Note: this privacy policy can be printed by clicking the Print icon, or an audio version can be obtained by emailing privacy@exponential.com. |
Last updated: January 22, 2021
INTRODUCTION
Exponential Interactive, Inc. (“we”, “us” or “our”) is an advertising media services company whose clients and customers are online advertisers (“Advertisers”) and digital content providers (“Digital Content Providers”) (collectively, our “Partners” or “affiliates”). We help our Partners reach their target audiences and grow through ad sales. Learn more about us at exponential.com.
PURPOSE
This Privacy Policy (“Policy”) explains how we collect, store, use, disclose, and safeguard personally identifiable information, personal information or data about you (collectively, “your information”) when you visit our website at exponential.com (“Site”) or in relation to the services we provide our Partners. We are committed to protecting your privacy and processing your information in accordance with all applicable privacy and data protection laws, rules, and regulations, such as the European Union General Data Protection Regulation 2016/679, as amended (“GDPR”) and the California Consumer Privacy Act of 2018, as amended (“CCPA”).
Please read this Policy carefully. When you use this Site, you consent to our collection, use, and disclosure of your information as described in this Policy. If you do not agree with the terms of this Policy, do not use this Site.
INFORMATION WE COLLECT AND HOW WE USE IT
We may collect, transmit, and store your information provided to us from various sources – directly from you, from online technology, and from other sources.
Directly from You
We collect your information directly from you and for the following purposes when you:
- submit a job application, a resume, cover letter, or social media profile to a job vacancy, or interview with us;
- enter into an employment contract with us;
- complete forms, conduct searches, post content on our Site, respond to surveys, or use any features on our Site;
- provide feedback to us by phone, email, or physical mail;
- interact with us on our social media accounts, including LinkedIn, Twitter, and Facebook;
- subscribe to any marketing materials; and
- participate in contests sponsored by us.
Online Technology
We may automatically collect certain information when you use our online technology. Such information includes:
- Internet Protocol (“IP”) Address: An address provided by your internet service provider to connect you to the internet and enable delivery of all online requests precisely as you requested.
- Cookie Identifier: A cookie – or data file – with a unique identifier that we set from our webpage “tribalfusion.com”.
- User Agent: A software such as a web browser that acts on your behalf and enables your interaction with web content.
- Clickstream Data: Information about your interaction with a webpage (e.g., time and date you visited the page; page web address; title of ad shown; topics (such as “beach” or “Caribbean”) that we interpret (as “summer vacation”) from the page.
Other information that may be collected includes browser session location information, internet service provider (“ISP”), pages that you visit before, during and after using our Site, information about the links you click, and other information about how you use our online technology. Information we collect may be associated with other similar devices.
Our Partners
Our Partners receive your information when you visit or use their services or through third parties they work with. We require our Partners to have lawful rights to collect, use and share your information before giving us any of your information. A list of Partners we receive data from is available at our Partnerships page.
We may also partner with analytics vendors such as Google Analytics to allow tracking technologies and remarketing services on this Site through the use of first- and third-party cookies to analyze and track users’ use of this Site, determine the popularity of certain content, and better understand online activity.
By accessing this Site, you consent to the collection and use of your information by these third-party vendors. You are encouraged to review their privacy policy and contact them directly with any questions. We do not transfer your information to these third-party vendors. However, if you do not want any information to be collected and used by tracking technologies, contact the responsible third-party vendor or use the Digital Advertising Alliance Opt-Out Tool or the Networking Advertising Initiative Opt-Out Tool.
Other Third Party (Non-Partner) Websites
Our Site may also contain links to third party (non-Partner) websites, including ads and external services, that are not affiliated with us. Once you have used these links to leave this Site, any information you provide to these third parties is not covered by this Policy. Before visiting and providing any information to a third party (non-Partner) website, please inform yourself of the privacy policies and practices (if any) of the third party responsible for that website. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services or applications that may be linked to or from this Site. For more information about opting-out of interest-based ads, visit the Digital Advertising Alliance Opt-Out Tool or the Networking Advertising Initiative Opt-Out Tool.
We and our Partners may use web beacons, tags, advertising identifiers, and similar technology (“cookies”) in relation with your use of this Site and in the provision of our services. Such cookies may contain unique identifiers and reside on your web-connected device(s), in emails we send you, and on our Site. Cookies may transmit information about you and your use of this Site, such as your browser type, search preferences, IP address, data relating to ads displayed to you or that you have interacted with, and the date and time of your use. Cookies may be persistent or stored only during an individual session.
The purposes for which we use cookies include:
- Legal obligations: We may share your information as permitted or required by any applicable law, rule, or regulation if we believe your information is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect our rights, property, or safety or to protect the rights, property, or safety of others.
- Provide measurement, analytics, and other business or commercial services: We use the information we collect about you to help Partners measure the effectiveness and distribution of their ads and digital content, and understand the consumers who use their services, including how people interact with their websites and services.
- Troubleshoot problems to increase the efficiency and operation of this Site: We monitor and analyze usage and trends internally to improve your experience with this Site.
- Communicate with you: We use your information to respond to you when you contact us.
Opt Out
If you do not want cookies on your device, you can change the settings on your browser or device to reject cookies. For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser or visit About Cookies. If you reject cookies, you may still use our Site, but your ability to use some features or areas of our Site may be limited.
THIRD PARTIES
Generally, we are not responsible for the actions of third parties that you share personal or sensitive data, and we have no authority to manage or control any solicitations from non-Partner third parties (e.g., third parties we are not affiliated with). If you do not want to receive emails or other communications from third parties, you are responsible for contacting each third party directly.
The categories of third parties that may receive information about you are:
- Partners: We may share your information with our Partners for the purpose of conducting general business analysis. We may also share your information with such third parties for marketing purposes, as permitted by law. We adhere to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising, as amended from time to time. Third parties may be able to associate the information they collect with other information they have about you from other sources. We do not necessarily have access to or control over the cookies they use, but you may be able to opt out of some of their practices by contacting the responsible third-party vendor or the Digital Advertising Alliance Opt-Out Tool or the Networking Advertising Initiative Opt-Out Tool.
Please note that even after you withdraw your consent, we may continue to process your personal information when required or permitted by law such as exercising and defending our legal rights or meeting our legal and regulatory obligations. - NAI Health-Related Targeting Segment Notice: As an NAI member, Exponential is required to fully and publicly disclose health-related audience segments for tailored advertising and provide a representative sample of custom audience segments used for the same purposes. Exponential does not receive, use, or transmit personally identifiable health information but does use aggregated and deidentified data to help determine health-related audience segments (i.e., wellness, beauty, fitness, etc.). A representative sample of health-related audience segments for advertiser targeting (i.e., inferred from user interaction with related ads or sites) is available on our NAI Healthcare Targeting Segment Declaration page at https://exponential.com/nai-health-targeting-segment-declaration/.
- Aggregate or Deidentified Information: We receive and share information in the aggregate with third parties in connection with advertising programs and data analytics. For example, we may provide our Partners with the number of users who have been exposed to or interacted with certain ads.
- Business Transfers: We may share information from or about you with companies under common control and require them to also honor this Privacy Policy. If another company acquires us, or all or substantially all of our assets, such company will possess the same information.
- Investigations and Legal Disclosures: We may investigate and disclose your information if we have a good faith belief that such investigation or disclosure: (i) is reasonably necessary to comply with legal, regulatory or law enforcement processes, such as a search warrant, subpoena, statute, judicial proceeding, or other legal or regulatory process or law enforcement request; (ii) is helpful to identify, investigate or prevent possible wrongdoing related to our Site or Partners; or (iii) is necessary to protect our rights, or reputation.
- Links: The Site may link to the websites of third parties that we are not affiliated with. We do not share your information with non-affiliated third parties and are not responsible for their privacy practices.
- Third Party Integrations: If you use your account with a third party service such as LinkedIn, Facebook, or other similar third party service to connect with us via our company third party services page or profile, we may receive information about you from such third party service. If you post content to your third party service account to our company third party service page or profile, that third party service will also receive the content you posted, which will also be visible to anyone that has access to it through that third party service.
DATA RETENTION
You can request removal of your information by contacting us as outlined in Section 7 (Contact Information) below. We may retain your information as necessary for the purpose(s) for which we collected it and in accordance with our legal obligations and legitimate business interests. We may also maintain residual copies of your information in our backup systems as required by law.
CHILDREN’S PRIVACY
Our Site and services are not intended for children. We do not knowingly collect, maintain, or sell the personal information of children under the age of 13, and in some jurisdictions the personal information of children under the age 16. If you are under the age of 13 (or under the age of 16 in some jurisdictions), please do not access our Site or use our services. If we learn that we have inadvertently collected personal information of children under the age of 13 or 16 (as applicable), we will delete such information unless otherwise required by applicable law, regulation, or rule.
SECURITY
We use commercially reasonable administrative, technical, and physical security measures to safeguard your information. However, no means of security is ever absolutely secure as all information transmitted over the internet or via any device is vulnerable to interception and misuse by unauthorized parties. As such, we cannot guarantee total security of your information.
CONTACT INFORMATION
Please contact us with any questions or concerns about this Policy using the information below:
United States Address
Exponential Interactive, Inc.
Attn: Legal Department
5858 Horton Street, Suite 300
Emeryville, CA 94608
United Kingdom Address
Exponential Interactive, Inc.
Attn: Data Privacy Officer
30 Stamford Street
London, SE19LQ
Email
privacy@exponential.com
Phone
(510) 250-5500
To protect the security of your information, we will take steps as we deem necessary to confirm your identity before completing your request or sharing any personal information with you.
CHANGES TO THIS POLICY
We reserve the right to update this Policy at any time and for any reason. Any changes or modifications will be effective as of the “Effective Date” at the top of this Policy. We will notify you about any changes to this Policy by updating the “Last updated” date at the top of this Policy. In some cases, we may also notify you of updates by adding a statement to our Site homepage or via email.
We encourage you to review this Policy from time to time to stay informed about our privacy practices and your options. By continuing to access or use this Site after those updates become effective, you agree to the terms of the then-current Policy.
CALIFORNIA RESIDENT PRIVACY RIGHTS
Under the California Consumer Privacy Act of 2018 (“CCPA“), California residents have certain rights around the collection, use, and sharing of their personal information.
Disclosure or Sale of Personal Information
We have not disclosed or sold any personal information to third parties for any business or commercial purpose in the preceding twelve (12) months. We do not disclose or sell your personal information and will not disclose or sell your personal information in the future without giving you notice and an opportunity to opt out of such sale as required by law.
We do not offer financial incentives associated with our collection, use, or disclosure of your personal information.
We collect various categories of personal information when you use this Site or Partner sites, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A detailed description of the information we collect and how we use it is provided above in Section 1 (Information We Collect and How We Use It). Section 3 (Third Parties) describes the categories of third parties with whom we share personal information, and what information may be shared and when.
Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
Category |
Examples |
Collected |
A. Identifiers |
A real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. |
Yes |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) |
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information in this category may overlap with other categories. |
Yes |
C. Protected classification characteristics under California or federal law |
Age (forty (40) years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
Yes |
D. Commercial information |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
Yes |
E. Biometric information |
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
No |
F. Internet or other similar network activity |
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. |
Yes |
G. Geolocation data |
Physical location or movements. |
Yes |
H. Sensory data |
Audio, electronic, visual, thermal, olfactory, or similar information. |
No |
I. Professional or employment-related information |
Current or past job history or performance evaluations. |
Yes |
J. Non-public education information (Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99)) |
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
No |
K. Inferences drawn from other personal information |
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
Yes |
Under the CCPA, personal information does not include:
- Publicly available information from government records;
- De-identified or aggregated consumer information;
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended, and the California Confidentiality of Medical Information Act (“CMIA”) as amended, or clinical trial data; or
- Sector-specific privacy laws, including the Fair Credit Reporting Act (“FRCA”), the Gramm-Leach-Bliley Act (“GLBA”) or California Financial Information Privacy Act (“FIPA”), and the Driver’s Privacy Protection Act of 1994, each as amended from time to time.
We receive the categories of personal information listed in the chart above from the following categories of sources:
- Directly from you;
- Partners or their agents (e.g., information that our Partners give to us related to the services for which they engage us); and
- Directly and indirectly from activity on our Site, such as Site usage details collected automatically.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:
- To fulfill or meet the reason for which the information is provided;
- To provide you with information, products or services that you request from us;
- To improve our Site and its contents to you;
- For testing, research, analysis and product development;
- As necessary or appropriate to protect the rights, property or safety of us, our Partners or others;
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
- As described to you when collecting your personal information or as otherwise set forth in the CCPA; or
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months, we have disclosed the following categories of personal information (listed above) for a business purpose:
- Category A: Identifiers;
- Category B: California Customer Records;
- Category C: Protected classification characteristics under California or federal law;
- Category D: Commercial information;
- Category F: Internet or other similar network activity;
- Category G: Geolocation data;
- Category I: Professional or employment-related information; or
- Category K: Inferences drawn from other personal information.
We disclose your personal information for a business or commercial purpose to the following categories of third parties:
- Our Partners;
- Service providers; and
- Third parties to whom you or your agents authorize us to disclose your information in connection with our products or services.
Your Rights Under CCPA
If you are a California resident, you have the following rights:
Information About and Access to Your Personal Information
You have the right to request the following information for the twelve (12) months immediately preceding the date you submit your request to us:
- Categories of information we collect about you (e.g., identifiers such as your name, Social Security number, IP address, email address, postal address, commercial information such as purchasing histories, geolocation data, biometric information, internet activity such as web browsing histories, and professional or employment-related information);
- Sources from which we collected your information (e.g., cookies, pixels, web beacons, marketing companies, or recruiters);
- Categories of your information sold to third parties;
- Categories of your information disclosed for business purposes;
- Categories of third parties to whom your information was sold or disclosed (e.g., advertising partners, affiliates, social media websites, or service providers);
- Business or commercial purposes for which your information was collected or sold (e.g., fraud prevention, marketing, improving customer experience); and
- Specific pieces of information collected about you.
The CCPA also requires that if you request access to your information, we provide you with responsive materials in a readily usable format that allows you to transmit your information from one entity to another without hindrance.
Deletion of Your Personal Information
The CCPA generally permits you to request that we and our direct service providers delete your personal information. However, we are not required to delete your personal information for any of the following reasons:
- if we need your information to complete the transaction for which it was collected;
- to comply with a legal obligation;
- to comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.), as amended;
- to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- to identify and repair errors that impair existing and intended functionality; or
- to make other internal and lawful uses of your information that are compatible with the context in which you provided it.
Once we receive and confirm your request, we will delete (and direct our service providers to delete) your information from our records, unless an exception applies.
Opt Out of the Sale of Your Information
Under the CCPA, you may opt out of the sale of your personal information to third parties. To help you exercise this right, a Digital Advertising Alliance (“DAA”) “CA Do Not Sell My Info” link is available on our homepage. Clicking on the link will allow you to opt out of the sale of your personal information, including its use for interest-based advertising, across all companies participating in the DAA’s mechanism.
Nondiscrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless allowed by the CCPA, we will not:
- Deny you services;
- Charge you different prices or rates for services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of services; or
- Suggest that you may receive a different price or rate for services or a different level or quality of services.
Who May Exercise Your CCPA Rights
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your information. You may also make a verifiable consumer request on behalf of your minor child.
Verifying Consumer Requests
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
A verifiable consumer request must: (i) provide sufficient information that allows us to reasonably verify you are in fact the California resident about whom we collected personal information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing, Format, and Fees
We will respond to a verifiable consumer request within forty-five (45) days of its receipt or as permitted by law. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing (including email).
Any disclosures we provide will only cover the twelve (12)-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive or manifestly unfounded. If we reasonably determine that the request requires a fee, we will tell you why we made that decision and give you a cost estimate in writing before completing your request.
How to Submit Requests
Submit your requests to the information listed in Section 7 (Contact Information) above.
Shine The Light Law
Separate from the CCPA, California Civil Code Section 1798.83, as amended, also known as the “Shine The Light” law gives California residents the right to request and obtain what personal information we share with third parties for those third parties’ direct marketing purposes. We do not disclose your personal information to third parties for such third parties to directly market their services to you. If you have any questions about our Shine The Light Law practices, please contact us as outlined in Section 7 (Contact Information) above.
Do Not Track
California law requires us to tell you know how we respond to web browser Do Not Track (“DNT”) signals. DNT allows users a way to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. We do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
NEVADA RESIDENT PRIVACY RIGHTS
Nevada law (SB 220), as amended, requires website operators to give Nevada residents a way to opt out of the sale of certain information that a website operator may collect about them. We do not sell your personal information to third parties as defined Nevada law, and will not do so in the future without giving you notice and an opportunity to opt-out of such sale as required by law. If you have any questions regarding our compliance with Nevada data privacy law, please contact us listed above in Section 7 (Contact Information).
EUROPEAN RESIDENT PRIVACY RIGHTS
This section applies to European Residents only. A “European Resident” is a resident of a country in the European Economic Area (“EEA”) or Switzerland.
European Union (“EU”) data protection rules, also known as the EU General Data Protection Regulation (“GDPR”), describe different situations when a company like ours is allowed to collect or reuse your personal information.
Our legal basis for collecting and using your information depends on the specific information concerned and the context in which we collect it. We collect your personal information only with your consent or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. We may also have legal obligations to collect your information or may otherwise need your information to protect your vital interests or those of another person. If we ask you to provide personal information to comply with a legal requirement, we will notify you of the legal requirement and the information we require. If we collect and use your information in reliance on our legitimate interests (or those of any third party), our legitimate interest will usually involve operating and improving this Site, communicating with you, marketing purposes, or detecting or preventing fraud. For more information about GDPR, please visit the EU’s “Data protection and online privacy” page. If you have any questions about our compliance with GDPR, please contact us as outlined above in Section 7 (Contact Information).
INTERNATIONAL DATA TRANSFERS
If you reside in the European Union, your personal information may be processed outside of EEA. We take all necessary steps to ensure that your information is adequately protected and processed in accordance with this Policy, using the European Commission’s Standard Contractual Clauses – European Commission-approved contracts that offer personal information the same protection as under European law.