Last updated: April 30, 2020
Exposebox Ltd. (collectively with its affiliates and subsidiaries shall be referred to as “Exposebox”, “we”, “us”, or “our”) is committed to protect your privacy. Protecting privacy is a core value of Exposebox, and we take precautions to ensure the protection of your Personal Data (as defined below) as well as to comply with applicable privacy and data protection legislation.
When we use the term Services, we may refer to one or more of the following platforms and services provided by us:
- Marketing and Managing & services: plug-in, extension, SDK or similar technologies embedded in the Clients designated pages or app, as applicable, in order to customize and improve the marketing of such Client including customized and general banner, marketing segmentation and optimization, analytic services and dashboards; or
- Smart Direct Marketing: composing and sending an email or text message to the users of our Clients; or
- Ad Bidding and Serving management and related services.
In the event you are a California resident and the CCPA apply to you – please review our CCPA Privacy Notice, in order to be provided with the information you are entitled to under the CCPA.
- We act as a Processor of the Personal Data we process in order to provide the Services to our Clients, as defined under the GDPR. As a Processor we are not responsible to collect directly form you, your explicit consent for processing your Personal Data. Your consent, if you choose to provide it and in the event required under applicable laws, shall be collected by our Clients and the Clients shall have the sole responsibility to collect such consents and provide us with any information relating to the change in the status of the consent.
- We have included below information about which Personal Data is being processed and how we process and use your Personal Data, but before we would like to explain the lawful basis on which we do so: (1) when you access our Client’s website or application we may collect certain online identifiers which we have a legitimate interest in processing (for example for security purposes and fraud detection), some of this data is processed by our third party partners; (2) we may process Personal Data subject to your consent provided to us by our Clients for the preform our contract with them; or (3) where there is a legal obligation imposed on us or to protect our legal rights.
- Children (as defined under applicable law) are not permitted to use the Services or provide us with any Personal Data. It is our Clients sole responsible to ensure that no personal data of children is being transferred to us.
- You may be entitled under applicable law to request to have access, amend, erase or restrict the processing of your Personal Data. In addition execution of certain of your rights shall be subject to the approval or receipt of additional information from our Client.
- We will share Personal Data with third parties in connection with the provision of the Services, or other limited circumstances as specified herein.
We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent version of the Policy will always be posted on our website. The updated date of the Policy will be reflected in the “Last updated” heading. In the event of material amendments, that will substantially affect our privacy practices or your rights, we will make best efforts to provide an applicable notification. Any amendments to the Policy will become effective immediately upon the display of the modified Policy. We recommend you to review this Policy periodically to ensure that you understand our most updated privacy practices.
Note to California Residents: Notwithstanding the above, this Policy will be reviewed and updated every 12 months, as required under the CCPA.
TYPES OF DATA WE COLLECT
During your interaction with our Client’s website or app, we will process aggregated, non-personal non-identifiable information which may be made available or provided to us by our Clients (“Non-Personal Data“). We are not aware of the identity of the user from which the Non-Personal Data is collected. The Non-Personal Data which is being collected may include your aggregated usage information and technical information transferred to us by our clients.
We may also process individually identifiable information, namely information that identifies an individual or may with reasonable effort be used to identify an individual (“Personal Data” or “Personal Information”). The types of Personal Data that we process, as well as the purpose for processing such data, are specified in the table below.
|Type of Data||Purpose of Processing||Lawful Basis under the GDPR|
|Online Identifiers & Technical Data Certain types of online identifiers will be processed by us or by our service providers when you interact with our Client’s website or app using our Services such as IP address, Advertising ID, IDFA. We will also process usage information such as your user agent, clickstream, actions and directing URLs.
When you are browsing our Client’s website or application, we will generate a unique ID, such as cookie ID, to each of the Client’s users in order to provide the Clients with our Services.
In addition, we will process technical Non-Personal Data, such as type of operating system, type of browser, language preference, access time and date, type of device, internet service provider, Nav type, screen and browser dimensions, browsing history, approximate geographical location, etc.
|We will process this information to provide our Services to our Clients and subject to the restrictions and obligations of our contract with such Client||Performance of our contract with our Clients.
Necessity of processing for the purposes of our legitimate interests. Where required under applicable law, our Clients are responsible to obtain your consent
|Contact Information In Order to provide some of our Services, we may process your contact information that you have provided to our Clients. Such information may include your e-mail address, name and phone number.
|We will process this information to provide our Services to our Clients and subject to the restrictions and obligations of our contract with such Client.||Performance of our contract with our Clients. Our Clients are responsible to obtain your consent as required under applicable legislation before sharing your Contact information with us and using it within our Services|
|Commercial Information When you browse our Client’s website or application we collect certain commercial information which includes the products and services purchased and shopping history.||We will process this information to provide our Services to our Clients and subject to the restrictions and obligations of our contract with such Client.||Performance of our contract with our Clients. Where required under applicable law, our Clients are responsible to obtain your consent|
Please note that we may process different categories of your Personal Data and Non-Personal Data, depending on the nature of your interaction with our Services, as detailed above. If we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal Data or for as long as it remains combined.
COOKIES AND SIMILAR TECHNOLOGIES
Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. By following the instructions of your device preferences, and by adjusting the privacy and security settings of your web browser, you may remove cookies, however, if you block or erase cookies some features of the Services may not operate properly and your online experience may be limited.
Please refer to the support page of the browser you are using.
Other tracking Technologies options to opt-out:
Android – https://support.google.com/ads/answer/2662922 or
You can opt-out from tracking and our unique cookie identifiers by clicking here and we will take all necessary measures to ensure that no tracking is being applied. However, please note that: 1. We need to set an anonymous “opt-out” cookie to indicate your decision not to be tracked; 2. Your opt-out will remain in effect only as long as this cookie is present in your browser and accessible to us. 3. Cookies are browser and device-specific – opting out of tracking on this browser and device does not affect your settings on a secondary device and/or browser.
You may also contact us at email@example.com, and we will make efforts to assist.
WITH WHOM WE SHARE INFORMATION
We will not share any of your Personal Data with third parties or any of our partners except in the following events:
(i) Clients. As the Clients are the controller and owner of the Personal Data we may disclose to the applicable Client all the Personal Data processed and collected by us including any derived Personal Data created by performing our Services.
(ii) Compelled Disclosures. We will share your information, solely to the extent needed to comply with any applicable law or permitted by it, regulation, legal process or governmental request (e.g., pursuant to law enforcement inquiries, subpoenas or court orders), or when we believe, in good faith, it is required in order to enforce our policies (including our policies and agreements) including investigations of potential violations thereof or to detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues. In addition, we will share your information, solely to the extent needed to establish or exercise our rights to defend against legal claims or to prevent harm to the rights, property or safety of us, our users, yourself or any third party or for the purpose of collaborating with law enforcement agencies or in case we find it necessary in order to enforce intellectual property or other legal rights.
(iv) Business Transfers. We may share Personal Data, in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy.
We may share aggregate or Non-Personal Data with our Clients, affiliated companies and additional third parties in accordance with the terms of this Policy. We may store any type of information on our servers or our cloud servers, use or share aggregate or Non-Personal Data in any of the above circumstances, as well as for the purpose of providing and improving our Services, aggregate statistics, marketing and conduct business and marketing analysis, and to enhance your experience.
You may have certain rights in relation to the Personal Information processed by us. These may include the right to request access to the data we hold about you, or to obtain a copy of the Personal Information in a machine-readable format, to request that it is erased or that any inaccurate Personal Information is rectified. You may also have the right to ask us to restrict how we process your Personal Information or to withdraw your consent to how we process your Personal Information. Please contact firstname.lastname@example.org if you would like to make a request. For more information regarding individuals’ rights under the applicable Data Protection Law, please review our Data Subject Rights Overview.
As we are not the controller of the information we may not be able to execute your request and may need the approval of our Client which is the controller of such Personal Information. In addition, it is the sole responsibility of the Client to provide us with any request to exercise your rights submitted to it with regards to the processing of Personal Information performed by us.
You also have the right to complain about the use of your personal data to the supervisory authority of your habitual residence or place of work.
We retain the information we process solely for as long as required to fulfil the purposes of providing our Services for our Clients The period for which we will retain your Personal Information will vary depending on the purposes it was collected for, as well as the requirements of any applicable law or regulation or contract between us and our Clients.
HOW WE PROTECT DATA
We may store or process your Personal Data in Israel, the United States or in other countries. If you are a resident of the European Economic Area (“EEA“) we will take appropriate measures to ensure that your Personal Data receives an adequate level of data protection upon its transfer outside of the EEA. If you are a resident of a jurisdiction where transfer of your Personal Data requires your consent, then your consent to this Policy includes your express consent for such transfer of your data.
Our Services are not directed nor is it intended for use by children under the age of 16 and we do not knowingly process a children’s information. We will discard any information that we receive from a Client with regards to its users that is considered a “child” immediately upon our discovery that such a Client shared information with us. Please contact us at email@example.com if you have reason to believe that a child has shared any information with us. It is our Clients sole responsibility to ensure that no personal data of children is being transferred to us.
DO NOT TRACK DISCLOSURE
The Service does not respond to Do Not Track signals. For more information about Do Not Track signals, please see http://www.allaboutdnt.com/.
If you have any questions or comments about this Policy, or any concerns with respect to how your privacy any information are handled, please contact us at:
121 Begin Rd., Tel Aviv, Israel