This Policy does not apply to Personal Data for which Company is acting as a processor on behalf of a controller such as when we perform Services on behalf of our business customers (e.g., where we do not determine the purpose and means of the data processing).
1. What Personal Data We Collect
“Personal Data” means any data that identifies, relates to, describes, or is reasonably capable of being associated, linked or linkable with a particular individual or household.
The types of Personal Data we collect and process includes:
- Identifiers: A real name, alias, unique personal identifier, government IDs (such as driver’s license or passport number), online identifier, device IDs, IP address, email address, account name, or other similar identifiers.
- Demographic information: Including age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex, sexual orientation, veteran or military status, genetic information and any other characteristics of protected classifications under U.S. state or federal law.
- Commercial information: Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, payment information, and information that you submit through reviews or customer service requests.
- Biometric information: Face and voice scans that you provide to us so we can create AI generated avatars of you. This information is not used for identification purposes.
- Internet or other similar network activity: Data collected via cookies, scripts, web beacons, and other technologies including your IP address, browsing and search history (such as the date and time you access the Services and the pages and content you access during your visit), language preferences, websites that you link to or from, whether you receive or open an email or other communication from us, and the links you click on within those emails, data from your mobile device or your computer about how you interact with the Services, including unique device identifier, mobile network data, the type of device used and the operating system on that device, browser type, a list of files downloaded or pages viewed, any errors encountered, and information on your interaction with advertisements including information shared by social media companies and account providers that you may use to connect with our Services.
- Geolocation data: Physical location or approximate location through a device’s IP address or the location sharing enabled on your device.
- Audio and visual information: Visual information that you may submit through customer service requests or reviews. Audio that is captured during customer service calls.
- Inferences drawn from other Personal Data: Profile reflecting a person's preferences, characteristics behavior, and attitudes.
- Sensitive Personal Data: such as: account log-in and passwords that allow access to your account with us.
We may also retain and use your Personal Data in an anonymized or de-identified format. Such data is not subject to the same usage restrictions as Personal Data as it does not directly (or indirectly) reveal your identity. We may use deidentified data to improve the Services, conduct research, or for our other business purposes as outlined below.
We may combine the Personal Data (excluding any sensitive Personal Data) we gather about you with Personal Data from third parties. We may use this Personal Data, for example, to improve and personalize the Services, other products and services, content, and advertising.
Please note that failure to provide certain Personal Data may result in company being unable to provide you with the Services.
2. How We Collect Personal Data
We collect Personal Data from a variety of sources, including:
- Directly from you. For instance when utilizing the Services, signing up for or log into an account, communicating with us through the Services, submitting or responding to our inquiries, or filling out a form from us or surveys.
- Automatically as you utilize the Services. We may receive Personal Data from you in connection with content, widgets, cookies, components, or other tools deployed on or used by the Services, including from third parties. Please note that third parties may collect or share Personal Data about your online activities over time and across third-party websites and online services. These third parties may provide us Personal Data in connection with content, widgets, components, cookies, or other tools offered on the Services. They may use this Personal Data to provide you with interest-based advertising or other targeted content, and for other purposes. We may not control Personal Data once collected by these parties. For more information about these types of tracking technologies, see Section 4 “Cookies.”
- From third parties. We may collect Personal Data from emergency response personnel, medical providers, your emergency contacts, advertisers, marketing service providers, analytics services, affiliates, promotional partners, and application providers.
3. Purpose of Data that We Collect
The chart below describes what purposes we use Personal Data for and why. It also sets out the ‘lawful basis’ we rely on for processing that Personal Data, which is a requirement under certain data protection laws, including in the UK/EU.
Company relies on one or more of the following legal bases for processing:
- We have obtained consent from you for such processing for one or more specific purposes. Where we rely on your consent, you may withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before withdrawal. However, withdrawal of consent may result in the ineffectiveness of or our inability to provide the Services.
- Processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contract.
- Processing is necessary to protect the vital interests of a data subject or of another natural person.
- Processing is necessary for compliance with a legal obligation to which company is subject.
- Processing is necessary for the purposes of our or a third party’s legitimate interest. Where relying on legitimate interests for processing, such legitimate interests may include any or all the uses detailed above in this Policy, taking into consideration reasonable expectations of data subjects based on the relationship with us.
We will only process your sensitive Personal Data in the following circumstances:
- To provide the Services you have requested.
- Comply with law and satisfy our legal, regulatory, and compliance rights and/or obligations.
- Provide you data that you request from us or otherwise respond to your communications and questions.
- Fulfill any other purpose for which you provide your Personal Data to us and for other purposes disclosed to you in connection with our products and Services.
- Where it is necessary to protect you or another person from harm.
- Where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent.
Purpose
Type of Personal Data
Lawful Basis
Categories of Recipients
Provide the Services, including to facilitate critical incident response
- Identifiers
- Demographic information
- Commercial information
- Biometric information
- Internet or other similar network activity
- Geolocation data
- Audio and visual information
- Inferences drawn from other Personal Data
- Sensitive Personal Data
- Service Providers
- Professional Advisors, Law Enforcement and Regulators
Facilitate payment for the Services and other critical incident response services
- Identifiers
- Demographic information
- Commercial information
- Internet or other similar network activity
- Geolocation data
To provide AI generated avatars on your request
- Identifiers
- Demographic information
- Biometric information
- Internet or other similar network activity
- Geolocation data
- Inferences drawn from other Personal Data
Set up and manage your accounts and subscriptions
- Identifiers
- Demographic information
- Commercial information
- Internet or other similar network activity
- Geolocation data
- Inferences drawn from other Personal Data
- Sensitive Personal Data
- Service Providers
- Professional Advisors, Law Enforcement and Regulators
Provide you with a customized experience when you visit the Services
- Identifiers
- Demographic information
- Commercial information
- Biometric information
- Internet or other similar network activity
- Geolocation data
- Audio and visual information
- Inferences drawn from other Personal Data
- Legitimate interests (to provide you with the best experience on the Services).
- Service Providers
- Advertising and Marketing Partners
Communicate with you about products and services not related to marketing, including changes to our terms or policies, changes to the Services, technical notices, security alerts, and support and administrative messages.
- Identifiers
- Commercial information
- Internet or other similar network activity
- Geolocation data
- Performance of contract
- Legitimate interests (to keep you informed about our products and Services).
- Affiliated Organizations
- Service Providers
Facilitate, record, and store communications, including responding to your questions.
- Identifiers
- Demographic information
- Commercial information
- Internet or other similar network activity
- Geolocation data
- Audio and visual information
- Legitimate interests (to make sure we can respond to and keep in touch with you).
For marketing and advertising such as to provide data about new or related products and services we may offer and other business development, marketing, and promotional activities
- Internet or other similar network activity
- Inferences drawn from other Personal Data
- Legitimate interests (to promote our Services).
- Advertising and Marketing Partners
To analyze use of the Services and improve your experience
- Internet or other similar network activity
- Inferences drawn from other Personal Data
- Legitimate interests (to evaluate and improve the performance and quality of the Services to and to understand the Services audiences, develop business strategies and marketing plans).
Secure our systems and applications and to help detect and prevent fraud and other prohibited, illicit, or illegal activity
- Internet or other similar network activity
- Inferences drawn from other Personal Data
- Legitimate interests (to protect our business).
- To comply with our legal and regulatory obligations.
- Professional Advisors, Law Enforcement and Regulators
Operate our business, including support for transactions impacting our company (such as mergers, acquisitions, reorganizations, underwriting or asset purchases)
- Internet or other similar network activity
- Audio and visual information
- Inferences drawn from other Personal Data
- Legitimate interests (for running our business).
- Professional Advisors, Law Enforcement and Regulators
Defend and enforce our legal rights
- Internet or other similar network activity
- Audio and visual information
- Inferences drawn from other Personal Data
- Legitimate interests (to protect our business, interests, and rights).
- To comply with our legal and regulatory obligations.
- Professional Advisors, Law Enforcement and Regulators
Monitor and enforce our contracts, legal terms, acceptable use or other policies or similar terms
- Internet or other similar network activity
- Audio and visual information
- Inferences drawn from other Personal Data
- Legitimate interests (to make sure our policies and procedures are being followed).
- To comply with our legal and regulatory obligations.
- Professional Advisors, Law Enforcement and Regulators
4. Cookies
We use cookies or similar technologies on the Services. You may use the Digital Advertising Alliance’s tool to send requests for a web browser to opt out of the sale of Personal Data by some or all of that framework’s participating companies by accessing the DAA’s tool here: https://www.privacyrights.info/, or by downloading the DAA’s AppChoices mobile application opt-out here: https://www.privacyrights.info/appchoices.
5. Data Retention
We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint, for purposes of record keeping, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
6. How We Secure Your Data
We are committed to maintaining measures to protect the security of your Personal Data maintained in our systems and have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk. However, no network or system is ever entirely secure, and we cannot guarantee the security of networks and systems that we operate or that are operated on our behalf. If we face a security breach, we will notify you as required by law.
The safety and security of your Personal Data also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of the Services, you are responsible for keeping this password confidential. You should not share your password with anyone.
7. With Whom We Disclose Personal Data
We may disclose Personal Data with:
- Affiliated Organizations. We may disclose your Personal Data with our parent organizations, subsidiaries, affiliates, joint ventures, or other organizations or entities under common control with us.
- Service Providers. We work with third parties to help us provide the Services and to support internal operations including by processing Personal Data on our behalf. The service providers have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. We work with different types of third parties, presently including:
- Data hosting,
storage and cloud service providers;
Payment processors;
Security service providers;
Technical and customer support providers;
Marketing and analytics providers; and
Other third parties that may be disclosed to you. - Advertising and Marketing Partners. We may disclose Personal Data with marketing partners to help us: (1) identify products and services that may be of interest to you; and (2) identify new customers with similar interests. We may also disclose your Personal Data with businesses that we have partnered with to jointly create and offer a product, service, or joint promotion. How an unaffiliated business processes your Personal Data is not governed by this Policy but by that business’ own respective privacy policies.
- In Connection to a Transaction. In the event of a transaction or reorganization impacting us as an entity or organization, we may disclose your Personal Data to facilitate such transaction. We may disclose your Personal Data in connection with, or during the diligence or negotiation of, any merger, sale of company stock or assets, financing, acquisition, restructuring, divestiture or dissolution of all or a portion of our business, or other similar event.
- Professional Advisors, Law Enforcement and Regulators. Professional Advisors, Law Enforcement and Regulators. We disclose Personal Data with our professional advisors who provide legal, compliance, auditing, accounting, banking, consulting, or other professional services, and with regulators, law enforcement, or government agencies, including to:
- Comply with our legal and regulatory obligations, including those compliance obligations of federal, state or local regulators;
- Protect our interests, property or legal rights, or those of our customers or third parties;
- Respond to a subpoena, court order, or similar law enforcement request, or when we believe in good faith that the disclosure of Personal Data is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of this Policy or other applicable terms; and
- For other legal purposes, such as to enforce our terms and conditions, or to exercise or defend legal claims.
- Other Disclosures. In addition to the above disclosures, we may disclose Personal Data in the event that we believe such disclosure is: (i) necessary to provide our products and services or operate our business; (ii) in accordance with purposes we describe when you share it with us; (iii) permitted by law; or (iv) with your consent or at your direction.
As permitted by applicable law, we may disclose aggregated or deidentified data that does not identify any individual without restriction.
8. Do Not Track Signals
We do not respond to “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of Personal Data about an individual consumer’s online activities over time and across third-party websites or online services.
9. U.S. Residents - Children Under Age 18
Company does not knowingly collect personally identifiable information from children under 18 without parental consent. In the event that we learn that we have collected such information from a child under the age of 18 without parental consent, we will delete this information from our database as quickly as possible. If you believe we have collected any personally identifiable information about anyone under 18, please contact us at dataprivacy@touchcast.com.
10. For Residents of California
This section applies to residents of California.
Your Privacy Rights:
Under the California Consumer Protection Act (as amended by the California Privacy Rights Act), you have the follow rights as to your Personal Data:
- Right to Access. You can request that we confirm whether we process your Personal Data and, if the Personal Data is available in a readily usable digital format, obtain a copy of the Personal Data you previously provided us.
- Right to Correct. You can request that we correct inaccurate Personal Data that we maintain about you, subject to certain exceptions.
- Right to Delete. You can request that we delete your Personal Data that we maintain about you, subject to certain exceptions.
- Right to opt out sales and sharing. For Personal Data you provide us through the Services (e.g. email address when you create an account), you can request that we not sell, or share such Personal Data by emailing us at dataprivacy@touchcast.com.
For purposes of this section, “sell” means the sale of your Personal Data to an outside party for monetary or other valuable consideration, while “share” means using your Personal Data to create personalized advertising for you based on your activity across multiple sites and third parties. - Right to opt out of profiling. We do not profile in furtherance of decisions that produces a legal or similarly significant effect.
We will not discriminate against you because you made any of these requests.
Requests to access, correct, delete, and/or appeal can be submitted online by emailing us at dataprivacy@touchcast.com. In order to identify you within our systems, you will need to provide your full name, email, as well as the state and country where you reside. We may deny certain requests, or fulfill a request only in part, based on our legal rights and obligations. For example, we may retain Personal Data as permitted by law, such as for tax or other record keeping purposes, to maintain an active account, and to process transactions and facilitate customer requests.
Note that for purposes of these requests, Personal Data does not include data about job applicants, current or former employees, other of our personnel, dependents, and/or beneficiaries; data about employees and other representatives of third-party entities we may interact with; or data we have collected as a service provider to our clients.
We will take reasonable steps to verify your identity prior to responding to your requests. The verification steps will vary depending on the type of request, sensitivity of the Personal Data that is the subject of the request, and whether you have an account with us.
You may designate an authorized agent to make a request on their behalf. If you choose to submit a privacy request through an authorized agent, we may require that you provide the agent with written permission to do so, and that the agent verify their own identity with us. If your privacy request is submitted by an agent without proof that they have been authorized by you to act on your behalf in accordance with applicable law, we may deny the request. We also reserve the right, in our sole discretion, to reach out to you directly to confirm that the agent is in fact authorized to make this request on your behalf to the extent allowable under applicable law, including where verification is insufficient or the nature of the Personal Data subject to the request is sensitive in nature.
Additional Privacy Disclosures:
The table in Section 3 above shows what categories of Personal Data we have collected and processed as well as the categories of third parties with whom we shared such Personal Data, within the last twelve (12) months. Information about what Personal Data we collect, and the sources of that Personal Data we process are further described above in Sections 1 and Section 2 of this Policy.
- Sales and sharing of Personal Data : In the preceding twelve months we have not sold your Personal Data for monetary consideration. However, certain state privacy laws define “sale” in such a way that disclosing or making available identifiers linked to you (e.g. IP address) for any benefit may be considered a “sale”. In which case, we have sold Personal Data in the preceding twelve months. The categories of Personal Data we sold included: identifiers, commercial information, internet or other similar network activity, and geolocation (through IP address).
Additionally, in the preceding twelve months we have disclosed Personal Data for cross contextual behavioral advertising purposes (also known as “sharing”). The categories of Personal Data we disclosed included: identifiers, commercial information, internet or other similar network activity, and geolocation (through IP address). We may “sell” or “share” the foregoing categories of Personal Data to the categories of third parties described in the “Categories of Recipients” column in the chart above and Section 4 of this Policy for the purposes described in the “Purpose of Processing” column in the chart above and Section 3 of this Policy. - California’s Shine The Light Law. If you are a California resident, you can request a notice disclosing the categories of Personal Data we have shared with third parties for the third parties’ direct marketing purposes. To request a notice, please submit your request by postal mail to the contact information listed below.
11. For Residents of the European Economic Area (EEA) and United Kingdom (UK) - Your Legal Rights
By law, you have a number of rights when it comes to your Personal Data. Some of these rights apply generally, while others will only apply in certain circumstances. Further information and advice about your rights can be obtained from the national data protection regulator.
For all rights, we usually act on requests and provide information free of charge, but, where allowed under the law, we may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests, or further copies of the same information. Alternatively, we may be entitled to refuse to act on the request in some circumstances. We’ll try to respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
You may have the following rights:
- Right to be informed. You have the right to be provided with clear, transparent, and easily understandable information about how we use your Personal Data and your rights. This is why we’re providing you with the information in this Policy.
- Right of access. You have the right to access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
- Right of rectification. This allows you to have your information corrected if its inaccurate or incomplete.
- Right to withdraw consent. If you have given your consent to anything we do with your Personal Data, you have the right to withdraw your consent for the processing of Personal Data at any time (although it does not mean that anything we have done with your Personal Data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your Personal Data for marketing purposes.
- Right to be forgotten/erasure. This allows you to request the deletion or removal of your Personal Data where there is no compelling reason for us to keep using it. We may not always be able to comply with your request for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Right to restriction of processing. You have rights to ‘block’ or suppress further use of your Personal Data where one of the following applies:
- You contest the accuracy of the Personal Data.
- The processing is unlawful and you oppose the erasure of the Personal Data.
- We no longer need the Personal Data for the purposes of the processing, but you require the Personal Data for the establishment, exercise, or defense of legal claims.
- You have objected to processing and the objection is pending verification as to whether our legitimate grounds override your objection.
- When processing is restricted, we can still store your information, but may not use it further.
- Right to portability. You have the right to receive Personal Data concerning you, which you provided to us, in a structured, commonly used and machine-readable format and to reuse your Personal Data for your own purposes across different services.
- Right to object. You have the right to object to certain types of processing, including processing on the basis of legitimate interests and/or processing for direct marketing purposes.
- Right to lodge a complaint.You have the right to lodge a complaint with a national supervisory authority about the way we handle or process your Personal Data.
- Right to opt out of profiling. Automated decisions are decisions made without human intervention that produce a legal or similarly significant effect. We do carry out this type of processing
To exercise any of the rights described in this section, please contact us at dataprivacy@touchcast.com.
12. International Data Transfers
Company operates globally and may engage in international transfers of Personal Data to the categories of parties described in the “How We Share Personal Data” Section, and internally, within the Company organization. We transfer Personal Data across borders for the purposes described above in this Policy, including as necessary to operate our business and to provide and support the Services.
Whenever we transfer your Personal Data outside of the UK/EEA, we will always ensure it is protected by reasonable safeguards, including (but not limited to) only transferring Personal Data to countries that have been deemed by the UK Information Commissioner’s Office or the European Commission to provide an adequate level of protection, or by using specific contractual protections, such as standard contractual clauses (see European Commission: Model contracts for the transfer of personal data to third countries and United Kingdom Addendum).
13.Third-party links
Our Services may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. When you leave the Services, we encourage you to read the privacy policy of every other website you visit.
14. Changes to this Policy and your duty to inform us of changes
We keep our Policy under regular review and may update it from time to time. Any changes will be posted on the Services and, where appropriate, notified to you.
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
15. Contact Information
If you have questions about this Policy, you may contact us at:
Attention: Data Protection Officer
609 Greenwich Street, 4th Floor,
New York, NY 10014, USA
Email: dataprivacy@touchcast.com
