, or disclosure may be necessary in order to exercise, establish, or defend the legal rights of the Company or its Advertisers.
- To Comply with Legal Process: To satisfy, in good faith, any applicable law, legal process, or proper governmental request, such as to respond to a subpoena, whether civil or criminal, or similar process.
- To Investigate Wrongdoing and Protect the Company or Third Parties: To enforce the Company’s Terms of Service or other policies or to investigate any potential violation of those Terms and policies, any potential violation of the law, or to protect the Company, its clients, or any third party from any potential harm – whether tangible or intangible.
- In Connection with a Sale of the Company: If a third party acquires some or all of the Company’s business or assets, the Company may disclose a user’s information in connection with the sale. Such disclosure includes, but is not limited to, disclosure during due diligence in preparation for the sale.
The Company also either currently shares, or will in the future share, technical data that it collects about a user’s browsing habits and its device, such as data that relates to the Company’s cookies, tracking pixels, and similar technologies. Such sharing will occur between the Company and other advertising companies within the digital advertising ecosystem. This sharing enables both the Company and them to better target ads to users.
6. Cookies and Related Technologies
Tracking cookies enable the Company to identify a user’s device when the user moves between different Digital Properties. The resulting effect is the Company’s ability to serve targeted advertising to users.
Additionally, the Company uses non-tracking cookies (not unique) in order to store user decisions in terms of a user’s ad and opt-out choices.
7. User Choices and Opting-Out
The Company recognizes how important a user’s online privacy is to them, so the Company offers the following options for controlling the targeted ads a user receives and how the Company will utilize a user’s data:
- A user can opt out of receiving personalized ads served by the Company or on the Company’s behalf by deactivating the Company’s BitBounce service.
- In some cases, the Company may link multiple browsers or devices to a user. If a user opts out on a browser or device and the Company has more such browsers or devices linked to them, then, absent a user’s written request to the contrary, the Company will extend the user’s opt out decision to the other linked browsers and devices. Since the Company only links users across browsers on devices in some conditions, there could be cases where the user is still being tracked in a different browser or device the Company has not linked, and where the Company is treating the same user across multiple browsers or devices as a different user.
- While the Company is in the process of becoming a member of the Network Advertising Initiative (the “NAI”), it still wholly adheres to the NAI Codes of Conduct. A user may utilize the NAI opt out tool here, which will allow a user to opt out of seeing personalized ads from the Company and from other NAI-approved member companies.
- The Company also wholly complies with the Self-Regulatory Principles for Online Behavioral Advertising as managed by the Digital Advertising Alliance (the “DAA”). Via the DAA website, a user may opt out of receiving personalized ads from other companies that perform ad targeting services, including some that the Company may now, or in the future, work with as advertising partners.
- The Company also wholly complies with the Canadian Self-regulatory Principles for Online Behavioral Advertising as managed by the Digital Advertising Alliance of Canada (the “DAAC”). Via the DAAC website, a user may opt out of receiving personalized ads from other companies that perform ad targeting services, including some that the Company may now, or in the future, work with as advertising partners.
- The Company also wholly adheres to the European Interactive Advertising Digital Alliance (the “EDAA”) guidelines for online advertising. A user may accordingly opt out via their Your Online Choices website here.
Please note that when using the ad industry opt-out tools described above:
- If a user opts out, their browser may still send the Company data that includes, but is not limited to, the user’s IP address. However, the Company isolates this data and does not use it other than for accounting and, in some cases, for fraud prevention. If a user has opted-out on that particular browser, the Company does not, and will not, use this data to personalize ads for the user or to track the user.
- If a user utilizes multiple browsers or devices, the Company will additionally opt out only those browsers and devices that the Company has linked to the user. Since the Company may not have all of a user’s browsers or devices connected back to any one user, a user may need to execute this opt out on each browser or device.
- Other ad companies’ opt-outs may function differently than the Company’s opt-out procedures described within this Notice.
To opt out of receiving targeted ads that are based on a user’s behavior across different mobile applications, please follow the instructions below:
- iOS 7 or Higher: Go to Settings → Select Privacy → Select Advertising → Enable the “Limit Ad Tracking” setting.
- Android Devices with OS 2.2 or Higher and Google Play Services Version 4.0 or Higher: Open Google Settings app → Ads → Enable “Opt out of interest-based advertising.”
Importantly, opting out will not prevent a user from seeing ads. However, those ads remaining to be seen will likely be less relevant because they will not be tailored to the user’s particular interests, patterns, behaviors, etc. Such ads might, for example, be randomly generated or based upon the specific web page a user is visiting.
Some Internet browsers allow users to send a "Do Not Track" signal to websites that they visit. At this time, the Company does not respond to this signal.
Additionally, if a user is located within a European Territory, then the user will also have additional data protection rights. These are described within Section 11 below.
8. Data Retention
The Company retains personal data that it collects directly for targeting purposes. For identifiable data that the Company holds on behalf of an Advertiser, such as, but not limited to, their email address list, the Company will retain such data up until the Advertiser asks the Company, in writing, to delete it.
Personal data collected for other purposes is held no longer than necessary for our business purposes. For instance, we retain impression and click data to ensure we can meet auditing requirements related to services provided or to meet legal requirements.
The Company applies technical, administrative, and organizational security measures in order to protect the data it collects against accidental or unlawful destruction and loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against other unlawful forms of processing.
10. International Transfers
The Company may transfer the information it collects about users to countries, including the United States of America, other than the country where the Company originally collected it for the purposes of storage and processing of data and operating the Company’s services. In general, these countries will be the countries in which the Company, its Advertisers, or the Company’s or its Advertisers’ service providers operate.
Importantly, those countries may not have the same data protection laws as a user’s own home or resident country. However, when the Company transfer’s a user’s information to other countries, the Company will employ commercially reasonable best efforts in order to protect that information as described in this Notice and take steps, where necessary, to ensure that international transfers comply with applicable laws.
For instance, when the Company transfers a user’s information from a European Territory to itself within the United States, the Company does so under the European Commission's Standard Contractual Clauses.
11. Additional Data Protection Rights for EEA Residents
If a user is a resident of a European Territory, they have the following enhanced rights under EU data protection law:
- If a user wishes to access, correct, update, or request deletion of their personal information, then the user can contact the Company using the contact details provided in Section 13 below.
- The user can object to processing of their personal information or ask the Company to restrict processing of their personal information. If the user wishes to exercise such rights, they may do so by contacting the Company using the contact details provided in Section 13 below.
- Similarly, if the Company has collected and processed a user’s personal information with their consent, then the user can withdraw their consent at any time. Withdrawing consent will not affect the lawfulness of any processing the Company conducted prior to withdrawal, nor will it affect processing of a user’s personal information conducted in reliance on lawful processing grounds other than consent. Specifically, a user can withdraw consent for the Company to drop its cookie by informing the Company, in writing, of such withdrawal.
- A user has the right to complain to a data protection authority about the Company’s collection and use of their personal information. For more information, please contact the appropriate, local data protection authority. For convenience, the contact details for data protection authorities within the European Territories are available here. However, if a user has any questions about the Company’s collection and use of their personal information, the Company requests that the user please first contact the Company at firstname.lastname@example.org. If the user is unable to obtain the information or resolution that they seek, they may also contact the Company’s Data Protection Officer at email@example.com.
Please do note that the Company may have no direct relationship with the individuals whose personal data it processes on behalf of its clients and, if applicable, partners. Where the Company acts as a processor for its clients and, if applicable, partners, the user should direct any requests to access, correct, update, or delete their personal data to only the respective client or partner. The Company will, to the best of its ability, respond to any requests by a client or, if applicable, partner to provide assistance with such requests within thirty (30) days.
12. Changes to this Notice
Changes to this Notice will be posted on this page. If the Company makes a material change to its privacy practices, it will provide notice on the site or by other means as appropriate.
If the Company is required by applicable data protection laws to obtain a user’s consent to any material changes before such changes come into effect, then the Company will do so in accordance with law.
13. Contact the Company About Questions or Concerns
If a user has any questions about this Notice or the Company’s privacy practices, they can contact firstname.lastname@example.org.
If a user is in the EEA, please note that the Company is in the process of securing EEA representation.
If a user wishes to escalate their inquiry after contacting the legal team, the user is welcome to contact the Company’s Data Protection Officer:
Attn: Zaid Ali, BitBounce Ads DPO
55 E. 3rd Avenue
San Mateo, CA 94401