Updated as of May, 2018
PulsePoint is a member of the Network Advertising Initiative (“NAI”) and follows the NAI’s Code of Conduct, which outlines self-regulatory principles for personalized advertising. PulsePoint also complies with the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Principles for Online Behavioral Advertising.
WHAT TYPES OF INFORMATION DO WE COLLECT?
Non-Personally Identifiable Information (“Non-PII”)
We and our service providers (publishers, advertising partners, or third party data providers from whom we license data from) may automatically collect information that is linked to your computer or device and may reflect how you interact with a webpage or the ads you view or click. We or our service providers may also collect Non-PII from your mobile device or from apps on your mobile device. The Non-PII that we collect does not directly identify you personally, but it may enable us to recognize your computer or device over time. For example, when you visit a webpage or click on an ad, we or our service providers may collect information, which includes, but is not limited to:
- which websites you have visited and information about your visit, including pages visited, what time of day you visited those websites, and more;
- information about the ads served, viewed, or clicked on, such as the time of day of your visit, where the ad was served, whether you clicked on it, and whether you visited the advertiser’s website or purchased the product or service advertised;
- information regarding the app visited, session start/stop time, time zone, and network connection type (e.g., WiFi, cellular);
- information about your mobile device, such as the type and model, software version, manufacturer, operating system (e.g., iOS or Android), carrier name, mobile browser (e.g., Chrome, Safari), applications used and the version of such applications, and identifiers assigned to your device, such as its iOS Identifier for Advertising (IDFA), Android Advertising ID (AAID), or unique device identifier (a number uniquely given to your device by your device manufacturer), sometimes referred to as a mobile carrier ID;
- your Internet protocol (IP) address (a unique number that is automatically assigned to a computer when surfing the web);
- your location information, such as your zip code or the approximate geographic area provided by your Internet service provider (ISP) or location positioning information provided by the location services and GPS features of your mobile device or website when location services have been enabled. We may also infer the geo-location of your device based on data collected through, for example, a WiFi identifier that the device is connected to.
We may also collect Non-PII from third parties that is not linked to your computer or mobile device for use in our Platform. Any information we receive from third parties is used to maintain and improve the accuracy of the records we hold about you.
In some countries, including countries in the European Economic Area (“EEA”), this information may be considered PII (as defined below) under applicable data protection laws. Please see our EEA Supplement for more information on the lawful grounds on which we process your information and data protection rights which you have if you are an EEA visitor.
Personally Identifiable Information (“PII”)
PII is information unique to you that may be used to directly identify you individually. We may acquire PII from our publishers or advertising partners or other third parties, but only where we have contractually required that these third parties have obtained your consent or are otherwise legally permitted or required to disclose your PII to us. Depending upon the source, the PII may include information such as email address, gender, or certain specific demographic and other information. More precise location positioning, or location information combined with other data, may make it possible to pinpoint an exact location, which in some instances could be considered PII.
Certain PII and Non-PII may also be considered “Sensitive Data.” Some examples of Sensitive Data are your social security number and financial account numbers. Sensitive Data can also include certain types of information about your race or ethnicity, or information related to your health, such as information on certain past, present, or future medical conditions and treatment of those conditions (sometimes also referred to as protected health information or “PHI”), prescriptions you have filled, laboratory results, and information about your health or wellness, including information regarding sexually transmitted diseases (“Sensitive Health Data”). Some examples of the categories of Sensitive Health Data we collect are available here. PHI collected and stored by us may not be protected under the Health Insurance Portability and Accountability Act (“HIPAA”).
HOW DO WE USE YOUR INFORMATION?
We use the information we acquire to deliver ads to the most relevant recipients. For example, we may use PII and Non-PII to develop audience segments, or groupings of individuals with common interests or characteristics, and deliver ads to the individuals within a segment, or to the websites frequented by users of a particular segment, that we determine are relevant to that segment. So, for example, if you are a student, we may deliver ads for school course offerings or financial aid.
Segments may be based on demographic characteristics such as age and gender, geographic area, and other categories derived from various information, including purchasing tendencies. Segments may also be based on certain medical conditions, such as flu or diabetes, or other medical conditions that are considered sensitive, such as cancer. Examples of some health segments we use are available here.
Our Platform serves both contextual and targeted/IBA.
Placing an ad relevant to the content on the webpage is commonly referred to as contextual advertising. These ads are targeted to content categories only, meaning that a visitor of a webpage sees an ad relevant to the content found on the webpage visited. Displaying an ad for sneakers on a website that promotes running is an example of contextual advertising. Many of our ads focus on contextual advertising.
We may engage in IBA (or online behavioral advertising (“OBA”)). This may utilize the segments referred to above, and PII and Non-PII derived from browsing habits on the Internet, to target specific ads to individuals. For example, if an advertiser wants us to display ads to individuals who have expressed interest in acne, sun-care products, or advances in treating certain medical conditions, we may serve ads for those products or services to those individuals based on segment data and Internet browsing habits. We may also serve ads to you based on inferences we have made regarding health conditions that may be of interest to you. We may make these inferences using models based on a sample set of other users’ health records, which we then compare with information in our databases to create datasets we can use to make certain predictions or inferences regarding characteristics that may apply to you, including the existence of certain medical conditions. The purpose of such advertising is to serve ads better related to products and services that may be relevant to the interests of the individuals seeing them. We may also engage in IBA utilizing PII or Sensitive Health Data.
We may serve ads to you based on your previous visits to a website or clicks on an ad. For example, an advertiser might ask us to display a particular ad to people who have recently visited the advertiser’s website. In some instances, a cookie is placed on your computer while at the advertiser’s site, and when that cookie is seen by us on the website of another company in our Platform, we will deliver the advertiser’s ad there. We may also use information collected from mobile apps and browsers to serve ads across devices for the purpose of linking devices to relevant individuals.
We or our service providers may deliver ads to your mobile device when you are in certain geographic locations. This type of targeted advertising is referred to as “geo-fencing” or “geo-targeting.” Geo-fencing works by placing a “fence” around a certain geographic (“geo”) location. For example, we or one of our service providers could create a 2 square mile “fence” around a grocery store. When you go inside that fence or target area, we or our service providers may serve you specific ads based on you being in that target area. In the case of the grocery store example, you may, for example, be served ads about the grocery store or a product sold in that grocery store.
With geo-fencing we do not continuously, periodically, or intermittently track your precise location. The geo location of your device will, however, be provided to us or one of our service partners when you enter the target area, and we may also be provided other Non-PII. Geo-fencing monitors an area and sends notifications either to an app you have on your mobile device or directly to us or our service providers when the boundary is crossed, either in or out. Those apps use this location information to process status updates only if you have geo-location enabled on your mobile device. We will not target you with ads based on your geo-location unless we believe you have provided consent to do so.
If you want to limit or prevent location data from being collected from your device you can adjust this capability through your mobile device settings. Please refer to your applicable device settings for instructions on how to manage your location settings. Additional options for opting out of receiving targeted ads can be found in the “Consumer Choice” section below.
WHAT INFORMATION DO WE SHARE?
We may share Non-PII with third parties. For example, we may provide information to others as to the specific ads to which a segment of end-users was exposed, or we may make certain information, such as certain demographic information, about end-users viewing an ad available to buyers and potential buyers of such ads. We may also disclose how frequently the average end-user requests pages about a certain category (such as health or finance), or which ads a segment of end-user interacts with on domains across our Platform.
Although the Non-PII information that we share, including the Non-PII that is not linked to your computer or mobile device, does not directly identify you personally, there is a risk that third parties who receive such information from us may be able to re-identify you through other information they gather. We request written assurances from third parties that they will not attempt to re-identify non-PII to any particular individual.
Legal basis for processing PII (EEA visitors only)If you are a visitor from the EEA, our legal basis for collecting and using the PII described above will depend on the PII concerned and the specific context in which we collect it. For further information relevant to EEA visitors, please click here.
We are committed to following the NAI’s Code of Conduct and complying with the DAA’s Self-Regulatory Principles for Online Behavioral Advertising, which encourage consumer choice.
You may opt-out of our Platform for IBA/OBA. Opting out does not prevent you from seeing ads; it simply means that we will no longer collect data for the purpose of IBA/OBA, and you will no longer receive ads based on your historical viewing interests, personal characteristics, consumer segments, or other information. You may still receive contextual ads, as described above.
We encourage advertisers that place ads through our Platform that are delivered for IBA/OBA to display the DAA’s YourAdChoices Icon, which contains a link consumers may click to understand how their data is being used and see the choices they have to control the collection of data online and the display of ads for IBA/OBA. The DAA offers an opt-out tool to opt-out of the collection of data online and the display of ads for IBA/OBA. More information about the DAA’s YourAdChoices program and its opt-out tool are available here. Opting out from an advertiser will not, however, automatically opt you out of receiving IBA/OBA targeted ads from our Platform, nor from receiving ads. To opt out of targeted ads from our Platform, you may go here. We do, however, require advertisers and publishers with whom we partner to inform us if you opt-out of receiving their ads so that you are not sent those ads from our Platform.
Since we are a member of the NAI, you may also use the NAI’s opt-out tool to opt-out of our collection of data online for IBA and the placement of interest based ads. You may access the NAI’s opt-out tool here.
The DAA and NAI opt-out tools are cookie-based. They signal us so that we do not collect data online or deliver ads for the purpose of IBA/OBA, and only affect the Internet/web browser on the computer where the cookies are installed. These opt-out tools will only function if your browser is set to accept third-party cookies. If you delete an opt-out cookie or all cookies from a browser’s cookie files, change web browsers or change computers, you will no longer be opted out of our data collection and ad targeting, and we may place a new cookie unless an opt-out cookie is again reset on that browser. Opting out using one browser on one computer will not opt you out using any other browser on the same or another computer.
If you are using a mobile device, your mobile device may offer settings to limit or disable mobile apps from gathering certain information. You should check the settings for the app and your device. PulsePoint honors the mobile device settings for Android and Apple iOS devices. To exercise this opt-out, please visit the privacy settings of your device and select “limit ad tracking” (if Apple iOS) or “opt-out of interest based ads” (if Android).
COLLECTION, USE, AND DISCLOSURE OF INFORMATION BY OTHERS
We use reasonable security measures to protect the data in our possession. However, no method of transmission or storage of data is 100% secure and we will not be responsible for any damage that results from a security breach of data or the unauthorized access to or use of information, whether PII or Non-PII. To the extent we provide your PII to any third parties, we will request that they use reasonable security measures to protect your information.
Information we acquire through our Platform is generally deleted within 45-60 days, but may be retained in PulsePoint’s internal network for up to 18 months from the date of collection before deletion.
We retain information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your data, we will either delete or anonymize it or, if this is not possible (for example, because your PII has been stored in backup archives), then we will securely store your PII and isolate it from any further processing until deletion is possible.
If you would like to access, correct, update, or request deletion of your PII we have on file, you may submit such requests here. Alternatively, you may email us at firstname.lastname@example.org or write to PulsePoint Privacy Department, 360 Madison Avenue, 14th Floor, New York, New York, 10017. We may take reasonable steps to confirm your identity in an effort to prevent identity theft.
In the interest of the privacy of children, we do not knowingly collect information from or target end-users under the age of 18. Our Platform is neither developed for nor directed at children. If we learn we have collected or received information from a child under 18 without verification of parental consent, we will endeavor to delete that information
CROSS-BORDER DATA TRANSFERS
Our Platform is based in the United States, and operates under United States law. If you are located outside of the United States, the information we collect may be transferred to and processed in the United States and in other countries where the privacy laws may not be the same as the laws where you reside and, in some cases, may not be as protective. Additional considerations apply to the collection, use, and disclosure of information from individuals who live in the EEA.
DO NOT TRACK (“DNT”)
DNT is a privacy preference that you may set in certain web browsers. DNT is intended to allow you another method of informing websites and services that you do not want certain information about your website visits collected. We do not currently respond to DNT signals.
Questions and Comments
If you have questions about our Platform and your privacy, please e-mail email@example.com.