- What Data We Collect
- How We Use the Data We Collect
- Cookies and Related Technologies
- Non-Cookie Technology for Tracking Outside European Territories
- Your Choices and Opting-Out of Interest-Based Advertising and Analytics
- Data Retention
- International Transfers
- Information for European Territory Residents
- Information for California Residents Only
We collect the following categories of data in the provision of our Services for the purposes explained below.
Data You or the Advertiser Provide To Us
- Email and CRM data from Advertisers: Some Customers provide their customer relationship data to us (e.g. name, email address, company address) or instruct us to collect clear email addresses on the Customer’s behalf using NextRoll Technology (“Customer CRM Data”) for processing as part of our Services. By doing so, we can help our Customers serve, measure and analyze interest-based ads to the end user. For example, using the example we already provided above, if you gave ACME Soccer Ball Co. your email address, ACME Soccer Ball Co. may use our Services to send you a promotional email for a soccer ball you looked at but did not purchase. Similarly, if you provided your email to a software website when you downloaded a white paper, through our Services the software company may (subject to your marketing preferences) send you a follow up email providing you with more information about the software company’s products or services. We use our Customer’s CRM Data only as a processor for the purpose of assisting that particular Customer with their own advertising efforts and, in some cases, reporting performance back to the Customer's CRM system. We do not share clear email addresses belonging to one Advertiser with another Advertiser for their advertising purposes.
- Hashed email addresses: If an Advertiser permits us, we collect hashed versions of the email addresses that consumers have entered on that Advertiser’s site. Hashing is a technology process that pseudonymizes (i.e. digitally scrambles) email addresses. For instance, when firstname.lastname@example.org is run through a typical hashing function, it becomes the following string of digits: 0F0B7B1A1A7E8BDBBC6AA545F8CCD6F83671B32479271BFCB6CC8498912058D5. We take this step to de-identify data and protect email addresses, while being able to use the unique identifier created for the purpose of recognizing you and sending your interest-based ads across different devices (computers, tablets and mobile devices) and browsers (also called “cross-device matching”). We describe cross-device matching in further detail in How We Use the Data We Collect.
- Shopping Data. Some Advertisers provide us with data about their buyers’ shopping habits, including transactional data, product codes, and check-out activity in addition to the browsing data that we collect. This data may come from their Digital Properties or other transactional data they maintain. We generally use this data to help us better target, personalize, and measure the effectiveness of advertising campaigns. etc
- Data We Receive in Our Corporate Capacity. We also collect data from our own Customers and those who visit our website(s). To learn more about how we collect and use that data, please see our Website Privacy Notice.
Data We Automatically Collect From Your Device
Unless you have opted-out or have otherwise refused to provide consent, the following is data that we collect from your device automatically:
- Device Information: This is technical information about the device you use to access the Advertiser's Digital Property such as your device's IP address and operating system. Additionally, in the case of mobile devices, your device type, and mobile device's unique advertising identifier (such as the Apple IDFA or Android Advertising ID) and any other unique identifier that may be assigned to the mobile device, such as an Android ID or UDID in older Apple phone models, or a non-cookie unique identifier used by Non-Cookie Technologies.
- Browser Data: This is technical information about the browser you are using that is captured in order to serve you an ad that can be rendered on your device. An example of browser information is the technical information that identifies your browser as, for example, Chrome, Firefox, Safari etc.
- Activity on Advertisers’ Digital Properties: This is data about your browsing activity on the Advertiser's website or application. For example, which pages you visited and when, what items were clicked on a page, how much time was spent on a page, whether you downloaded a white paper on a B2B website, what site or ad brought you to the Advertiser’s website, what items you placed into your online shopping cart, and what products were purchased and the price of the products purchased.
- Location Data: This is non-precise information related to your geography derived from your device’s IP address (e.g. laptop, desktop or mobile etc.). This does not reveal your precise geographic coordinates (i.e. your GPS latitude and longitude) - only country, state, city and zip/postal code level location data, and helps us to display ads that are relevant to your general location (for example, showing ads in French if you are located in France).
- Ad Data: This is data about the online ads we have served (or attempted to serve) to you. For example, how many times an ad has been served to you, what page the ad appeared on, and whether you clicked on or otherwise interacted with the ad.
Data We Collect From Third Party Sources
- Campaign Performance Data: This data includes information about how well our Customers’ ads and campaigns have performed, whether on our platform or on other platforms.
- Attribute Data: We may collect additional information about you from other third party sources where they have the rights to share such information and we have the rights to use it, for example, demographic data or title and employer data. We use this data to better understand our Customers and to better market our Services to you.
Data from Advertising Partners: This is data that allows us to match the NextRoll cookie identifier with identifiers that may already be used by other companies in the digital advertising ecosystem that we work with (“Advertising Partners”), for example, ad exchanges or companies that sell advertising space on publishers’ websites (sometimes referred to as “supply side platforms”). Matching cookie identifiers help us deliver ads to you and recognize you across browsers and devices, and may include pseudonymous advertising identifiers (meaning identifiers that help identify your browser or device, but not you directly) which some third party advertising platforms choose to share with us. We may work with our Advertisers and Advertising Partners to synchronize their unique, pseudonymous identifiers to our own to enable us to more accurately recognize a particular unique browser or device and the advertising interests associated with it (commonly known as “ID Syncing”).
Data collected pursuant to RollWorks Business only:
- Email Communications: Customers may provide us with access to their email communications from their prospects when they have engaged us to provide email marketing services, which we process as a processor only on behalf of our Customers and in accordance with their instructions. When access to such data involves access to Gmail Data such access will be subject to these additional restrictions:
- We will only use access to read, write, modify or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail Data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets;
- We will not use this Gmail Data for serving advertisements; and
- We will not allow humans to read this data unless agreed to by the Customer, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the provision of NextRoll’s Services.
- Contact data from third parties. We obtain and collect contact data from various third party sources, including from public sources and through licenses with data providers. We may also infer contact data based on email addresses and email naming conventions. This contact data is B2B information – in other words, it is typically a business email address, business street address, or sometimes, a business telephone number. Please note that as part of our RollWorks Services, we do not collect business email addresses for any individuals who are residing in any European Territories (as defined in International Transfers).
We generally use the data we collect to help our Customers better identify and engage with you. For example, to serve ads or communications that aim to be more relevant to you. The data we collect also helps measure the effectiveness of ad campaigns and, to better understand the needs and interests of prospective students. Additionally, we use this data to operate, improve and enhance our Services, in order to serve the most relevant ads to you and, in turn, improve performance of ad campaigns.
Specifically, we use this data for:
- Interest-Based Advertising: Selecting ads that are more likely to be relevant to you based on data such as your browsing activity, the time of day you visit specific Digital Properties and the time you spend on them, and non-precise geographic data inferred about your device/s.
- Frequency capping: Making sure that you don't see the same ad too many times. If we know you’ve already seen a particular ad several times, we’ll try to show you a different ad next time.
- Sequencing: If you are being served a sequence of ads, making sure we show you the right ad next in the sequence.
- Cross-device matching: Identifying different devices that are likely to be associated with you so that ads can be targeted, capped and sequenced across those devices, and so that campaign effectiveness can be measured and analyzed. It also helps us match devices so we can honor your opt-out choices across all devices we know are connected to the opted-out cookie. You may opt-out of cross-device interest-based targeting by employing the respective opt-out techniques we describe in Your Choices and Opting-Out of Targeted Ads. To learn more about how we use cross-device matching, click here.
- Identifying Companies Associated with an IP range for B2B marketing (RollWorks only): We match IP address ranges to companies who disclose their IP address ranges in order to provide aggregated reports to companies regarding their website traffic.
- Attribution: Monitoring when an ad is served by Elizabethtown College, or other third parties on behalf of an Advertiser, to enable marketing measurement. For example, being able to measure if a certain ad campaign (for example, the MBA program) actually helped the College reach interested students and, if so, which party serving the ad reached the most prospective students.
- Reporting: Providing Advertisers insights into how their ad campaigns served either by NextRoll and/or by third parties are performing and gaining insights into their customers. Reporting may include ad metrics such as attribution (described above), impressions (ads served), clicks (ads you clicked on), and conversions. What qualifies as a “conversion” is defined by the Advertiser—it might include for example, a sale or a white paper download, or a correlation to an actual or inferred sale, site visit or store visit. This data allows an Advertiser to determine if an ad is not performing well (few attributed conversions), so that the Advertiser will be able to see that data and update the ad (perhaps with a better deal!).
- Licensing Data: Other than Customer CRM Data, we may license any of the data we receive, create or collect to our Customers or other third parties. For instance, as mentioned in What Data We Collect, when we receive an email address for a U.S. resident from a third party data provider or derive an email address, we may license that to our Customers.
- Conducting Our Corporate Operations. As to data we collect in our corporate capacity – our own B2B lists of Customers and prospective customers – we use that data to conduct our business operations and communications. Please see our Website Privacy Notice to learn more about how we use that data.
- Complying with Legal Process: To satisfy in good faith any applicable law, legal process, or proper governmental request, such as to respond to a subpoena (whether civil or criminal) or similar process.
- Investigating Wrongdoing and Protecting Ourselves or Third Parties: To enforce our Terms of Service or other policies or investigate any potential violation of our Terms of Service and policies, any potential violation of the law, or to protect ourselves, our Customers, or any third party from any potential harm (whether tangible or intangible).
- Specifically, the NextRoll cookie we serve through our NextRoll Technology for this purpose is named “__adroll”, “adroll_v4” and “__adroll_fpc” .
Our Advertising Partners may also drop cookies for the purposes described in What Data We Collect. Generally, the type of cookies dropped will vary depending on the Advertising Partner.
Additionally, we use non-tracking cookies (not unique) to store user decisions in terms of your ad consent and opt-out choices:
- We may drop a __adroll cookie with value opt-out if you opt-out as described below.
We may drop a __consent cookie that stores the consent choices you have made regarding data processing and advertising by NextRoll.
A full list of NextRoll cookies is set out below:
|Tracking Cookies||Non-tracking Cookies|
In respect of website visitors with IP addresses not from a European Territory, NextRoll and some of its Advertising Partners may use technologies other than cookie technology to recognize your computer, device or browser for the purposes of interest-based advertising, analyzing engagement with ads or content, measuring the effectiveness of a particular ad campaign or marketing effort, to monitor against fraud or misuse of our Services, or in other ways described in this Service Privacy Notice in How We Use the Data We Collect. This use of non-cookie technology may be used in addition to cookies, or separately, to collect and record data about your web browsing activities on browsers, search engines or other platforms that may not utilize NextRoll Technology.
You may opt-out of tracking via non-cookie technologies by employing the respective opt-out techniques described in Your Choices and Opting-Out of Interest-Based Advertising and Analytics Ads.
We recognize how important your online privacy is to you, so we offer the following options for controlling the interest-based ads you receive and how we use your data.
Opting-out of this type of advertising will not prevent you from seeing ads, rather those ads will likely be less relevant. This is because they will not be tailored to your specific interests but will instead be based on the context of the Digital Property in which they are displayed (for example, if you are on a movie website, you may only see ads about movies) or the ads you see may be randomly generated.
Here’s how you can control how we use your data:
- Web browser: You can opt-out of receiving interest-based ads served by us or on our behalf by clicking on the blue icon that typically appears in the corner of the ads we serve and following the instructions provided or by clicking here. Please note that this “opt-out” function is browser-specific and relies on an “opt-out cookie”. This means if you delete your cookies or upgrade your browser after having opted out, you will need to opt-out again.
- Cross Device Opt- Out: In some cases, we may link multiple browsers or devices to you. If you opt-out on a browser or device and we have additional devices or browsers linked to you, we will extend your opt-out decision to any other linked browsers and devices. Since we only link users across browsers and devices in certain conditions, there may be cases where you are still being tracked in a different browser or device we have not linked, and where we are treating you as a different user.
Mobile Device Opt-Out: To opt-out of receiving interest-based ads that are based on your behavior across different mobile applications, please follow instructions for iOS and Android devices:
- iOS 7 or Higher: Go to your Settings > Select Privacy > Select Advertising > Enable the “Limit Ad Tracking” setting; and
- For Android devices with OS 2.2 or higher and Google Play Services version 4.0 or higher: Open your Google Settings app > Select Ads > Enable “Opt out of interest-based advertising”.
Industry Opt-Out Tools and Self-Regulation:
- NextRoll is a member of the Network Advertising Initiative (NAI) and adheres to the NAI Code of Conduct. You may use the NAI opt-out tool here, which will allow you to opt-out of seeing interest-based ads from us and from other NAI approved member companies. In addition, the NAI opt-out tool allows you to separately opt-out of “audience matched” advertising through the NAI’s “Audience Matched Advertising Opt-Out” tool. Audience matching is a particular type of interest-based advertising where de-identified data (e.g. hashed emails) is tied to “offline” activity or information (generally, information that is or can be associated with a consumer’s email address) and matches that de-identified data to cookies, mobile ad IDs, or other online identifiers. We describe this hashing activity in detail in What Data We Collect. Because this “audience matched” information is derived from an email address or information that can be tied to an email address, it is possible to opt-out with an email address. However, when you opt-out in this way, you will need to submit all of the email addresses that you use for the opt-out to work.
- We also comply with the Self-Regulatory Principles for Online Behavioral Advertising as managed by the Digital Advertising Alliance (DAA). You may opt-out of receiving personalized ads from other companies that perform ad targeting services, including some that we may work with as Advertising Partners via the DAA website here.
- We also comply with the Canadian Self-regulatory Principles for Online Behavioral Advertising as managed by the Digital Advertising Alliance of Canada (DAAC). You may opt-out of receiving personalized ads from other companies that perform ad targeting services, including some that we may work with as Advertising Partners via the DAAC website here.
- Reminder to Users Residing in a European Territory: If you are located in a European Territory you will also have additional data protection rights. These are described Information for European Territory Residents: Our Legal Basis and Your Rights.
- Customer CRM Data: We are processors of CRM data (e.g. customer lists containing emails) that the Customer instructs us to collect or otherwise provides to us in order for us to perform our Services. We retain this CRM Data until the Advertiser asks us to delete this data.
- Mobile Identifiers and Cookie Identifiers: Cookies we set expire (and are then deleted) 13 months from the last time your device accessed a Digital Property using NextRoll Technology. If you visit another Digital Property that uses our technology inside that 13-month expiry period, then the expiry period will be reset and measured from that date instead. The expiration period for mobile identifiers is controlled by the end-user on their own device.
- Personal Data Associated with Mobile and Cookie Identifiers Related to Browsing History: We delete personal data associated with mobile and cookie identifiers after 12 months. For example, data such as an Advertiser’s website you visited or ads that you may have clicked.
- Personal Data Associated with Advertising Bidding Requests: Data logged in order to process an advertising bid request we have received from an Advertising Partner (such as cookie identifier, IP address, the domain url requesting to display the ad, and browser information) are deleted after 14 days. Data we have logged regarding bids we have placed to display an advertisement (including cookie identifiers, mobile identifiers, the advertisable bid on, and the advertisable won or displayed to the end-user) are deleted after 30 days.
- Personal Data Associated with the Display of an Advertisement: Data logged for the display of an advertisement (including cookie identifiers, the advertisement won or displayed to the end user and data indicating whether an end user clicked on the particular advertisable displayed) are deleted after 12 months.
We apply technical, administrative and organizational security measures to protect the data we collect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against other unlawful forms of processing.
We may transfer the data we collect about you to countries (including the United States of America) other than the country where we originally collected it for the purposes of operating our Services. In general, the transferring countries will be the countries in which we, our Customers, our Advertising Partners, or our or their service providers operate.
Those countries may not have the same data protection laws as your country. However, when we transfer your data to other countries, we will protect that data as described in this Service Privacy Notice and take steps, where necessary, to ensure that international transfers comply with applicable laws.
For example, when we transfer your data from a European Territory (as defined below) to our parent company in the United States, we do so under the European Commission's Standard Contractual Clauses. These Standard Contractual Clauses are incorporated in the NextRoll Data Protection Addendum between NextRoll and each of our Customers where applicable. When we transfer your data outside of a European Territory to Advertising Partners (or vice versa), we do so under lawful data export mechanisms which may include Standard Contractual Clauses, EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and Binding Corporate Rules.
Our Legal Basis: If you interact with our Services from the European Territories, our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it. For these purposes, "European Territories" means the European Economic Area and Switzerland, and shall continue to include the United Kingdom, even after the United Kingdom leaves the European Economic Area following Brexit.
- We will normally process personal data about you where the processing is in our legitimate interests (or the legitimate interests of our Customers) to do so and not overridden by your interests or fundamental rights and freedoms. We rely on legitimate interests, for example, when we process personal data as a data controller in order to administer our platforms and provide our Services, so that we can fulfil our contractual obligations to our Customers and support them to provide you with interest-based advertising.
- In some cases, we may collect, and process personal data based on your consent. For example, when you visit an Advertiser’s Digital Property, you will be asked to consent to NextRoll dropping a cookie.
If you have questions about, or need further information concerning, the legal basis on which we collect and use your personal data, please contact us using the contact details provided under Contact Us.
European Residents’ Privacy Rights: In addition, if you are a resident of a European Territory, you have the following data subject access rights under EU data protection law:
- If you wish to access, correct, update or request deletion of your personal data, please complete the information on this webpage to obtain a verifiable request form.
- If you wish to object to us processing your personal data or would like to otherwise restrict the processing of your personal data, we will honor that request. Please visit the Your Choices and Opting-Out of Interest-Based Advertising and Analytics portion of this Service Privacy Notice to select the best opt-out method for you
- Similarly, if we process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal data conducted in reliance on lawful processing grounds other than consent. You can also refuse consent for NextRoll or our Advertising Partners to drop cookies by clicking here or by refusing consent for NextRoll when you see a “consent banner” displayed on an Advertiser site which lists NextRoll (formerly AdRoll and Semantic Sugar) as a vendor.
You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Territories are available here. However, if you have any questions about our collection and use of your personal data, we encourage you to contact us first at email@example.com. If you are unable to obtain the information or resolution that you seek, you may also contact our Data Protection Officer at firstname.lastname@example.org.
In some cases, we act as a processor for our Customers (for example, when we handle our Customers’ CRM data solely to provide them Services) and, in those cases, you should direct any requests to exercise your data protection rights to the relevant Customer. If you are uncertain whether we process your personal data as a controller or a processor in any specific context, you can contact us at email@example.com and we will advise you accordingly.
This section supplements the information contained in this Service Privacy Notice and applies solely to visitors, users, and others who are residents of the State of California, as defined in Section 17014 of Title 18 of the California Code of Regulations. This section is effective as of January 1, 2020, to comply with the California Consumer Privacy Act of 2018 (“CCPA”).
Any terms defined in the CCPA have the same meaning when used in this section.
Information We Collect and the Purposes for Which this Information is Used
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). This collection of information is listed in What Data We Collect.
We set out below the CCPA categories of personal information we have collected from consumers within the last twelve (12) months in respect of our Services. Please note that personal information in certain categories may overlap with other categories.
|A.||Identifiers||Yes||Device IP address, email address, cookie string data, pseudonymous data (e.g. hashed emails), operating system, and (in the case of mobile devices) your device type, and mobile device's identifier (such as the Apple IDFA or Android Advertising ID) and any other unique identifier that may be assigned to any device by third parties and cross-referenced to recognize a device.||Directly and indirectly from consumers, third party data providers and Advertising Partners. In the case of business email addresses, RollWorks B2B Services may infer a business email address.|
|B.||Personal information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))||Yes||
In respect of RollWorks B2B Services:
Name, business address, business telephone number, education, employment and employment history.
In respect of AdRoll D2C Services:
The perceived general education level of consumers may be collected for D2C marketing, advertising and analytics to the extent relevant for providing marketing or advertising.
|Directly from third party data providers.|
|C.||Protected classification characteristics under California or federal law||Yes||Limited to age ranges such as 35-44, 45-54, 55-64 and 65+ and male/female gender categories are sometimes collected for use of AdRoll’s D2C Services that do not carry a risk of unintended discrimination.||From third party data providers.|
|D.||Commercial information||Yes||Records of products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies.||Directly from consumers and Advertiser.|
|F.||Internet or other similar network activity||Yes||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. For example, which pages you visited and when, what items were clicked on a page, how much time was spent on a page, whether you downloaded a white paper on a B2B website, what items you placed into your online shopping cart, what products were purchased and the price of the products purchased.||
Directly from cookie browsing history on Advertisers’ Digital Properties.
Non-personal information about one of our ads e.g. the third party who served the ad, and the name of the ad) may be connected with browsing history or activity on our websites for the purposes of determining attribution information (e.g. whether particular ad led to a consumer visiting our website, and, if so, which particular ad campaign).
|G.||Geolocation data||Yes||Non-precise geolocation derived from IP address.||Directly from consumers and Advertising Partners.|
|I.||Professional or employment-related information||Yes||
In respect of RollWorks B2B business only:
Current or past job history, including details about the employer (industry, name, company location, company domain or URL), and employee (positions held, duration of employment, and office location of the company where the employee worked).
|Third party data providers.|
|J.||Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R Part 99))||No|
|K.||Inferences drawn from other personal information||Yes||Creating profiles that reflect consumer preferences and interests.||Third party data providers.|
For clarity, under CCPA personal information does not include:
- Publicly available information from government records;
- De-identified or aggregated consumer information; and
Information excluded from the CCPA's scope such as:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
Purposes for Which Personal Information is Collected
NextRoll is a marketing and advertising technology company. All data we collect is for the business purpose of providing services primarily for our marketing, advertising or analytical Services. However, as part of performing these Services, we also use data collected (as identified above) for the following additional business purposes:
- Auditing Interactions with Consumers: count ad impressions and verify the quality of ad impressions served to unique visitors identified by cookie id or other unique identifier;
- Debugging and Repair:the identification and repair of impairments to intended and existing functionalities in our Services and NextRoll Technology, perform debugging and related activities to repair errors that impair the functionality of our Services;
- Security:detect security incidents and protect against malicious, deceptive, fraudulent or illegal activity, including, when necessary, to prosecute those responsible for such activities;
- Internal Research and Development: conduct internal research for technological development of our Services and demonstration of the performance of these Services; and
- Quality and Safety Maintenance and Verification:verify the quality or safety of our Services and improve, upgrade or enhance our Services and NextRoll Technology we provide.
For more information on how we use this data, please refer to How We Use the Data We Collect.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose (as set out above) or sell your personal information, subject to your right to opt-out of those sales (See Personal Information Sales Opt-In Rights) .
The Data Sharing section sets out the personal information that we share with third parties.
Disclosure of Personal Information for a Business Purpose
With the exception of our RollWorks B2B Contact Data , NextRoll’s Services do not amount to a sale of personal information . Instead, NextRoll discloses personal data for business purposes , primarily to perform its advertising, marketing and analytical Services, but also for the purposes set out as items (1), (2) and (3) in the Purposes for which Personal Information is Collected above.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for our business purposes:
- Category A: Identifiers;
- Category B: California Customer Records personal information categories;
- Category C: Protected classification characteristics under California or federal law;
- Category D: Commercial information;
- Category F: Internet or other similar network activity;
- Category G: Non-precise geolocation derived from IP address;
- Category I: Professional or employment-related information; and
- Category K: Inferences drawn from other personal information.
We disclose your personal information for a business purpose to the categories of third parties set out in Data Sharing.
Sales of Personal Information
In the preceding (12) twelve months, pursuant to our RollWorks B2B Contact Data Service, we have sold personal information in the form of business emails from Category A (Identifiers).
Other than our RollWorks B2B Contact Data Service, we do not consider that our Services constitute a ‘sale of personal information’ under the CCPA. Instead, in the course of providing our Services, we disclose personal information for business purposes.
However, we aim to provide consumers with control over the collection and use of their personal information. Consistent with this goal, we will honor requests from consumers to “opt-out” of the collection and disclosure of their personal information. Your Rights and Choices section below provides instructions on how to opt-out of our collection and disclosure of personal information.
Your Rights and Choices
The CCPA provides California residents with specific rights regarding their personal information. This section describes the rights of California residents under CCPA and provides information on how to exercise those rights.
Right to Know and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you;
- The categories of sources for the personal information we collected about you;
- Our business or commercial purpose for collecting or selling that personal information;
- The categories of third parties with whom we share that personal information;
- The specific pieces of personal information we collected about you (otherwise known as a data portability request); and
Two separate lists where we have sold or disclosed your personal information for a business purpose:
- Sales: identifying the personal information categories that each category of recipient purchased; and
- Disclosures for a business purpose: identifying the personal information categories that each category of recipient obtained
Right to Delete
You have the right to request that we delete any of your personal information that we collect from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Right to Know, Data Portability and Right to Deletion ), we will delete (and direct our services providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relations with you or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity or prosecute those responsible for such activities;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights or exercise another right provided by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal obligation; and
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Right to Know, Data Portability and Right to Deletion
To exercise the access, data portability, and deletion rights described above, please submit verifiable consumer request to us by either:
- Calling us at 1-844-740-7126; or
- Visiting this webpage .
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable request for access of data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot: (i) verify your identity or authority to make the request; and (ii) confirm the personal information relates to you.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
As mentioned above in Sales of Personal Information , we have elected to honor sale opt-out rights. Please see Personal Information Sales Opt-Out and Opt-In Rights .
Response Timing and Format
We will deliver our written response to you electronically unless you indicate delivery to be by mail.
Any disclosures we provide to you will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot complete a request, if applicable. Please note that personal information deleted during this period as set out in Data Retention will not be provided.
The format of our responses to you concerning personal information collected, disclosed or sold will be provided in a readily useable format that should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales Opt-Out Rights
To exercise the right to opt-out of our sale of your Contact Data or to opt out of interest-based advertising, you (or your authorized representative) may submit a request to us by visiting the Do Not Sell My Personal Information webpage.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services; or
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by CCPA that can result in different prices, rates or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.