LAST UPDATED: 8/7/2019
Privacy at 33Across
33Across, Inc. and its corporate group affiliates (collectively, “33Across”) provides online publishers and marketers (our “Clients”) with a suite of products and technologies (“Products”, or “Technology”) that provide insights into how content is consumed and shared on their web sites, monetize this content, and drive incremental traffic.
Privacy Practices For Our Technology
How We Use and Protect Information
333Across provides Products that enable Clients to gain insights into how their content is being consumed and shared by end-users. Using browser cookie technology, end-user data is collected across multiple websites to provide these insights and consists of behavioral information regarding the web pages they visit and/or the actions they take on websites, such as copying or sharing content, clicking on hyperlinks or advertising on the page, or signing up for products or services offered by our Clients. We use the collected information to target and display advertisements that may be of interest to users.
Some of our Products insert advertising from our partners on our Client websites. We record information that an ad was requested or shown, and any user interactions with the ad or the page where the ad appears. This information is used for analysis, reporting and troubleshooting.
We categorize website visitors with similar characteristics or interests into non-personally identifiable data segments and offer these segments to our Clients, improving their ability to deliver more relevant advertising or analytics. For example, if a person expresses an interest in comedy films by visiting a page with related content, our Technology would help our Clients characterize other people who are likely to enjoy comedy films based on similarities in browsing or sharing behavior.
We do not knowingly use information that comes from what we consider to be sensitive health information. We may use health-related segments that are inferred from data we collect but are not derived from sensitive health data. Click here for a list of the standard health-related segments that may be used by our platform.
Data Our Technology Collects through Client Websites
Personally Identifiable Information
When we refer to Personally Identifiable Information (“PII”) in this policy, we mean any information used or intended to be used to identify a particular individual, including name, address, telephone number, email address, financial account number, and government-issued identifier. We do not collect PII through Client websites via our Technology.
Non-personally identifiable information
33Across collects only Non-Personally Identifiable Information (“Non-PII”) from the web pages where our Clients deploy our Products. When we refer to Non-PII in this policy, we mean information that does not use a commonly recognized identifier such as name, address, email, or telephone number to identify a particular person. Non-PII includes, but is not limited to, the Internet Protocol (IP) address that your device used to connect to the internet, browser type (for example Internet Explorer or Mozilla), operating system (for example Windows or Macintosh), the URL of Client website pages or sections that you visit, the data you copied or shared, etc. Keep in mind that in certain contexts and jurisdictions, some information that we in this policy regard as Non-PII, such as IP addresses, may be regarded as “personal data” under data protection legislation in the European Union and elsewhere.
Privacy Practices For Our Website
Personally identifiable information
We collect PII exclusively on the 33Across Websites: our main company site (33across.com) and our publisher portal (platform.33across.com), when you choose to provide it to us. For example, you may choose to provide us PII about yourself by sending us an email, by completing an online form, or by registering for a login and password for the Products we offer. We use this information only to contact you to respond to your inquiry or manage your registered account.
Non-Personally Identifiable Information
33Across automatically receives and records certain Non-PII from all visitors to our Websites, including your IP host address, pages viewed, browser type, the time/date of your visit to this Website, and the referring URL and your computer’s operating system. 33Across uses this Non-PII to help diagnose problems with its server, analyze trends and administer the Website. However, keep in mind that some of this Non-PII could be regarded as “personal data” under the data protection legislation in the European Union and elsewhere.
We use non-personally identifiable browser session cookies and persistent cookies in our Products and on our Website to provide, monitor, analyze, and improve our services. For more information about cookies please visit allaboutcookies.org.
We try and set cookies for first-time visitors to any of the sites that deploy our Technology or Products. If our cookie is already set on your browser, we know you are a returning visitor and log data using your existing cookie. You are always free to configure your browser to decline to receive cookies or clear your cookies, which will result in us treating you as a new visitor every time you encounter our Products on our Client websites. However, in order to stop data collection by 33Across, you have to explicitly opt-out, as described in the next section of this document.
We do not combine information collected through cookies with other PII information you may have provided to us when you registered for our Products or submitted a form through our Website.
Some of our business partners (for example, Google Analytics) or Clients may set or use their own cookies on our Website or through the Products we provide. However, we have no access to or control over these cookies. Some of our business partners may engage in cross-device mapping. In other words, our business partners may link the cookie data we gather to device identifiers concerning the same user. Our business partners may then share the cross-device mapping or other user data with us, for the purpose of personalized advertising.
We use persistent cookies to manage your opt-out status.
You may visit https://optout.33across.com to opt-out of data collection from 33Across. The 33Across Opt-out Tool is cookie-based. In order for the Tool to work on your computer, your browser must be set to accept cookies. Be advised that if you use multiple computers or browsers, you will need to repeat this process for each computer and each browser. If you buy a new computer, change web browsers or clear your 33Across cookies, you will need to perform the opt-out task again.
Opting out does not mean you will no longer receive online advertising. It does mean that 33Across will no longer collect any data associated with your activities on any of our Clients’ websites.
Additionally, 33Across is a member of the Network Advertising Initiative (NAI) and adheres with the NAI’s Code. You may visit optout.networkadvertising.org to find out more about the NAI’s Self-Regulatory Program and to opt out of 33Across and other NAI member company advertising programs.
33Across is a participating company in the European Digital Advertising Alliance and adheres to the Interactive Advertising Bureau (IAB) Europe’s EU Framework for Online Behavioral Advertising. Learn more about online behavioral advertising, additional choices regarding the collection and use of data for online behavioral advertising, and how to file any consumer feedback or complaints with the national advertising Self-Regulatory Organization at http://www.edaa.eu and http://www.youronlinechoices.com.
General Privacy Information
The security of your information is important to us. We take security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include firewalls and encryption, internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems. We restrict data access to a subset of 33Across employees, contractors and agents who need to know that information in order to operate, develop or improve our Products and services. These individuals are bound by confidentiality and data security obligations and may be subject to discipline, including termination, if they fail to meet these obligations.
No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.
We retain contact information submitted by Clients as long as they are actively registered for our Products. Data about users who contact us via our Website is retained as long as their interaction with us is active. Data about inactive Publishers or Website users may be deleted as space requires or in the normal course of business. You can request that your data be removed from our records by contacting us at email@example.com.
We retain non-personally identifiable user activity data collected through our Products for 90 days. Statistical summaries and data aggregations across many users’ activities may be kept for longer periods.
The following disclosure is made pursuant to the California Online Privacy Protection Act: When you use our Website or websites of our Clients, other parties, such as Google, may collect PII about your online activities over time and across different websites or online services.
The Website and Products are hosted in the United States. If you access the Website or Products from the European Union, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure that differ from United States laws, please be advised that through your continued use of the Website or Products, you are transferring your PII and non-PII to the United States and you consent to that transfer. Additionally, you understand that your PII and non-PII may be processed in the United States.
European Economic Area
We comply with the General Data Protection Regulation ( GDPR ) (Regulation (EU) 2016/679 to the extent required for the conduct of our activities when under the GDPR.
Data Controller. 33Across is the data controller of the personal data we process when we serve personalized ads on Client websites and process cookie information about you. Our contact information appears at the bottom of this policy.
EU Representative. Our European representative for purposes of our processing activities is Yuri Burka. If you are within the European Economic Area, you may contact our European representative at firstname.lastname@example.org.
Legal Bases. The legal basis under EU law for collecting and processing your personal data through cookies used in our Products is your explicit consent. The legal basis for disclosures of your personal data to third parties when required by law is our legal obligations to comply with such requirements and our legitimate interests in complying with legal requests from authorities.The legal basis for sharing your personal data with others to investigate, prevent, or take action regarding suspected or actual prohibited activities, is our legitimate interests in enforcing our legal rights and those of other parties. The legal basis for sharing your information to enable a structural change in our operations, is our legitimate interests in business continuity following the structural change.
Data Subject Rights. If you are in the EEA, you have the following rights under the GDPR.
- Right to Access your personal data that we process about you through cookies, and to receive a copy of it.
- Right to Data Portability, that is, to receive the personal data that we process about you through cookies, in a structured, commonly used and machine-readable format. You have the right to transmit this data to another party.
- Right to be Forgotten. You can ask us to erase the personal data we process about you through cookies.
You may exercise the above rights through our automated user access portal, located here.
- Right to Rectify inaccurate personal data we process about you through cookies and to have incomplete personal data completed.
- Right to Restrict processing the personal data we process about you through cookies, if you contest the accuracy of that personal data, for a period enabling us to verify its accuracy; if you believe that the processing is unlawful and you oppose the erasure of the personal data and request instead to restrict its use; if we no longer need the personal data for the purposes outlined in this Policy, but you require them to establish, exercise or defense relating to legal claim.
You also have a right to withdraw your consent to processing your personal data through cookies, at any time. For more information on how to do so, please review the “Opting out” section above. Opting out will not affect the lawfulness of data processing we carried out based on your consent before such withdrawal.
We reserve the right to ask for reasonable evidence to verify your identity before we provide you with information in response to your request to exercise your data subject rights. Where we are not able to provide you with information that you have asked for, we will explain the reason for this. Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in particular in the Member State of your residence, place of work or of an alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here .
Information Relating to Children
Protecting the privacy of children is very important to us. We do not knowingly collect any information from anyone under the age of 13 and no part of our Website or Products are designed specifically to attract people under the age of 13. If we are made aware that we have received any information from anyone under the age of 13, we will use reasonable efforts to remove that information from our records.
Disclosure of Information to Third Parties
We do not rent or share your PII with non-affiliated third parties without your consent. We may, however, share your PII with trusted third party contractors who provide services for us. These third party contractors are prohibited from using the information we provide for purposes other than performing services for us.
We may share Non-PII collected on the Website or via our Technology with unaffiliated third parties. For example, we may disclose that our online advertisements offering ‘sports car’ test drives receive more clicks than those offering ‘Mini Van’ test drives.
We may disclose your information to third parties when we reasonably believe we are obligated to do so by law, and in order to investigate, prevent, or take action regarding suspected or actual prohibited activities, including but not limited to, fraud and situations involving potential threats to the physical safety of any person.
Finally, in the event we are acquired by or merged with a third party entity or undergo another change of control, we reserve the right to transfer information, including any PII and non-PII, to a successor entity. You understand that we may not be able to control how your information is used in the event of such a change of control.
Conditions of Use
Questions or Comments?
Attn: Privacy Officer
229 West 28th Street, 12th Fl.
New York, NY 10001
Effective date of policy: [August 7, 2019]