“Company“, “Clinch” or “We“, as used in this policy, means: (i) if you are based in the US or North America, Clinch US Inc., and (ii) if you are based outside of the US or North America, Clinch Labs Ltd.
Company is at all times in connection herewith deemed a data processor under the GDPR, to the extent applicable. In that case, Company’s customer (advertisers and publishers) will be a data controller under the GDPR and will be responsible to obtain the data subject’s consent or establish any other applicable lawful basis for processing and to ensure that data subjects can exercise their rights set forth in Section 8 below.
WE DEFINE “PII” TO MEAN ANY INFORMATION RELATING TO AN IDENTIFIED OR IDENTIFIABLE NATURAL PERSON; AN IDENTIFIABLE NATURAL PERSON IS ONE WHO CAN BE IDENTIFIED, DIRECTLY OR INDIRECTLY, IN PARTICULAR BY REFERENCE TO AN IDENTIFIER AS DETERMINED UNDER APPLICABLE LAW.
YOU ARE NOT LEGALLY REQUIRED TO PROVIDE US VIA THE DATA CONTROLLER WITH PII, HOWEVER, IN THESE CASES, IF YOU CHOOSE TO WITHHOLD OR DELETE ANY PII REQUESTED BY US, IT MAY DEROGATE FROM THE OPTIMIZATION OF SERVICES WE PROVIDE THE DATA CONTROLLER FOR YOU.
In light of the importance of privacy, the Company stays updated regarding privacy laws and regulations and accordingly went through Regulation (EU) 2016/679 (General Data Protection Regulation) (“GDPR”) and California Consumer Privacy Act of 2018 (“CCPA”) readiness process.
The summary of Company’s processing activities pursuant to the GDPR is as set forth below. The rights of data subjects pursuant to the GDPR are set forth in Section 9 below. Company transfers PII pursuant to the GDPR as set forth in Sections 5 and 12 below.
The rights of California residents under the CCPA are set forth in Section 14 below.
Clinch participates in the IAB Europe Transparency & Consent Framework (TCF) and complies with its Specifications and Policies. Clinch’s vendor id number within the framework is 767.
PII We Collect. In order to provide and improve our Services, we may collect user information. In addition, we may collect communications you send us and aggregate data. We also automatically collect and record PII such as IP address, cookie information, type of browser and technical information.
How We Use Your PII. We use PII for purposes set forth in Section 1.3 below.
Links. The Services may contain links to other services, sites and applications via clickthrough URLs in the advertisements that are subject to their own privacy and data protection policies.
Children. We do not intend to collect PII from anyone we know to be under 18 years old. If you believe that we might have collected such information, please contact us.
PII Sharing. We grant access to PII to our affiliates, agent representatives and third-party providers. In addition, we may share PII if required for the provision, maintenance and improvement of the Services; to satisfy applicable law; when permitted by you; to prevent fraud or harm; for processing PII on our behalf; or in the event of a merger, acquisition or other structural change or form of sale of part or all of our assets.
PII Security. We follow generally accepted industry standards to protect against unauthorized access, alteration, disclosure or destruction of PII, however, we cannot guarantee its absolute security. We keep PII only for as long as reasonably necessary to fulfill a legitimate business need or to comply with any applicable legal or ethical reporting or document retention requirements.
Data Integrity. We process PII only for the purposes for which it was collected and take reasonable steps to ensure that the PII we process is accurate, complete and current.
Your Rights. You may contact the controller and request to exercise your rights in accordance with applicable law. If you are a data subject who interacted with one of our advertisements, you will need to contact the controller on behalf of whom we placed the advertisement. For more details, see Section 8 below.
Enforcement. We will cooperate with the appropriate regulatory authorities to resolve any formal written complaints regarding processing of PII that cannot be resolved between us and the complaining individual.
Consent to Processing and Transferring of PII. PII may be stored and processed in a country outside the country of the data subject’s residence or from which there’s access to the Services. Transfers of PII outside the European Economic Area will comply with applicable laws.
California Residents. California residents have specific rights under the California Consumer Privacy Act. For more details, see Section 13 below.
Do Not Track Notices. We do not respond to Do Not Track signals.
Opt-Out. If data subjects prefer not to receive interest-based advertising, they can opt-out from such a feature. For more details, see Section 15 below.
1. PII We Collect and How We Use It. In order to provide and improve our Services to our customers, we may collect the following types of PII:
1.1. User Information we collect: When the data subject is exposed to our Services, we may automatically receive and record information such as:
1.1.1. IP address
1.1.2. Any type of device advertising ID (like IDFA/ADID)
1.1.3. Cookie information,
1.1.4. Browser type & device type
1.1.5. Regional and language settings
1.1.6. The physical location of the device (if you have permitted your location-aware device to transmit location data) – location data is used in real-time but not stored.
1.1.7. Network connection type (WiFi / Cellular) and ISP
1.1.8. Other software and hardware attributes
1.1.9. Your pages you visited on the advertiser websites/apps we serve.
1.1.10. Your engagements with the ads we serve.
1.2. User Information we receive from our clients (advertisers):
1.2.1. Our clients might send us information about the data subject’s inclusion in audience segments, whether directly or via their vendors.
1.2.2. The Advertiser is the data controller and as such, responsible for the data subject’s consent.
1.3. Purposes of collecting and processing:
1.3.1. Serve Basic ads.
1.3.2. Serve Localized ads.
1.3.3. Serve personalized ads according to your prior engagement with the advertiser digital assets or ads.
1.3.4. Measure campaign performance
1.3.5. Perform conversion attribution (including combining data with offline data sources)
1.3.6. Security & Fraud detection
1.3.7. Product improvements.
1.3.8. Link different devices
1.4. Third Parties. Clinch may collect/use PII about the data subjects from third parties as follows:
1.4.1. Identity and cross device providers in order to build pseudonymous identity graphs.
1.4.2. Data management platforms in order to enrich and augment data subject’s data for ad decision making.
1.4.3. Conversions & Attribution providers, in order to measure campaigns and ads effectiveness as well as ad decisions.
2. Cookies. In order to collect/use the data described herein we use persistent cookies that remain on the data subject’s cookies file on your browser until the cookies are removed via your browser’s settings, in order to manage and maintain the Services and record your exposure to the Services and content the data subject may have gained access to. Cookies by themselves cannot be used to discover the identity of the data subject. A cookie is a small piece of information which is sent to and stored on the data subject’s computer. Cookies do not damage the data subject’s computer. Most browsers allow the data subject to block cookies, but the data subject may not be able to use some features on the Services if it blocks them. The data subject may set most browsers to notify it if cookies are received (this enables the data subject to decide if it wants to accept it or not).
We may also use web beacons via the Services to collect/use PII. Web beacons or “gifs” are electronic images that may be used in our Services. We use Web beacons to deliver cookies and to record events of any kind. Our systems use cross-device linking technologies in order to provide our services and purposes mentioned above to the same user across different devices, applications and sites.
3. Links. Links to third party services/sites (including advertisers) and applications may be provided by the Company as a click-through in the ads. The Company is not responsible for the privacy practices, or the content of other sites and applications and you visit them at your own risk. This privacy statement applies solely to PII collected/used by us.
4. Children. The Services are not intended or designed to attract children under the age of 18. The Company will not knowingly provide the services to children under the age of 18 without said parental consent and do not intentionally gather, collect/use or share PII from children under the age of 18. If you have reason to believe that a child has engaged with our services, please contact the respective advertiser or the respective publisher where ad was shown.
5. PII Sharing. Except for de-identified and aggregate information, which we control, we are merely the processors of the data subject’s PII on behalf of advertisement brokers, publishers and advertisers who serve the advertisements with which you interacted on the Services (e.g. by personalizing creative based on PII). They collect/use and process the data subject’s PII. We require them to do so in accordance with applicable law, but we do not control their actions and therefore the data subjects are advised to review their privacy policies. As part of providing the Services, our affiliates, agents representatives and third-party providers may have access to PII. The Company may also share PII in the following circumstances: (a) as required for the provision, maintenance and improvement of the Services; (b) when permitted by you; (c) if we become involved in a reorganization, merger, consolidation, acquisition, or any form of sale of some or all of our assets; (d) to satisfy applicable law or prevention of fraud or harm or to enforce applicable agreements and/or their terms, including investigation of potential violations thereof; (e) to ensure security and for purposes of debugging; and/or (f) for processing the PII on our behalf. We require that our affiliates or other trusted businesses or persons processing the PII on our behalf agree to process such PII based on our instructions and in compliance with this policy and any other appropriate confidentiality and security measures.
6. PII Security and Retention. We follow generally accepted industry standards to protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of PII. We keep your PII only for as long as reasonably necessary to fulfill a legitimate business need or to comply with any applicable legal or ethical reporting or document retention requirements. We retain advertising-related user PII, as mentioned in Section 1 above, for up to eighteen (18) months. Cookies set via the Services expire within two (2) years.
7. Data Integrity. The Company processes PII only for the purposes for which it was collected/used and in accordance with this policy or any applicable service agreements. We review our data collection/usage, storage and processing practices to ensure that we only collect/use, store and process the PII needed to provide or improve our Services. We take reasonable steps to ensure that the PII we process is accurate, complete, and current, but we depend on our clients to update or correct their consumers PII whenever necessary. Nothing in this policy is interpreted as an obligation to store PII, and we may, at our own discretion, delete or avoid recording and storing any and all information.
8. Rights of Data Subjects.
8.1 Right of Access and Rectification. Data subjects have the right to know what PII we collect about them and to ensure that such data is accurate and relevant for the purposes for which we collected it. We allow data subjects the option to access and obtain a copy of their PII and to rectify such PII if it is not accurate, complete or updated.
8.2 Right to Delete PII or Restrict Processing. Data subjects have the right to delete their PII or restrict its processing. We may postpone or deny such a request if the PII is in current use for the purposes for which it was collected or for other legitimate purposes such as compliance with legal obligations.
8.3 Right to Withdraw Consent. Data subjects have the right to withdraw their consent to the processing of their PII. Exercising this right will not affect the lawfulness of processing the PII based on consent obtained before its withdrawal.
8.4 Right of Data Portability. Where technically feasible, data subjects have the right to ask to transfer their PII in accordance with their right to data portability, if required pursuant to applicable law.
Data Subjects may exercise the above rights by sending a request to the data controller.
8.5 Right to Lodge Complaint. Data subjects also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of their PII.
9. Enforcement. The Company regularly reviews its compliance with this policy. Please feel free to direct any questions or concerns regarding this policy or our treatment of PII by contacting us at email@example.com. When we receive formal written complaints, it is the Company’s policy to contact the complaining user regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of PII that cannot be resolved between the Company and an individual.
11. Legal Justification and Consent To Processing.
11.2. When Company processes PII on behalf of its customers (e.g., in connection with ads and campaigns), Company is a data processor. In that case, Company’s customer will be a data controller, and will be responsible to obtain the data subject’s consent or establish any other applicable lawful basis for processing and we rely on our contractual relationship with the controller (i.e. our customer/ business provider).
12. Questions. If you have any questions about this policy or concerns about the way we process your PII, please contact us at firstname.lastname@example.org.
13. California Residents. California residents have specific rights under the CCPA. Please note that Company is not the ‘Business’ as defined under the CCPA but rather a ‘Service Provider’ and therefore the ‘Business’ is responsible for ensuring that such rights can be exercised by consumers.
14. Do Not Track Notices. You are also advised that Company does not respond to “Do Not Track” signals, but the Company complies with the TCF framework (see section 16.2 below).
15.1. Clinch Opt-Out Mechanism. Data subjects who prefer not to receive interest-based advertising, can opt-out here. If a data subject opts-out, Clinch will set a cookie on its browser that tells Clinch not to tailor ads to its interests or past engagements. Opting out does not mean the data subject will not be served advertisements by Clinch, but the advertisements we serve will be less relevant to its interests (although they are optimized based on statistics). Please note that the opt-out cookie only applies to the computer and browser where it is set.
15.2. TCF (Transparency & Consent Framework) Mechanism. Clinch participates in the IAB Europe Transparency & Consent Framework and honors the consent/opt-in data (privacy string) down streamed from the advertiser and publisher’s digital assets (websites) according to the framework specification.
15.3. Mobile Opt-Out. Data subjects may also limit ad tracking in mobile app environments on their devices. For the most effective and up-to-date methods for doing so, you may consult https://www.networkadvertising.org/mobile-choice.
Last Date Updated: May 15, 2023.