Last Updated: June 4, 2019
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
AreaMetrics participates in and has certified its compliance with the EU-U.S. and the Swiss-US Privacy Shield Framework. AreaMetrics is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list.
AreaMetrics is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. AreaMetrics complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, AreaMetrics is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, AreaMetrics may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Privacy of Children
Protecting the privacy of children is especially important. For that reason, AreaMetrics does not knowingly collect any Personal Information from anyone under the age of 13. In no other way do we knowingly collect or maintain personally identifiable information from persons under 13 years of age, and no part of our Website is directed to persons under 13. If AreaMetrics learns that Personal Information of persons under 13 years of age has been collected through its Website or a Mobile Product, then AreaMetrics will take the appropriate steps to delete this information.
Information Collection and Use
- Information you Provide: You are not required to register or actively provide any Personal Information in order to browse our Website and learn more about our company, our products and our technology. We may actively collect Personal Information from you when you voluntarily provide it to us, and it is needed to provide you a service. For example, we will collect your email address if you provide it and want to subscribe to our newsletter.
- Browser-Level Information: When you browse our Website or use any of our Mobile Products, our web server automatically collects limited information about your computer configuration or device or, such as the type of browser software you use and the operating system you’re running and your IP address.
- Non-directly identifying Personal Information: AreaMetrics does log these types of information which may include IP address, profile information, browser type, browser language, referring / exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, from users and visitors to the Website and the type of mobile device you use, the IP address of your mobile device, your mobile operating system, and the type of mobile browsers you use. This data is used to manage our Website, including diagnosing problems with our Website, track usage and improve the Website. User IP addresses are recorded for security and monitoring purposes.
- Personally-Identifiable Information: We do not store Personal Information through our Mobile Products.
- Automatically Collected Information: Other Non-directly identifying Personal Information When you use any of our Mobile Products, we automatically collect limited information about your computer configuration or device, such as the operating system the device is running and its IP address. AreaMetrics does log non-directly identifying Personal Information which may include IP address, profile information, browser type, browser language, platform type, domain names, the type of mobile device you use, the IP address of your mobile device, your mobile operating system, identifierForVendor and the type of mobile browsers you use. This data is used to manage the Mobile Product, including diagnosing problems with the Mobile Product, track usage, and improve the Mobile Product.
- Mobile Advertising Identifiers: Both the Android and iOS mobile operating systems provide transient, resettable, and unique identifiers for the purposes of advertising; these are known as the Android Advertising ID and the Apple Identifier for Advertising (IDFA). Both identifiers have policies governing appropriate use, which the Mobile Products respect. The most important aspect of acceptable use of identifiers is respecting your ability to opt-out of its use. AreaMetrics collects these identifiers whenever the Mobile Products communicate with our server, if you have allowed your device to use these identifiers. These identifiers are considered to be non-directly identifying, can be reset and are randomly generated.
- Location Data: By opting in to share your location data, the Mobile Product also allows us to collect information regarding your location, or the location of your device, by using GPS coordinates provided by your mobile device, or if you come within proximity of a Bluetooth Low Energy (BLE) device such as a beacon (“Location Data”). When any of our Mobile Products is open on your mobile device, we periodically receive Location Data. Most GPS-enabled mobile devices can identify a user’s location to within less than 50 feet. You can opt-out of our collection of such Location Data by turning off the GPS capability of your mobile device and rejecting our request to collect such data upon installation of the Mobile Product. If following installation of the Mobile Product, you wish to opt out of the collection of Location Data, you can change the preferences on your mobile device (by turning off the GPS capability for the Mobile Product) or by uninstalling the Mobile Product. If you choose not to permit the Mobile Product to collect such Location Data, certain of the Publisher’s services may not be available to you. AreaMetrics stores Location Data, and Location Data is passed through to the service providers and partners, including ad networks, ad serving companies and third party information providers, as described below.
- Aggregate Information Used to Serve and Target Ads: We may aggregate the information we collect from users of our Mobile Products and use this to target ads on digital out-of-home screens. Additionally, we may use information we collect from users of our Mobile Products to obtain consumer data (Third Party Data) from third parties (Third Party Data Providers); this is described in the next section. When we aggregate your information, no directly identifying personal information is included.
- Aggregate Information Used for Location Analytics: We may aggregate the information we collect from users of our Mobile Products and Third Party Data for reporting and analytics purposes. This is the same data we use to serve and target advertising, and follows the same restrictions and guidelines. Location Analytics refers to the process of aggregating, packaging, and visualizing this data for particular physical locations.
- Mobile Analytics: We use mobile analytics software to allow us to better understand the functionality of our Mobile Software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application.
- Opt-Out of Information Collection: You can stop all collection of information by emailing firstname.lastname@example.org.
AreaMetrics collects information under the direction of the Publishers, and has no direct relationship with the individuals whose personal data it processes. If you are a customer of one of our Publishers and would no longer like to be contacted by one of our Publishers that use our service, please contact the Publishers that you interact with directly. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Publishers.
An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the AreaMetrics’ Publisher (the data controller). If requested to remove data we will respond within a reasonable timeframe.
We will retain personal data we process on behalf of the Publishers for up to ten years to provide services to the Publishers. AreaMetrics will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Disclosure and Sharing of Information
- We may disclose your personal information to our service providers who work on behalf of AreaMetrics, including to provide our Website or the Mobile Product or fulfill user requests such as demographics databases. However, these companies are not allowed to share this information or to use it for their own purposes. These companies are authorized to use your personal information only as necessary to provide these services to us.
- We may disclose your Mobile Advertising Identifiers to Third Party Data Providers for the purposes of acquiring additional consumer data. The Mobile Advertising Identifier acts as an index that can be used across datasets, similar to how cookies are utilized. These Third Parties have their own privacy policies that govern the use of the data they collect, which we do not control.
- We may disclose your Location Data to third parties for the purposes of providing targeted advertisements and information our advertising partners believe may be of relevance and interest to you; these third parties include but are not limited to ad networks and ad serving companies. Advertising helps us provide the Mobile Product and helps our Publishers provide free services and content. You can opt-out of our collection of such Location Data by turning off the GPS capability of your mobile device and rejecting the request to collect such data upon installation of the Mobile Product or by emailing the Publisher to request opt-out on collecting such information.
- We may disclose your Data to third parties to provide you with targeted information as requested by you. For example, we will provide your Location Data to a third party partner so that they can provide you with location specific advertising.
- We may disclose your Non-directly identifying Personal Information, which may include your IP address and as part of an aggregate data set to third parties for the purposes of providing targeted advertisements and information our advertising partners believe may be of relevance and interest to you.
- We may disclose your personal information to lawful requests by public authorities, including to meet national security or law enforcement requirements, to comply with legal requirements or to respond to a subpoena, search warrant or other legal process or government request received by AreaMetrics, whether or not a response is required by applicable law.
- We may disclose your personal information to enforce our rights in our Website and Mobile Products or to protect the rights, property or safety of members of the AreaMetrics community, our Publishers, other visitors to our Mobile Products, the public, or AreaMetrics and its employees.
- As our business grows, we may buy or sell various assets. In the event that AreaMetrics or some or all of our assets are acquired by another company, our users’ personal information may be among the transferred assets. You will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information. We may also disclose your personal information to any other third party with your prior consent.
- In the event that AreaMetrics goes through a bankruptcy, reorganization, receivership or similar event, you understand and agree that we may not be able to control how your personal information collected by us is treated, transferred or used.
General Data Protection Regulation (“GDPR”)
As of May 25, 2018, the EU General Data Protection Regulation (“GDPR”) went into effect through the EEA countries and Switzerland. The GDPR requires that companies provide users with certain information about the processing of their “Personal Data.” “Personal Data” is a term used in Europe that means, generally, data that identifies or can identify a particular unique user or natural person – for instance, names, addresses, cookie identifiers, mobile device identifiers, precise location data and biometric data.
To comply with GDPR, we provide the below representations and information, which are specific to persons located in EEA countries or Switzerland (so please don’t rely on the below, if you’re not):
a. Legal grounds for processing your Personal Data
GDPR requires us to tell you about the legal basis we’re relying on to process any Personal Data about you. The legal basis for us processing your Personal Data for the purposes set out in the section entitled Information Collection and Use will typically be because:
- You provided your consent. In order to provide our services that involve use of precise location information related to other Personal Data, (and to store and gain access to information stored on your device such as Device IDs), we rely on your consent. To obtain this consent, we rely on our own compliance steps and our web and mobile partners’ compliance steps, designed to ensure that consent is collected and passed on to partners, and to ensure that we only facilitate the collection of legally obtained data. We may choose to obtain consent in other cases as well, in which case we will adhere to applicable laws relating to such consent and its withdrawal. We also seek to obtain consent for certain partners with whom we work, who are often independent data controllers. We list these partners in our Trusted Partners List.
- The processing is in our legitimate interest. In some cases, we use legitimate interest as a legal basis for processing Personal Data. We rely on legitimate interest when we use Personal Data to maintain the security of our services, such as to detect fraud or to ensure that bugs are detected and fixed. We also rely on legitimate interest when we use our own customers’ data (or Visitors’ data) to communicate with them about our Services or analyse our own Site activity.
- Contractual Relationships. Sometimes, we process certain data as necessary under a contractual relationship we have (such as our customer records and contact information);
- Legal Obligations. Finally, some processing of data may be necessary for us to comply with our legal or regulatory obligations.
b. Transfers of Personal Data
When we transfer Personal Data outside of the EEA or Switzerland, we take steps to make sure that appropriate safeguards are in place to protect your Personal Data. In general, our data transfers of our Personal Data are safeguarded by mechanisms such as Privacy Shield, European Standard Contractual Clauses, and Data Processing Agreements where this is required by European Data Protection Law. Feel free to contact us at the contact information below for more information about the safeguards we have put in place to protect your Personal Data and privacy rights in these circumstances.
As AreaMetrics works with global companies and technologies, we may need to transfer your Personal Data outside of the country from which it was originally provided. For instance, we may transfer your data to third parties that we work with who may be located in jurisdictions outside the EEA or Switzerland, and which have no data protection laws or laws that are less strict compared with those in Europe.
c. Personal Data Retention
As a general matter, we retain your Personal Data for up to ten years to provide our Services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements. Please note that we may retain this (and other) Information whenever and so long as we have a significant legal or operational need to do so, such as for auditing, corporate record-keeping, compliance accounting or security and bug-prevention purposes.
If you are a customer of ours and thus have an account with us, we will typically retain your Personal Data for up to ten years in order to serve the purpose for which it was collected, such as to provide you relevant information about our products and services.
d. Your Rights as a Data Subject
The GDPR provides you with certain rights in respect of Personal Data that data controllers hold about you, including certain rights to access Personal Data, to request correction of the Personal Data, to request to restrict or delete Personal Data, and to object to our processing of your Personal Data (including profiling for online ad targeting).
- Right to Access: If you wish to exercise your right to access Personal Data we process as a data controller, you may do so by requesting access through the e-mail address email@example.com. When we receive your request, we will provide you with current, step-by-step instructions to follow in order to obtain access. As we are required to verify a requestor’s identity prior to providing Personal Data, we will assess requests to exercise certain data access rights on a case-by-case basis: in doing so, we consider (a) the difficulty of verifying whether data that we hold and data we have linked to it truly and solely belongs to the data subject making the request, along with (b) the potential adverse effects on disclosure of personal data to the wrong individual. Because such improper disclosure would likely adversely affect the privacy rights and freedoms of the data subject, we may limit the Personal Data we make available. Please note that we will only grant requests for access for Personal Data for which we are a data controller, as explained further in sub-section (e) below. Where we act as a processor for one of our customers, we will refer your request to that customer. Please identify the customer your request refers to (if possible), to simplify this process.
- Right to Correct: If you wish to exercise your right to correct Personal Data, you may do so by contacting us at the contact information below.
- Right to Erasure. You also have the right to obtain the erasure of Personal Data concerning you that we hold as a controller. The above opt-out process satisfies this right. When a user opts-out through our partners (or through mobile device settings), and we receive this signal, we no longer use Personal Data to provide our advertising services. We will also manually delete your Personal Data if you prefer that we do so; please contact us and email your device to firstname.lastname@example.org for further instructions if you wish to exercise this right manually. Please note, however, that we may retain copies of certain Personal Data on inactive or back-up files, for our certain important internal and purposes, such as auditing, accounting and billing, legal or bug-detection, for as long as is necessary to fulfill those purposes.
- Right to Lodge Complaints. You have the right to lodge a complaint with a supervisory authority. However, we hope that you will first consult with us, so that we may work with you to resolve any complaint or concern you might have.
e. AreaMetrics as a data controller and a data processor
EU data protection law makes a distinction between organizations that process Personal Data for their own purposes (known as “data controllers”) and organizations that process Personal Data on behalf of other organizations (known as “data processors”). As noted above, we are not always a data controller of the data in our possession, but are sometimes a data processor for other companies such as our customers. In such cases, we may direct your inquiry to the relevant data controller, since data controllers are the ones with primary responsibility for your Personal Data.
Access and Choice
Upon request AreaMetrics will provide you with information about whether we hold or process on behalf of a third party, any of your personal information. To request this information please contact us at email@example.com.
If you wish to request access, or deletion of your personal information please contact us at firstname.lastname@example.org. We will respond to your request within a reasonable timeframe.
If you provide Personal Information to us through our Website, such as signing-up for our newsletter, you may request that we delete such Personal Information from our system, by sending a request to email@example.com, or by choosing the limit ad tracking setting on your device’s privacy settings page. We will promptly cease use of any such Personal Information and will remove such Personal Information from our servers in accordance with our standard practices. Certain other components of your Data relating to your use of the Website or Mobile Products, such as Mobile Advertising Identifiers, may be retained for up to ten years in order to serve the purpose for which it was collected.
Reset an Advertising Identifier
Resetting an advertising identifier is very easy on both iOS and Android (step-by-step guide below):
- iOS: Go to “Settings > Privacy > Reset Advertising Identifier” and then Reset Identifier when the prompt comes up.
- Android: Go to “Settings > Google > Ads > Reset Advertising ID” and click OK when the confirmation screen appears.
Social Media Sites, Links to Other Sites
We may have pages, accounts or presence on various social networking and media sites or services, such as Facebook and Twitter. Social media buttons or interactive mini-programs that run on our website may collect your Internet protocol address, which page you are visiting on our website, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our website. Any information you post or provide through such social media sites and services will be subject to the policies of the applicable site or service.
As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.
AreaMetrics has taken and will continue to take steps to protect the confidentiality of the personal information it collects from users of its Website and Mobile Products. Information we gather on AreaMetrics is stored within AreaMetrics controlled databases (or databases hosted on our behalf) on servers maintained in protected environments, and we limit access to such information to AreaMetrics employees who we believe need to see that information to provide you with services or otherwise do their jobs. We follow generally accepted standards to protect the Personal Information submitted to us, within reason. However, no physical or electronic security system is impenetrable, and we cannot guarantee the absolute security of our servers or databases, nor can we guarantee that the information that you supply to us won’t be intercepted during transmission over the Internet. If you have any questions about the security of your personal information, you can contact us at firstname.lastname@example.org.
We may retain your information for as long as your account is active or for up to ten years, to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements.
Contacting Us with Questions
1601 5th Avenue #1100, Seattle, WA 98101