Last updated: April 1, 2020
Effective Date: January 1, 2020
Exponential Interactive, Inc. doing business as VDX.tv (“we”, “us”, or “our”) is an advertising media services company whose clients and customers are online advertisers (“Advertisers”) and digital content providers (collectively, our “Partners”). We help our Partners reach their target audiences and grow through ad sales. Learn more about us at VDX.tv.
We are active members of advertising industry groups the Network Advertising Initiative (“NAI”), the Digital Advertising Alliance (“DAA”), and the Digital Advertising Alliance of Canada (“DAAC”). We comply with the NAI Code of Conduct and are signatories to the DAA Self-Regulatory Principles for Online Behavioral Advertising and the DAAC Self-Regulatory Principles for Online Behavioural Advertising.
Please read this Policy carefully. When you use this Site, you consent to our collection, storage, use, disclosure, and safeguarding of your information as described in this Policy. If you do not agree with the terms of this Policy, do not use this Site.
TABLE OF CONTENTS
INFORMATION WE COLLECT AND HOW WE USE IT
We may collect, transmit, and store your information provided to us from various sources – directly from you, from online technology, and from other sources.
Directly from You
We collect your information directly from you and for the following purposes when you:
- submit a job application, resume, cover letter, or social media profile to a job vacancy, or interview with us;
- enter into an employment or consulting services contract with us;
- complete forms, conduct searches, post content on our Site, respond to surveys, or use any features on our Site;
- provide feedback to us by phone, email, fax, physical mail, or any other means of providing feedback;
- interact with us on our social media accounts, including LinkedIn, Twitter, and Facebook;
- subscribe to any of our marketing materials; and
- participate in contests sponsored by us.
We may automatically collect certain information when you use our online technology. Such information includes:
- Internet Protocol (“IP”) Address: An address provided by your internet service provider (“ISP”) to connect you to the internet and enable delivery of your online requests.
- Cookie Identifier: A cookie (data file) with a unique identifier that we set from our webpage “tribalfusion.com”.
- User Agent: Software such as a web browser that acts on your behalf and enables your interaction with web content.
- Clickstream Data: Information about your interaction with a webpage (e.g., time and date you visited the page; webpage address; title of ad shown; topics (such as “beach” or “Caribbean”) that we interpret (as “summer vacation”) from the page.
- Viewed Content Data: Information related to video content viewed on an internet-connected TV (“Connected TV”).
Other information that may be collected include: browser session location, ISP, pages that you visit before, during, and after using our Site, links you click, how you use our online technology, and information from any associated devices used to interact with our online technology.
Our Partners receive your information when you visit or use their services or through third parties they work with. We require our Partners to have lawful rights to collect, use, and share your information before we receive any of your information. A list of Partners who provide us data is available on our Partnerships & Accreditations page.
We may also use analytics vendors such as Google Analytics to allow tracking technologies and remarketing services through the use of first- and third-party cookies to analyze and track users’ use of this Site, determine the popularity of certain content, and better understand online activity. We do not transfer your information to these analytics vendors.
However, by accessing this Site, you consent to the collection and use of your information by these analytics vendors. We encourage you to review these vendors’ privacy policies. If you do not want your information to be collected and used by these analytics vendors, contact the responsible analytics vendor directly or use the NAI Opt-Out Tool, DAA Opt-Out Tool, or DAAC Opt-Out Tool.
Other Third Party (Non-Partner) Websites
Our Site may also contain links to third party (non-Partner) websites, including ads and external services, that are not affiliated with us. We do not share your information with such parties and are not responsible for the content or privacy and security practices and policies of any such third party (non-Partner). For more information about opting-out of interest-based ads, contact the responsible third-party (non-Partner) or use the NAI Opt-Out Tool, DAA Opt-Out Tool, or DAAC Opt-Out Tool.
We and our Partners may use web beacons, tags, advertising identifiers, and similar technology (collectively, “cookies”) in relation to your use of this Site and the provision of our services. Such cookies may contain unique identifiers and reside on your web-connected device(s), in emails we send you, and on our Site. Cookies may transmit information about you and your use of this Site, such as your browser type, search preferences, IP address, data relating to ads displayed to you or ads that you have interacted with, and the date and time of your use. Cookies may be persistent or stored only during an individual web browsing session.
- Legal obligations: We may share your information as permitted or required by any applicable law, rule, or regulation if we believe your information is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect our rights or the rights of others.
- Provide measurement, analytics, and other business or commercial services: We use the information we collect about you to help our Partners measure the effectiveness and distribution of their ads and digital content, and understand the consumers who use their services, including how people interact with their websites and services.
- Troubleshoot problems to increase the efficiency and operation of this Site: We monitor and analyze usage and trends internally to improve your experience with this Site.
- Communicate with you: We use your information to respond to you when you contact us.
If you do not want our cookie on your device, please visit our opt out page. If you reject our cookie, you may still use our Site, but your ability to use some features or areas of our Site may be limited.
If you do not want targeted advertising cookies from us or similar companies, please use one of the opt-out mechanisms provided by NAI, DAA, or DAAC. If you do not want any cookies on your device, you can change your browser or device settings to reject cookies or visit About Cookies.
To opt out of sharing your Viewed Content Data from your Connected TV, please consult the manufacturer’s device information.
THIRD PARTIES AND CATEGORIES OF INFORMATION
The categories of third parties that may receive your information include:
- Partners: We may share your information with our Partners for the purpose of conducting general business analysis. We may also share your information with our Partners for marketing purposes, as permitted by law. We adhere to the DAA Self-Regulatory Principles for Online Behavioral Advertising and the DAAC Self-Regulatory Principles for Online Behavioural Advertising. Partners may be able to associate the information we share with other information they have about you from other sources. We do not have full access to or control over the cookies our Partners use, but you may be able to opt out of some of their practices by contacting the responsible Partner or via the NAI Opt-Out Tool, DAA Opt-Out Tool, or DAAC Opt-Out Tool.
Please note that even after you withdraw your consent, we may, to the extent required or permitted by law, continue to process your personal information.
The categories of information received from third parties include:
- Aggregated and Deidentified Information: We receive and share aggregated and deidentified information with third parties in connection with advertising programs and data analytics. For example, we may provide our Partners with the number of users who have been exposed to or interacted with certain ads.
- NAI Health-Related Targeting Segment Notice: As an NAI member, VDX.tv is required to fully and publicly disclose health-related audience segments for tailored advertising and provide a representative sample of custom audience segments used for the same purposes. VDX.tv does not receive, use, or transmit personally identifiable health information but does use aggregated and deidentified data to help determine health-related audience segments (i.e., wellness, beauty, fitness, etc.). A representative sample of health-related audience segments for advertiser targeting (i.e., inferred from user interaction with related ads or sites) is available on our NAI Healthcare Targeting Segment Declaration page at https://vdx.tv/nai-health-targeting-segment-declaration/..
- Business Transfers: We may share information from or about you with companies under common control with us and require those companies to also honor this Policy. If another company acquires us, or all or substantially all of our assets, such company will possess the same information.
- Investigations and Legal Disclosures: We may investigate and disclose your information if we have a good faith belief that such investigation or disclosure: (i) is reasonably necessary to comply with legal, regulatory or law enforcement processes, such as a search warrant, subpoena, statute, judicial proceeding, or other legal or regulatory process or law enforcement request; (ii) is helpful to identify, investigate, or prevent possible wrongdoing related to our Site or Partners; or (iii) is necessary to protect our rights or the rights of others.
- Links: The Site may link to the websites of third party (non-Partners) that we are not affiliated with. We do not share your information with third party (non-Partners) and are not responsible for their privacy practices.
You can request removal of your information by contacting us as outlined in Section 7 (Contact Information) below. We may retain your information as necessary for the purpose(s) for which we collected it and in accordance with our legal and regulatory obligations and legitimate business interests. We may also maintain residual copies of your information in our backup systems as required by law.
Our Site and services are not intended for children. We do not knowingly collect, maintain, or sell the personal information of children under the age of sixteen (16). If you are under the age of sixteen (16), please do not access our Site or use our services. If we learn that we have inadvertently collected personal information of children under the age of sixteen (16), we will delete such information unless otherwise required by applicable law, regulation, or rule.
We use commercially reasonable administrative, technical, and physical security measures to safeguard your information. Despite our efforts, please note that any information disclosed online is vulnerable to interception and misuse by unauthorized parties. As such, we cannot absolutely guarantee total security of your information.
Please contact us with any questions or concerns about this Policy using the information below:
United States Address
Exponential Interactive, Inc. d/b/a VDX.tv
Attn: Legal Department
5858 Horton Street, Suite 300
Emeryville, CA 94608
United Kingdom Address
Exponential Interactive, Inc. d/b/a VDX.tv
Attn: Data Protection Officer
30 Stamford Street London, SE19LQ
To protect the security of your information, we will take steps as we deem necessary to confirm your identity or the identity of your authorized agent before completing a request or sharing any personal information with you or your authorized agent.
CHANGES TO THIS POLICY
We reserve the right to update this Policy at any time and for any reason. Any changes or modifications will be effective as of the “Effective Date” at the top of this Policy. We will notify you about any changes to this Policy by updating the “Last updated” date at the top of this Policy. In some cases, we may also notify you of updates by adding a statement to our Site homepage or via email.
We encourage you to review this Policy from time to time to stay informed about our privacy practices and your options. By continuing to access or use this Site after those updates become effective, you agree to the terms of the then-current Policy.
CALIFORNIA PRIVACY RIGHTS
Under the California Consumer Privacy Act of 2018, as amended (“CCPA”), California residents and households have certain rights around the collection, use, and sharing of their personal information.
Disclosure or Sale of Personal Information
We have not disclosed or sold any personal information to third parties for any business or commercial purpose in the preceding twelve (12) months, except as otherwise noted in this section below. We do not and will not disclose or sell your personal information without giving you notice and an opportunity to opt out of such disclosure or sale as required by law.
We do not offer financial incentives associated with our collection, use, or disclosure of your personal information.
We collect various categories of personal information when you use this Site or our Partner sites, including identifiers, commercial information, internet or other electronic network or device activity, geolocation data, and professional information. A detailed description of the information we collect and how we use it is provided in Section 1 (Information We Collect and How We Use It) above. Section 3 (Third Parties and Categories of Information) above describes the categories of third parties with whom we share personal information, and what information may be shared and under what circumstances.
Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
A real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law
Age (forty (40) years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
D. Commercial information
Records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
F. Internet or other similar network activity
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
G. Geolocation data
Physical location or movements.
H. Sensory data
Audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment-related information
Current or past job history or performance evaluations.
J. Non-public education information (Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99))
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
K. Inferences drawn from other personal information
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Under the CCPA, personal information does not include:
- Publicly available information from government records;
- Deidentified or aggregated consumer information;
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996, and the California Confidentiality of Medical Information Act, or clinical trial data; or
- Sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994.
We receive the categories of personal information listed in the chart above from the following sources:
- Directly from you;
- Partners or their agents (e.g., information that our Partners give to us related to the services for which they engage us); and
- Directly and indirectly from activity on our Site (e.g., usage details collected automatically).
Use of Personal Information
We may use or disclose the personal information we collect for some or more of the following business purposes:
- To fulfill or meet the reason for which such personal information is provided;
- To provide you with information, products, or services that you request from us;
- To improve our Site and its contents to you;
- For testing, research, analysis, and product development;
- As necessary or appropriate to protect our rights or the rights of others;
- To respond to law enforcement requests and as required by applicable law, regulation, rule, or court order;
- As otherwise set forth in the CCPA; or
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collect for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information to a third party (i.e., our Partners) for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to keep that personal information confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months, we have disclosed the following categories of personal information (listed above) for a business purpose:
- Category A: Identifiers;
- Category B: California Customer Records;
- Category C: Protected classification characteristics under California or federal law;
- Category D: Commercial information;
- Category F: Internet or other similar network activity;
- Category G: Geolocation data;
- Category I: Professional or employment-related information; or
- Category K: Inferences drawn from other personal information.
We disclose your personal information for a business or commercial purpose to the following categories of our Partners:
- Service providers; and
- Third parties to whom you or your agents authorize us to disclose your information in connection with our products or services.
Your Rights Under CCPA
If you are a California resident or household, you have the following rights:
Information About and Access to Your Personal Information
You have the right to request the following information for the twelve (12) months immediately preceding the date you submit your request to us:
- Categories of information we collect about you (e.g., identifiers such as your name, Social Security number, IP address, email address, postal address, commercial information such as purchasing histories, geolocation data, biometric information, internet activity such as web browsing histories, and professional or employment-related information);
- Sources from which we collected your information (e.g., cookies, pixels, web beacons, marketing companies, or recruiters);
- Categories of your information sold to third parties;
- Categories of your information disclosed for business purposes;
- Categories of third parties to whom your information was sold or disclosed (e.g., advertising partners, affiliates, social media websites, or service providers);
- Business or commercial purposes for which your information was collected or sold (e.g., fraud prevention, marketing, improving customer experience); and
- Specific pieces of information collected about you.
The CCPA also requires that if you request access to your information, we provide you with responsive materials in a readily usable format that allows you to transmit your information from one (1) entity to another without hindrance.
Deletion of Your Personal Information
The CCPA generally permits you to request that we and our direct service providers (i.e., Partners) delete your personal information. However, we are not required to delete your personal information for any of the following reasons:
- if we need your information to complete the transaction for which it was collected;
- to comply with a legal obligation;
- to comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.), as amended;
- to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- to identify and repair errors that impair existing and intended functionality; or
- to make other internal and lawful uses of your information that are compatible with the context in which you provided it.
Once we receive and confirm your request, we will delete (and direct our Partners to delete) your information from our records, unless otherwise permitted or required by applicable law or regulation.
Opting Out of the Sale of Your Information
Under the CCPA, you may opt out of the sale of your personal information to third parties. To help you exercise this right, a DAA “CA Do Not Sell My Info” link is available on our homepage. Clicking on the link will allow you to opt out of the sale of your personal information, including its use for interest-based advertising, across all companies participating in the DAA’s mechanism.
We will not discriminate against you for exercising any of your CCPA rights. We will not:
- Deny you services;
- Charge you different prices or rates for services by granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of services; or
- Suggest that you may receive a different price or rate for services or a different level or quality of services.
Who May Exercise Your CCPA Rights
Only you or a person registered with the California Secretary of State who you authorize to act on your behalf, may make a verifiable consumer request related to your information.
Verifying Consumer Requests
We may deny the request if we cannot verify your identity or your authority to make the request or confirm that the requested personal information relates to you.
A verifiable consumer request must: (i) provide sufficient information that allows us to reasonably verify that you are in fact the California resident or household about whom we collected personal information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. You do not need to create an account with us to submit a verifiable consumer request – simply contact us as outlined in Section 7 (Contact Information) above. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing, Format, and Fees
We will respond to a verifiable consumer request within forty-five (45) days of its receipt or as permitted by law. If we require more time (up to ninety (90) days), we will inform you in writing (email permitted) of the reason(s) and extension period in writing.
Any disclosures we provide will only cover the twelve (12)-month period immediately preceding our receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We will not charge a fee to process or respond to your verifiable consumer request unless it is excessive. If we reasonably determine that the request requires a fee, we will tell you why we made that decision and give you a cost estimate in writing before completing your request.
How to Submit Requests
Submit your requests to the information listed in Section 7 (Contact Information) above.
Shine The Light Law
Separate from the CCPA, California Civil Code Section 1798.83, as amended, also known as the “Shine The Light” law gives California residents the right to request and obtain what personal information we share with third parties for those third parties’ direct marketing purposes. We do not disclose your personal information to third parties for such third parties to directly market their services to you. If you have any questions about our Shine The Light Law practices, please contact us as outlined in Section 7 (Contact Information) above.
Do Not Track
California law requires us to tell you how we respond to web browser Do Not Track (“DNT”) signals. DNT allows users a way to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. We do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
EUROPEAN PRIVACY RIGHTS
This Section 10 applies to European Residents only. A “European Resident” is a resident of a country in the European Economic Area (“EEA”).
The GDPR describes situations in which companies are permitted to collect or reuse your personal information.
Our legal basis for collecting and using your information depends on the specific information at issue and the corresponding circumstances of collecting such information. We collect your personal information only with your consent or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. We may also have legal obligations to collect your information or may otherwise need your information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement, we will specify the legal requirement and the information we require. If we collect and use your information in reliance on our legitimate interests (or those of any third party), our legitimate interests will generally involve operating and improving this Site, communicating with you, marketing purposes, or detecting or preventing fraud. For more information about GDPR, please visit the EU’s “Data protection and online privacy” page. If you have questions about our compliance with GDPR, please contact us as outlined in Section 7 (Contact Information) above.
INTERNATIONAL DATA TRANSFER: PRIVACY SHIELD CERTIFICATION
We are committed to subjecting all personal information received from the EEA and United Kingdom (“Privacy Shield Covered Data”), respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability, including supplemental principles described in each Privacy Shield Framework (collectively, the “Privacy Shield Principles”).
We have certified to the U.S. Department of Commerce that we adhere to the Privacy Shield Principles. To learn more about the Privacy Shield Framework and to view our certification, please visit the U.S. Department of Commerce’s Privacy Shield List. If there is any conflict between the terms of the Privacy Shield Principles and this Policy, the terms of the Privacy Shield Principles will govern.
Under the Privacy Shield Framework, we collect, use, and disclose Privacy Shield Covered Data for the purposes described in this Policy. Additionally, the Privacy Shield Framework enables you to ask us if we process personal information about you, request access to your information, and ask that we correct, amend, or delete your information where such information is inaccurate or processed in violation of the Privacy Shield Principles. We are responsible for the processing of personal information under each Privacy Shield Framework, and subsequent transfers to a third party acting as an agent on its behalf. The Privacy Shield requires that we remain liable if a third party processes your information in a manner inconsistent with the Privacy Shield Principles.
With respect to Privacy Shield Covered Data received or transferred pursuant to the Privacy Shield Framework, we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”). We may be required to disclose personal information in response to lawful requests by the FTC or similar public authorities to meet national security or law enforcement requirements. You may, after exhausting other dispute resolution procedures and subject to certain conditions, request free binding arbitration from JAMS (a dispute resolution provider) by visiting the Privacy Shield Arbitration page. If your request remains unresolved, you may contact the national data protection authority for your EU Member State.
If you reside in the European Union, your personal information may be processed outside of EEA. We take all necessary steps to ensure that your information is adequately protected and processed in accordance with this Policy, including: only transferring data to countries approved by the European Commission; only transferring data to U.S.-based providers who utilize the EU-U.S. Privacy Shield – which requires similar protection to personal information shared between Europe and the U.S.; and using (where applicable) the European Commission’s Standard Contractual Clauses – European Commission-approved contracts that offer personal information the same protection under European law.