Effective July 21, 2020
Lytics, Inc. (“Lytics”) is committed to respecting your privacy, protecting your personal information, and being transparent about its treatment of your personal information.
California residents using this Site should be sure to read the information below under Additional Information for California residents.
Site users from the European Union should be sure to read the information provided below under Additional Information for European Union Users.
By visiting this website, you are accepting and consenting to the practices described in this policy.
Data Controller and DPO
With regard to personal information submitted to our Sites, the data controller is Lytics, Inc., 811 SW 6th Ave, Suite 1000 Portland, OR 97204 USA . Lytic’s data protection officer may be contacted using the contact information provided below.
What does Lytics do?
Lytics provides customer data, analytics, and marketing intelligence solutions (collectively referred to as the “Service”) to our customer (“Clients”) via a software as a service platform. The Service is designed to help our Clients’ marketing communications and campaigns be more useful and relevant to their respective consumers by showing them content and messages that best address their specific interests and needs.
To do this, when people interact with our Clients websites, applications or campaigns (collectively “Client Services”) and related third-party applications, we may collect some of their personal data on behalf of our clients (“Client User Data”). Our platform uses that data, as well as other data described below, to help Clients deliver marketing communications that are more relevant. Client User Data may include information about the identity of Client Users (such as name, postal address, email address, IP address and phone number), as well as information about the content that users interact with, including web pages they visit and features they use and the actions that they take while using the Client Services.
Personal Information We Collect
In the course of operating the Sites, we may collect the following types of information (collectively, the “Information”).
Information you give us
Personal information you may provide through the Sites or otherwise communicate with us:
- Identity information, such as your first name, last name, user name or similar identifier, title, date of birth and gender;
- Contact information, such as your postal address, email address and telephone number;
- Profile information, such as your username and password, interests, preferences, feedback and survey responses;
- Feedback and correspondence, such as information you provide in survey responses, when you participate in market research, report a problem, receive customer support or otherwise correspond with us;
- Transaction information, such as your credit card or other payment and billing details;
- Usage information, such as information about how you use the Service and interact with us; and
- Marketing information, such as your preferences for receiving marketing communications and details about how you engage with them.
Information we collect
Apps, browsers and devices
Our servers may automatically record certain information about how you use our Sites (we refer to this information as “Activity Data“), including both Clients and casual visitors.
Activity Data may include information such as a user’s Internet Protocol (IP) address, device and browser type, operating system, the pages or features of our Site to which a user browsed and the time spent on those pages or features, the frequency with which the Site is used by a user, search terms, the links on our Site that a user clicked on or used, and other statistics. We use this information to administer the Service and we analyze (and may engage third parties to analyze) this information to improve and enhance the Service by expanding its features and functionality and tailoring it to our users’ needs and preferences.
Sensitive personal information
Subject to the following paragraph, we ask that you not send or disclose to us any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or union membership) on or through the Service or otherwise.
Information we get from others
We may obtain additional information about you from third party sources to enrich your experience on the Sites and provide you with more relevant information related to our service offerings.
Changes to your personal information
It is important that the personal information we hold about you is accurate and current. Please let us know if your personal information changes during your relationship with us by updating your registration profile or emailing us at email@example.com.
How We Use Your Personal Information
To provide the Service
If you have a Lytics account, we use your personal information:
- To operate, maintain, administer and improve the Service;
- To manage and communicate with you regarding your Service account, if you have one, including by sending you Service announcements, technical notices, updates, security alerts, and support and administrative messages;
- To process payments you make through the Service;
- To better understand your needs and interests, and personalize your experience with the Service; and
- To respond to your Service-related requests, questions and feedback.
To communicate with you
If you request information from us, register for the Service or participate in our surveys, promotions or events, we may send you Lytics-related marketing communications if permitted by law, but will provide you with the ability to opt out.
To comply with law
We use your personal information, as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
With your consent
We may use or share your personal information with your consent, such as when you consent to let us post your testimonials or endorsements on our Site, you instruct us to take a specific action with respect to your personal information or you opt into third party marketing communications.
To create anonymous data for analytics
We may create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by excluding information that makes the data personally identifiable to you, and use that anonymous data for our lawful business purposes.
For compliance, fraud prevention and safety
We use your personal information as we believe necessary or appropriate to (a) enforce the terms and conditions that govern the Service; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
How We Share your Personal Information
- Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
- Compliance with Laws and Law Enforcement; Protection and Safety. Lytics may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern the Service; (d) protect our rights, privacy, safety or property, and/or that of you or others; and (e) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
Access, Update, Correct or Delete Your Information All Lytics account holders may review, update, correct or delete the personal information in their registration profile by logging into their account. Lytics account holders may also contact us at firstname.lastname@example.org to accomplish the foregoing or if you have additional requests or questions.
Access to Data Controlled by our Clients
Lytics has no direct relationship with the individuals whose personal information is contained within the Client User Data processed by our Service. An individual who seeks access, or who seeks to correct, amend, or delete personal information provided by our Clients should direct their request to the Client. You may also contact us at email@example.com if you have additional questions or concerns.
You may opt out of marketing-related emails by logging in and changing your account settings or by clicking on a link at the bottom of each such email. You may continue to receive Service-related and other non-marketing emails.
If you gave us consent to post a testimonial to our site, but wish to update or delete it, please contact us.
Tracking and Targeted Advertising
Choosing not to share your personal information
Where we need to collect your personal information by law, or to be able to provide the Service to you and you do not provide that information when requested (or you later ask to delete it), we may not be able to provide you with the Service and may need to close your account. We will tell you what information you must provide to receive the Service by designating it as required in the Service or through other appropriate means.
The security of your personal information is important to us. We take a number of organizational, technical and physical measures designed to protect the personal information we collect, both during transmission and once we receive it. However, no security safeguards are 100% secure and we cannot guarantee the security of your information.
Lytics is headquartered in the United States and has affiliates and service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction. European Union users should read the important information provided further below under Cross Border Transfer Section about transfer of personal information outside of the European Economic Area.
Other Sites and Services
The Service may contain links to other websites and services. These links are not an endorsement, authorization or representation that we are affiliated with that third party. We do not exercise control over third-party websites or services, and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.
Social Media Widgets
User Generated Content
We may make available on our Site, or link to, features that allow you to share information online (e.g., on message boards, in chat areas, in file uploads, through events, etc.). Please be aware that whenever you voluntarily disclose personal information online, that information becomes public and can be collected and used by others. We have no control over, and take no responsibility for, the use; storage or dissemination of such publicly disclosed personal information. By posting personal information online in public forums, you may receive unsolicited messages from other parties.
Lytics does not knowingly acquire or receive personal information from children under 13. If we later learn that any user of our Service is under the age of 13, we will take appropriate steps to remove that user’s information from our account database and will restrict that individual from future access to the Service.
How to Contact Us
Thank you for reading our Policy. If you have any questions about this Policy, please contact our Data Protection Officer by emailing firstname.lastname@example.org, or by writing to us at the following address: Lytics, Inc. 811 SW 6th Ave Suite 1000 Portland, OR 97204, USA Attention: Data Protection Officer.
Additional Information for California Residents
1. Information We Collect
Our website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information“). In particular, our website has collected data within the following categories of personal information from its consumers within the last twelve (12) months:
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, physical characteristics or description, address, telephone number, education, employment, and employment history.Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||NO|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||YES|
|G. Geolocation data||Physical location or movements.||NO|
|H. Sensory data.||Audio information.||YES|
|I. Professional or employment-related information.||Current or past job history.||YES|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf.||NO|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||YES|
Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope, like certain health or medical information and other categories of information protected by different laws.
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete.
- Indirectly from you. For example, from observing your actions on our website.
2. Use of Personal Information
3. Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. We share your personal information with the following category of third parties: Service providers.
4. Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Please note that during 2020 under a “business to business” exception, access, portability, and deletion rights will not apply to personal information reflecting a written or verbal communication or a transaction between Lytics and you, if you are a natural person who is acting as an employee, owner, director, officer, or contractor of a company, partnership, sole proprietorship, nonprofit, or government agency and whose communications or transaction with Lytics occur solely within the context of the your business conducting due diligence regarding, or providing or receiving a product or service to or from Lytics.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of personal information we’ve collected about you.
- The categories of sources for the personal information we’ve collected about you. Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we’ve collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: – sales, identifying the personal information categories that each category of recipient purchased; and – disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we’ve collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
We will deliver our written response electronically.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales
We will not sell your personal information to any party as the word sell or sale is used in the context of the CCPA.
We will not discriminate against you (or your employer) for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
6. Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not share or sell information to third parties for their direct marketing purposes.
Additional Information for European Union Users
Controller and Data Protection Officer
Lytics, Inc. is the controller of your personal information for purposes of European data protection legislation. Our Data Protection Officer can be reached at email@example.com. See the “Questions” section above for additional contact details.
Legal bases for processing
We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described in the table below. If you have questions about the legal basis of how we process your personal information, contact us at firstname.lastname@example.org.
|Processing Purpose||Legal Basis|
|To provide the Service||Processing is necessary to perform the contract governing our provision of the Service or to take steps that you request prior to signing up for the Service|
|To maintain and improve the Service||Processing is necessary to ensure that our Service is working as intended and to make improvements to the Service|
|Provide personalized services, including content and ads||Processing is necessary to customize our services for you, including providing recommendations and personalized content|
|Develop new services||Processing is necessary to help us develop new services|
|To communicate with you To measure performance with anonymous data for analytics For compliance, fraud prevention and safety||These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).|
|To comply with law||Processing is necessary to comply with our legal obligations|
|With your consent||Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated in the Service or by contacting us at email@example.com|
Use for new purposes
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including contact, identity, financial and transaction information) for six years after they cease being customers for tax purposes.
In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.
European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
- Opt-out. Stop sending you direct marketing communications. You may continue to receive Service-related and other non-marketing emails.
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You can submit these requests by email to firstname.lastname@example.org or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at email@example.com or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
Cross-Border Data Transfers and Privacy Shield Notice
Lytics participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Lytics is committed to subjecting all personal data received from European Economic Area (EEA) and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List.
Lytics is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Lytics complies with the Privacy Shield Principles for all onward transfers of personal data from the EEA and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Lytics is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
In certain situations, Lytics may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Lytics has further committed to refer unresolved privacy complaints under the Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.Under certain conditions, more fully described on the Privacy Shield website. You may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
For purposes of this Policy, the following definitions shall apply:
“Personal information” means any information or set of information that identifies or could be used by or on behalf of Lytics to identify an individual. Personal information does not include information that is anonymized or publicly available information that has not been combined with non-public personal information.
“Sensitive personal information” means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, views or activities, that concerns health or sex life, information about social security benefits, or information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings. In addition, Lytics will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.
Lytics is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Should a EU or Swiss individual be unable to resolve a complaint through the Council of Better Business Bureau’s complaint process, they may contact the FTC at the following address:
Federal Trade Commission Attn: Consumer Response Center 600 Pennsylvania Avenue NW Washington, DC 20580 www.ftc.gov