CLINCH PRIVACY POLICY (FOR ADVERTISERS CONSUMERS AND AD VIEWERS)
This privacy policy describes the personal information Clinch collects and processes in respect of visitors of various third party websites, applications and other online media on which Clinch provides advertising and measurement services to advertisers or in respect of which it collaborates with publishers.
IMPORTANT: BY VISITING OUR CUSTOMERS’ DIGITAL ASSETS (WEBSITES OR APPS) OR VIEWING OR ENGAGING WITH THE ADVERTISEMENTS WE SERVE ON BEHALF OF ADVERTISERS (“ENGAGEMENT” AND THE “CONTENT“, RESPECTIVELY) YOU (“YOU“) CONSENT TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY AND CONSENT THAT ALL PII (DEFINED BELOW) THAT IS PROCESSED OR COLLECTED/USED THROUGH OR IN CONNECTION WITH THE CONTENT WILL BE PROCESSED BY THE COMPANY (DEFINED BELOW) AND ITS AFFILIATES IN THE MANNER AND FOR THE PURPOSES DESCRIBED IN THIS PRIVACY POLICY; FOR DATA SUBJECTS SUBJECT TO THE GDPR (AS DEFINED BELOW), SEE THE LEGAL BASIS IN SECTION 12 BELOW.
“Company“, “Clinch” or “We“, as used in this policy, means: (i) if you are based in the US or North America, Clinch US Inc., and (ii) if you are based outside of the US or North America, Clinch Labs Ltd.
Company is at all times in connection herewith deemed a data ‘processor’ under the GDPR, and ‘service provider’ under US State Laws such as the CCPA (as defined below), to the extent applicable. In that case, Company’s customer or business affiliate (i.e. advertisers and publishers) will be a data ‘controller’/ ‘business’ under the GDPR and CCPA respectively, and will be responsible to obtain the data subject’s consent or establish any other applicable lawful basis for processing and to ensure that data subjects can exercise their rights set forth in Section 9 below.
WE DEFINE “PII” TO MEAN ANY INFORMATION RELATING TO AN IDENTIFIED OR IDENTIFIABLE NATURAL PERSON; AN IDENTIFIABLE NATURAL PERSON IS ONE WHO CAN BE IDENTIFIED, DIRECTLY OR INDIRECTLY, IN PARTICULAR BY REFERENCE TO AN IDENTIFIER AS DEFINED UNDER APPLICABLE LAW.
YOU ARE NOT LEGALLY REQUIRED TO PROVIDE US WITH PII, HOWEVER, IN THESE CASES, IF YOU CHOOSE TO WITHHOLD OR DELETE ANY PII REQUESTED BY US, THE CONTENT MAY NOT BE PERSONALIZED OR LOCALIZED FOR YOU.
In light of the importance of privacy, the Company stays updated regarding privacy laws and regulations and accordingly went through readiness process with Regulation (EU) 2016/679 (General Data Protection Regulation) as well as section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018 and Swiss Federal Act on Data Protection 1992 (“GDPR”); US state privacy laws, such as the California Consumer Privacy Act of 2018, as amended by the California Consumer Privacy Rights Act (“CCPA”), the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act, the Connecticut Data Privacy Act and the Utah Consumer Privacy Act.
The summary of Company’s processing activities is as set forth below. The rights of data subjects pursuant to applicable laws are set forth in Section 9 below. Company discloses PII as set forth in Sections 5 and 12 below.
The rights of data subjects under US State laws, such as California residents under the CCPA, are set forth in Section 14 below.
Clinch participates in the IAB Europe Transparency & Consent Framework (TCF) and Transparency and Consent Framework (TCF) for Canada and complies with its Specifications and Policies. Clinch’s vendor id number within the framework is 767.
PII We Collect. In order to provide and improve our Services, we may collect visitor information. In addition, we may collect communications you send us and aggregate data. We also automatically collect and record PII such as IP address, cookie information, type of browser and technical information.
How We Use Your PII. We use PII for purposes related to ad serving, ads decisioning, campaign optimization, localization and personalization of ad content, campaigns performance reporting and attribution, improve our services, security and fraud detection.
Cookies and Web Beacons. We use cookies to collect the information described in this Privacy Policy for the purposes set forth in the previous paragraph above. We may also use web beacons. Third party cookies and web beacons are also made available through the Content, per the advertiser’s instructions for purposes determined by the advertiser as a controller/ business.
Links. The Services may contain links to other services, sites and applications via clickthrough URLs in the advertisements that are subject to their own privacy and data protection policies.
Children. We do not intend to collect PII from anyone we know to be under 18 years old. If you believe that we might have collected such information, please contact us.
Disclosure of PII. We grant access to PII to our affiliates, agent representatives and third party providers, all as instructed by the data controller/ business. In addition, we may disclose PII if required for the provision, maintenance and improvement of our services; to satisfy applicable law; when permitted by you; to prevent fraud or harm; for processing PII on our behalf; or in the event of a merger, acquisition or other structural change or form of sale of part or all of our assets.
PII Security. We follow generally accepted industry standards to protect against unauthorized access, alteration, disclosure or destruction of PII, however, we cannot guarantee its absolute security. We keep PII only for as long as reasonably necessary to fulfill a legitimate business need or to comply with any applicable legal or ethical reporting or document retention requirements.
Data Integrity. We process PII only for the purposes for which it was collected and take reasonable steps to ensure that the PII we process is accurate, complete and current. However, we depend on you to rectify your PII when necessary.
Automated Decision-Making and Profiling. In order to provide the Content as personalized and localized ads and serve the advertiser’s ad campaign, we use automated decision-making and profiling for the following purpose: to decide, based on the profiling of your prior engagements with ads and the advertiser and other PII, the content of the ad and to perform attribution.
Your Rights. You may contact the controller/ business and request to exercise your rights in accordance with applicable law. If you are a data subject who interacted with one of our advertisements, you will need to contact the controller/ business on behalf of whom we placed the advertisement. For more details, see Section 9 below.
Enforcement. We will cooperate with the appropriate regulatory authorities to resolve any formal written complaints regarding processing of PII that cannot be resolved between us and the complaining individual.
Consent to Processing and Transferring of PII. PII may be stored and processed in a country outside the country of the data subject’s residence or from which there’s access to the Services. Transfers of PII outside the European Economic Area will comply with applicable laws.
Residents of some US States, such as California and Virginia. Residents of US States that promulgated specific State consumer privacy protection laws have specific rights. For more details, see Section 14 below.
Do Not Track Notices. We do not respond to Do Not Track signals.
Opt-Out. If data subjects prefer not to receive interest-based advertising, they can opt-out from such feature. For more details, see Section 16 below.
1. PII We Collect and How We Use It. In order to provide the Content and provide our services, improve our services and in order to personalize the Content, we may collect the following types of PII:
1.1. Visitor Information we collect: When a data subject Engages the Content, we may automatically receive and record information such as:
1.1.1. IP address;
1.1.2. Any type of device advertising ID (like IDFA/ADID);
1.1.3. Cookie information;
1.1.4. Browser type & device type;
1.1.5. Regional and language settings;
1.1.6. The physical location of the device (if you have permitted your location-aware device to transmit location data) – location data is used in real-time but not stored;
1.1.7. Network connection type (WiFi/ cellular carrier) and ISP;
1.1.8. Other software and hardware attributes;
1.1.9. Your pages you visited on the advertiser websites/apps we serve;
1.1.10.Your engagements with the ads we serve;
1.2. Visitor Information we receive from our clients (advertisers):
1.2.1. Our clients might send us information about the data subject’s inclusion in audience segments, whether directly or via their vendors;
1.2.2. The Advertiser is the data controller/ business and as such, responsible for the data subjects consent;
1.3. Purposes of collecting and processing:
1.3.1. Serve Basic ads;
1.3.2. Serve Localized ads;
1.3.3. Creating a profile of the data subject for personalization and attribution, based on pseudonymous online identifier, separately per advertiser;
1.3.4. Personalize and localize ads;
1.3.5. Serve personalized ads according to your prior engagement with the advertiser digital assets or ads;
1.3.6. Measure campaign performance;
1.3.7. Perform conversion attribution (including combining data with offline data sources);
1.3.8. Security & Fraud detection;
1.3.9. Product improvements;
1.3.10.Link different devices;
1.4. Third Parties. Clinch may collect/use PII about the data subjects from third parties as follows:
1.4.1. Identity and cross device providers in order to build pseudonymous identity graphs;
1.4.2. Data management platforms in order to enrich and augment data subject’s data for ad decision making;
1.4.3. Conversions & Attribution providers, in order to measure campaigns and ads effectiveness as well as ad decisions;
2. Cookies. In order to collect/use the data described herein we use persistent cookies that remain on the data subject’s cookies file on your browser until the cookies are removed via your browser’s settings, in order to manage and maintain the serving and personalization of the Content and our services and record your Engagement with the Content. We also use cookies in order to provide personalization when the advertiser uses retargeting. Cookies by themselves cannot be used to discover the identity of the data subject. A cookie is a small piece of information which is sent to and stored on the data subject’s computer. Cookies do not damage the data subject’s computer. Most browsers allow the data subject to block cookies but the data subject may not enjoy personalization and localization of ads if it blocks them. The data subject may set most browsers to notify it if cookies are received (this enables the data subject to decide if it wants to accept it or not).
We may also use web beacons with the Content to collect/use PII. Web beacons or “gifs”, are electronic images that may be used in the Content. We use Web beacons to deliver cookies and to record events of any kind (such as impressions, clicks etc.). We also make available third party tracking technologies, such as cookies and web beacons, from various third party providers as instructed by the advertiser, for purposes determined by the advertiser as a controller/ business. Our systems use cross-device linking technologies in order to provide our services and purposes mentioned above to the same visitor across different devices, applications and sites.
If you wish to opt-out from our personalization and localization of ad Content, please see Section 16 below.
3. Links. Links to third party services/sites (including advertisers) and applications may be provided by the Company as a click-through in the ads. The Company is not responsible for the privacy practices or the content of other sites and applications and you visit them at your own risk. This privacy statement applies solely to PII collected/used by us.
4. Children. The Content is not intended or designed to attract children under the age of 18. The Company will not knowingly provide the Content to children under the age of 18 without said parental consent and do not intentionally gather, collect/use or disclose PII of children under the age of 18. If you have reason to believe that a child has engaged with the Content, please contact the respective advertiser or the respective publisher where ad was shown.
5. Disclosure of Data. Except for de-identified and aggregate information, which we control, we are merely the processor/ service provider of the data subject’s PII on behalf of advertisement brokers, publishers and advertisers who serve the advertisements with which you interacted on the Content (e.g. by personalizing creative based on PII). We require them to do so in accordance with applicable law, but we do not control their actions and therefore the data subjects are advised to review their privacy policies. As part of providing the Content, our affiliates, agents representatives and third party providers may have access to PII. The Company may also disclose PII in the following circumstances: (a) as required for the provision, maintenance and improvement of our services; (b) when permitted by you; (c) if we become involved in a reorganization, merger, consolidation, acquisition, or any form of sale of some or all of our assets; (d) to satisfy applicable law or prevention of fraud or harm or to enforce applicable agreements and/or their terms, including investigation of potential violations thereof; (e) to ensure security and for purposes of debugging; and/or (f) for processing the PII on our behalf. We require that our affiliates or other trusted businesses or persons processing the PII on our behalf agree to process such PII based on our instructions and in compliance with this policy and any other appropriate confidentiality and security measures.
6. PII Security and Retention. We follow generally accepted industry standards to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of PII. We keep your PII only for as long as reasonably necessary to fulfill a legitimate business need or to comply with any applicable legal or ethical reporting or document retention requirements. We retain advertising-related visitor PII, as mentioned in Section 1 above, for up to eighteen (18) months. Cookies set via the Content expire within two (2) years.
7. Automated Decision-Making and Profiling. In order to provide the Content as personalized and localized ads and serve the advertiser’s ad campaign, we use automated decision-making and profiling for the following purpose: to decide, based on the profiling of your prior engagements with ads and the advertiser and other PII, the content of the ad and to perform attribution.
8. Data Integrity. The Company processes PII only for the purposes for which it was collected/used and in accordance with this policy or any applicable service agreements. We review our data collection/usage, storage and processing practices to ensure that we only collect/use, store and process the PII needed to provide or improve our services. We take reasonable steps to ensure that the PII we process is accurate, complete, and current, but we depend on our clients to update or correct their consumers PII whenever necessary. Nothing in this policy is interpreted as an obligation to store PII, and we may, at our own discretion, delete or avoid from recording and storing any and all information.
9. Rights of Data Subjects.
9.1. Right of Access and Rectification. Data subjects have the right to know what PII we collect about them and to ensure that such data is accurate and relevant for the purposes for which we collected it. We allow data subjects the option to access and obtain a copy of their PII and to rectify such PII if it is not accurate, complete or updated. However we may first ask data subjects to provide us certain identifiers in order to enable us to identify their PII.
9.2. Right to Delete PII or Restrict Processing. Data subjects have the right to delete their PII or restrict its processing. We may postpone or deny such request if the PII is in current use for the purposes for which it was collected or for other legitimate purposes such as compliance with legal obligations.
9.3. Right to Withdraw Consent. Data subjects have the right to withdraw their consent to the processing of their PII. Exercising this right will not affect the lawfulness of processing the PII based on consent obtained before its withdrawal.
9.4. Right of Data Portability. Where technically feasible, data subjects have the right to ask to transfer their PII in accordance with their right to data portability, if required pursuant to applicable law.
Data Subjects may exercise the above rights by sending a request to the data controller/ business (i.e. the advertiser of the Content). You may contact us at privacy@clinch.co and we will forward your query to the controller/ business.
9.5. Right to Lodge Complaint. Data subjects also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of their PII.
10. Enforcement. The Company regularly reviews its compliance with this policy. Please feel free to direct any questions or concerns regarding this policy or our treatment of PII by contacting us at privacy@clinch.co. When we receive formal written complaints it is the Company’s policy to contact the complaining visitor regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of PII that cannot be resolved between the Company and an individual.
11. Changes to This Privacy Policy. The Company may update this policy. We will notify you about significant changes in the way we treat PII by placing a prominent notice on our website. We encourage you to periodically review this policy for the latest information about our privacy practices. Our customers and business partners will be notified of such changes and are responsible to inform their data subjects.
12. Legal Basis and Consent To Processing.
12.1. All visitors, including, without limitation, visitors from the United States, Israel and member states of the European Union, fully understand and unambiguously consent to this Privacy Policy and to the collection and processing of such PII abroad. The server on which the Content is hosted and/or through which the Content and PII are processed may be outside the country from which you access the Content and may be outside your country of residence. Some of the uses and disclosures mentioned in this Privacy Policy involve the transfer of your PII to various countries around the world that may have different levels of privacy protection than your country and will be transferred outside of the European Economic Area. If there is a transfer of your PII outside the EEA we will, in the absence of an EC Adequacy decision relevant to the destination country or to the transfer, seek to rely on appropriate safeguards such as entering into appropriate EC approved standard contractual clauses (see http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm). By submitting your PII through the Content, you consent, acknowledge, and agree that we will collect, use, transfer, and disclose your PII as described in this Privacy Policy.
12.2. Company is a data processor/ service provider in respect of providing the Content. The controller/ business is Company’s customer, which is the advertiser, and in some cases also the publisher on whose online digital asset the Content is made available. As controllers/ businesses they are responsible to obtain the data subject’s consent or establish any other applicable lawful basis for processing and also to fulfill the data subject rights (e.g. opt-out, right to be forgotten, right to know etc.). We rely on our contractual relationship with the controller/ business.
13. Questions. If you have any questions about this policy or concerns about the way we process your PII, please contact us at privacy@clinch.co.
14. US State Laws.
14.1. Residents of US States that promulgated specific State privacy laws, such as California and Virginia are entitled to specific rights under such laws, such as the CCPA and the VCDPA. Please note that Company is not the ‘Business’ as defined under the CCPA and other similar laws, but rather a ‘Service Provider’ and therefore the ‘Business’ is responsible for ensuring that such rights can be exercised by consumers, which is the advertiser.
14.2. Selling and Sharing. For example, California and Virginia residents have the right to opt out of the sale of their PII. California residents also have the right to opt out of the sharing of their PII for cross-context behavioral advertising. We do not sell your PII or share it with third parties for cross context behavioral advertising; we provide it only to the ‘Business’ pursuant to its prerogative. However, if you wish to opt-out of interest-based advertising from Clinch you can do so in Section 16 below.
14.3. Sensitive PII. Clinch does not collect, use, or disclose PII we believe to be sensitive under applicable laws.
14.4. Non-Discrimination. Certain State Privacy Laws prohibit discrimination against their residents for exercising their rights under applicable state laws. The goods or services are provided by the advertiser at its prerogative as the ‘Business’ and therefore the advertiser must ensure that no discrimination takes place.
14.5. Financial Incentives. We do not offer financial incentives for the collection, sale, or deletion of PII.
15. Do Not Track Notices. Some browsers send “Do Not Track” signals. This feature is not all uniform. You are advised that Company does not respond to “Do Not Track” signals, but the Company complies with the TCF framework (see section 16.2 below).
16. Opt-Out.
16.1. Clinch Opt-Out Mechanism. Data subjects who prefer not to receive interest-based advertising, can opt-out here. If a data subject opts-out, Clinch will set a cookie on its browser that tells Clinch not to tailor ads to its interests or past engagements. Opting-out does not mean the data subject will not be served advertisements by Clinch, but the advertisements we serve will be less relevant to its interests (although they are optimized based on statistics). Please note that the opt-out cookie only applies to the computer and browser where it is set.
16.2. TCF (Transparency & Consent Framework) Mechanism. Clinch participates in the IAB Europe Transparency & Consent Framework and honors the consent/opt-in data (privacy string) down streamed from the advertiser and publishers digital assets (websites) according to the framework specification.
16.3. Mobile Opt-Out. Data subjects may also limit ad tracking in mobile app environments on their devices. For the most effective and up-to-date methods for doing so, you may consult https://www.networkadvertising.org/mobile-choice.
Last Date Updated: March 6, 2024.
