Privacy Policy




GUMGUM’S PRIVACY POLICY

LAST UPDATED: DECEMBER 23, 2019

OUR PRIVACY PHILOSOPHY

Thanks for visiting our website and using our services! GumGum is committed to providing you with meaningful information and making sure you know your rights when it comes to any information you share with us. We want you to know that we are a “Privacy Forward” company and we embrace protecting consumer privacy. Our goal is to be transparent about the data we and our partners collect and inform you about how your data is (or is not) used, so that you can exercise your right to control the use of your personal data.

 

 

ABOUT US & OUR PRIVACY POLICY

This Privacy Policy describes how GumGum collects, uses and shares personal information on its website and, if applicable, mobile devices. When we say “GumGum,” “we,” or “us” in this Privacy Policy, we mean the GumGum entity that acts as the controller or processor of your information, as explained in more detail in the “Identifying the Data Controller and Processor” section below. This Privacy Policy is also relevant for any European Economic Area (“EEA”) or California resident sharing his/her personal data directly or indirectly with GumGum and is provided in a layered format so you can click through to the specific areas set out below. Please also refer to the Glossary to understand the meaning of some of the terms used in this Privacy Policy.

 

 

DID YOU RECEIVE AN AD FROM US?

First, you’ll be happy to know that GumGum doesn’t know who you are! We don’t know your name, the names of your family or friends, yours or their phone number, home address, exact location - nothing! So, then you may be wondering how is it that you keep receiving ads that seem to be “targeting” you? Well, let us explain. GumGum serves advertisements contextually – meaning, we only use images and text to serve ads relevant to you based on your browsing habits. We have no idea who you are, only that you enjoy shopping for sneakers!

How do we do it? Well, everyone has heard of cookies. No; not the chocolate chip or peanut butter variety but the small text files sent by us to your computer or mobile device that enables GumGum features and functionalities that are unique to your account or your browser. To find out more about cookies, visit this site.

For advertising, cookies help GumGum to:

 

  • Understand your online behaviors as you go from one site to another so that we can show you more relevant ads (and not a bunch of ads that you don’t have any interest in);
  • Know if you have interacted with or viewed a particular ad; and/or
  • Synchronize audience data between advertising buyers and sellers. Basically, the cookies allow buyers and sellers to communicate about what you like. So, if you’ve frequented sneaker sites, a sneaker company can build a profile about you based on your computer or mobile device’s behavior. GumGum then uses the cookie to say to the buyer, “Hey buyer, this device is browsing a site and probably likes sneakers, do you want to buy that ad space for a sneaker ad?” The buyer will, in turn, either buy the space to serve you a sneaker ad or not. This process is called syncing and helps ads get served to you so that you can hopefully get a deal for those awesome sneakers!

 

As you see, we do not in any way collect any of your personal data or information. We really don’t want it. We just want to keep serving ads to you based on things you’re already shopping for!

 

 

TYPES OF DATA WE COLLECT AND HOW WE USE IT

Did we mention we are transparent? The table below explains exactly what kind of data we collect. We use the data to:

 

  • Identify you when you visit our websites or access our platforms
  • Perform under a contract
  • Provide the products and services you request
  • Improve our services and product offerings
  • Conduct statistical performance analysis
  • Respond to your inquiries related to support, employment opportunities, or other requests
  • Internal administrative purposes, as well as to manage our relationship with you

 

CATEGORY TYPES OF DATA AND PURPOSE FOR COLLECTION
Account Registration For clients, we may collect your name, company name, email, phone number, and contact information when you create an account (user ID, password, access level, etc.) or sign-up for our services.
Employment If you apply for a job posting or become an employee, we may collect personal information necessary to process your application. This may include your name, email, postal address, phone number, or your tax identification number.
Feedback & Support If you provide us feedback, require technical support or if you contact us for other assistance, we will collect your name and email address and possibly other personal information, as well as any other content you send to us in order to reply.
Financial Data To fulfill our obligations pursuant to our contract with you or your business, we may collect your bank account/payment detail in satisfaction of payment.
Mailing List When you sign up for one of our mailing lists, we may collect your email address and/or postal address.
Marketing & Communications We may collect information about (1) how you use our website, products and services, including testimonials, (2) your preferences in receiving marketing from us and our third parties and (3) your communication preferences.
Mobile Devices We may collect information from your mobile device, such as unique identifying information broadcast from your device or hardware and software specifications. We may also ask you if you would like to share your location information from your mobile device.
Sports MVC
(GumGum Sports only)
We collect and store public data that is collected, processed and shared in our platform, which is not deemed personal information and therefore excluded under certain privacy laws like CCPA.
Technical User Data We may collect your IP address, IP browser user agent and other browser information, such as browser location data received from GPS coordinates, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.
Third-Party Tracking We participate in behavior-based advertising. This means that a third party may use technology (e.g., a cookie) to collect information about your use of our website so that they can provide advertising about products and services tailored to your interests. That advertising may appear either on our websites or on other websites (e.g., social media platforms, search engines). You can opt-out of receiving behavior-based advertising by going to the Network Advertising Initiative and the Digital Advertising Alliance websites.

 

 

OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

For both our Advertising and Sports lines of business, we also collect, use and share aggregated data (e.g., statistical or demographic data). In Advertising, though this aggregated data may be derived from your personal information, it is not considered personal information under the law because this information does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. If, however, we happen to combine or connect aggregated data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information, which will be used strictly in accordance with this Privacy Policy.

In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources.
 

 

OPTING OUT

You can always ask us or third parties to stop sending you marketing message, even if you gave your consent previously. Just log into the website and check or uncheck relevant boxes to adjust your marketing preferencesm or you can click the opt-out links on any marketing message sent to you, or click here: Exercise Your Rights.

Opting out of receiving marketing messages does not apply to personal data provided to us as a result of a product/service purchase or experience or other transactions.
 

 

CHANGE OF PURPOSE

We will only use your personal information for the purposes it was collected, unless we reasonably determine that we need to use it for another purpose that is compatible with the original. If you want to know how the processing for the new purpose is compatible with the original purpose, please Contact Us.
 

 

PERSONAL INFORMATION WE DO NOT COLLECT

Special Categories. We do not collect any sensitive personal information about you, which includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric information.

Age Restrictions/Limitations. GumGum does not knowingly permit the use of our Services and Websites by anyone younger than 18 years old. If you learn that anyone younger than 18 has unlawfully provided us with personal data, please Contact Us and we will take immediate action to delete such information.
 

 

HOW WE COLLECT YOUR PERSONAL DATA

We use different methods to collect information from and about you, including:

Direct interactions. You (on behalf of a business or as an individual) may give us personal information by registering for one of our Service dashboards or platforms, completing online forms, or by corresponding with us by phone, email or otherwise. Examples of the types of Services or online correspondence you may provide such personal information may include:
 
  • Sign-up for our products or services;
  • Create an account on our website or platform;
  • Subscribe to our service or publications;
  • Request marketing materials be sent to you;
  • Enter a competition, promotion or survey; or
  • Give us feedback.

Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.
 

 

ABOUT COOKIES

You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see OUR COOKIE POLICY.
 

 

WHO DO WE SHARE YOUR PERSONAL DATA WITH?

Our website or platforms may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal information about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the Privacy Policy of every website you visit.

We may engage third parties as service providers or business partners to process other information and support our business or services that we provide pursuant to our obligations under a written agreement. These third parties may, for example, provide virtual computing and storage services.

We require all third parties with whom we work to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

Internal Third-Party Disclosures

 

  • Current and future corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control) are joint controllers or processors who provide technology and system administration services;
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets;
  • To the extent permitted by applicable law, in addition to our websites, applications and other digital channels, we may also obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms and other third parties; or
  • Alternatively, we may seek to acquire other businesses or merge with them.
External Third-Party Disclosures

 

  • Service providers acting as processors who provide technology, fraud prevention, and system administration support services.
  • Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • Regulators and other authorities acting as processors or joint controllers who require reporting of processing activities in certain circumstances.
  • Other disclosures with or without your Consent. We may disclose your personal information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your personal information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies.

 

DATA SECURITY

We have put in place appropriate technical and organizational security measures to prevent your personal information from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know and are subject to a duty of confidentiality. They will only process your personal information on our instructions.

We have procedures to deal with any suspected personal data breach. If we are required by law to tell you about any unauthorized access of your personal information, we may notify you in writing or by telephone. We will also notify any applicable regulator of a breach that we are legally required to. Unfortunately, no method of transmission over the Internet or method of electronic storage is fully secure so, we cannot guarantee the security of your personal information. But rest assured, we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure.

Some of our websites permit you to create an account, which requires you to create a password. You are responsible for maintaining the confidentiality of your password and for any access to or use of your account by someone else with your password, whether or not it has been authorized by you. You should notify us of any unauthorized use of your password or account.

 

HOW LONG WILL WE HOLD PERSONAL DATA?

We only keep your personal information for as long as we need it to fulfill business purposes while fulfilling our obligations pursuant to a contract, as permitted by law, and/or in satisfying any legal, accounting, or other regulatory reporting requirements.

When we decide how long to keep your personal information, we consider (1) the amount, nature and sensitivity of the personal information, (2) the potential risk of harm from unauthorized use or disclosure of your personal information, (3) the purposes of processing your personal information and whether we can achieve those purposes through other means, and (4) the applicable legal requirements – all with a commitment to make sure your rights are not any less protected regardless thereof.

 

INTERNATIONAL DATA TRANSFERS

If you are internationally located, including the European Union, we may share your personal information with other GumGum entities outside of your country, like the United States. Some of our external third parties are global and based outside of the EEA so their processing of your personal information may involve a transfer of data outside the EEA.

Whenever we transfer your personal information outside of the EEA, we make sure a similar degree of protection is afforded to you by ensuring at least one of the following safeguards is implemented:
 
  • Where we use certain service providers, we may use specific contracts approved by the European Commission that give personal information the same protection it has in Europe.
  • Where we use providers based in the U.S., we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal information shared between Europe and the U.S. or pursuant to the affirmation of participation under the EU Model Clauses.

 

 

EUROPEAN ECONOMIC AREA (EEA) RESIDENTS: YOUR LEGAL RIGHTS

If you are an EEA resident, you have the right to access, rectify, download, or erase your information, as well as the right to restrict and object to certain processing of your information. While some of these rights apply generally, certain rights apply only in certain limited circumstances. We describe these rights below:

 

Access

 

You can access your personal data by submitting a data subject access request. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You may also request to correct any incomplete or inaccurate personal data that we hold about you. However, we may need to verify the accuracy of the new data you provide to us.

Rectify/Restrict/Limit/Remove

 

You have the right to ask us to rectify, restrict, limit, or remove the processing of your personal data where (1) there is no good reason for us to continue processing it, (2) we may have processed information inaccurately, unlawfully or (3) we were required to erase for compliance with local law. Note that we may not always be able to comply with your request to erase for specific legal reasons, which will be notified to you at the time of your request.

 

You may also request the transfer of your personal data to a third party, in which we will provide your personal data in a structured, commonly used and machine-readable format. This right only applies to automated information that you previously consented for us to use and/or used to perform a contract with you.

Object/Withdraw

 

You may object to the processing of your personal data in certain circumstances when relying on a legitimate interest of yours or of a third party that you feel impedes on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which overrides your rights and freedoms.

You may also withdraw consent to processing your personal data at any time. This does affect the lawfulness of any processing we have done prior to your consent withdrawal, and we may not be able to provide certain products or services to you after your consent withdrawal. We will notify you if this is the case at the time of your consent withdrawal.

If you wish to exercise any of the rights set out above, please contact us at dataprivacy@gumgum.com.

No Charge/Fees (in most cases

 

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or we may refuse to comply with your request in these circumstances.

What We May Need from You

 

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any other right). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time Limit to Respond

 

We try to respond to all legitimate requests within thirty (30) days. Occasionally, however, it may take us longer to process your request if it is particularly complex and/or if you have made multiple requests. In this case, we will notify you and keep you updated on the status of your request(s).

Your Right to File a Complaint

 

If you are based in the European Union, you also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO)—the UK supervisory authority for data protection issues ICO UK. We would, however, appreciate the chance to address your concerns before you approach the ICO so, please contact us in the first instance.

Name of the Lead Supervisory Authority overseeing GumGum (Controller):

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Phone: +44 (0) 0303 123 1113
Email: casework@ico.org.uk

To contact GumGum with any questions or concerns, please contact us at:

UNITED KINGDOM

 

GumGum UK Limited
WeWork Building
138 Holborn
London, UK EC1N2SW, GB
Company Number: 09922859
Email: Global Compliance Officer
Phone: 1-310-260-9666

UNITED STATES OF AMERICA

 

GumGum, Inc.
Data Protection Officer
1314 7th Street, 4th Floor
Santa Monica, CA 90401
Email: Global Compliance Officer
Phone: 1-310-260-9666
 

 

CALIFORNIA RESIDENTS: CCPA DISCLOSURES

The CCPA requires businesses that are subject to this law to provide consumers who reside in California with certain rights with respect to their personal information.

As a California resident and within 45 days, GumGum will respond to your right to:

 

  1. Request a copy of the specific personal information collected about you during the 12 months before your request (a “personal information request”);
  2. Have such information deleted (with exceptions);
  3. Request that your personal information not be sold to third parties, if applicable; and
  4. Not to be discriminated against because you have exercised any of these rights.



Should you choose to exercise any of your rights above, CCPA allows consumers to make a personal information request no more than twice in a 12-month period and that business will need to collect information from the requesting party so that It can verify a Consumer’s identity. However, because GumGum collects very limited personal data that is further pseudo-anonymized, most times we will not be able to provide you with copies of specific personal information or delete same.
 

 

CALIFORNIA CONSUMER RIGHTS – DO NOT SELL MY PERSONAL INFORMATION

For California Residents Only: GumGum provides two ways to exercise your rights: Compete the form at DO NOT SELL or call 866-I-OPT-OUT and enter service code 319 when prompted. To assure a timely and accurate response, we kindly ask that you contact us by selecting only one of these methods.
 

 

CHANGES TO THIS PRIVACY POLICY

GumGum may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, GumGum will provide additional notice, such as via email or through the Services.
 

 

CONTACT GUMGUM

Questions or concerns about this policy, please email us at: dataprivacy@gumgum.com.  

 

 

 

GLOSSARY

 

Ad Delivery and Reporting (ADR) is separate and distinct from Personalized Advertising, and means the collection or use of data about a browser or device for the purpose of delivering ads or providing advertising-related services, including, but not limited to: providing a specific advertisement based on a particular type of browser, device, or time of day; statistical reporting, traffic analysis, analytics, optimization of ad placement; ad performance, reach, and frequency metrics (e.g., frequency capping); security and fraud prevention; billing; and logging the number and type of ads served on a particular day to a particular website, application, or device.

 

Applicable Laws means laws, rules, directives, regulations issued or enacted by any government entity (including any domestic or foreign, supra-national, state, county, municipal, local, territorial or other government, which includes to the extent applicable, Directive 95/46/EC, Directive 2002/58/EC, European Commission decisions and guidance) each as transposed into domestic legislation of each Member State or other country and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR, and any industry self-regulatory principles that are applicable in the location or region where the Services are provided or received, related to the Processing of Personal Data or the interception, recording or monitoring of communications.

 

CCPA means Assembly Bill 375 of the California House of Representatives, an act to add Title 1.81.5 (commencing with Section 1798.100) to Part 4 of Division 3 of the Civil Code, relating to privacy and approved by the California Governor on June 28, 2018 (California Consumer Protection Act, “CCPA”).

 

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

 

Cross-App Advertising is the collection of data across applications owned or operated by different entities on a particular device for the purpose of delivering advertising based on preferences or interests known or inferred from the data collected.

 

Cross-Device Linking is the practice of linking two or more devices or browsers used or likely used by the same user, for advertising purposes.

 

De-Identified Data is data that is not linked or intended to be linked to an individual, browser, or device.

 

Device-Identifiable Information (DII) Formerly referred to as “Non-PII,” Device-Identifiable Information (DII) is any data that is linked to a particular browser or device if that data is not used, or intended to be used, to identify a particular individual. DII may include, but is not limited to, unique identifiers associated with browsers or devices, such as cookie identifiers or advertising identifiers, and IP addresses, where such data is not linked or intended to be linked to PII. DII includes data that is linked to a series of browsers or devices linked through Cross-Device Linking, if that data is not used, or intended to be used, to identify a particular individual. DII does not include De- Identified Data.

 

EU Model Clauses means the standard contractual clauses approved by European Commission on standard contractual clauses for the transfer of Personal Data to Processors or Controllers established in third countries (but which shall exclude any contractual clauses designated by the European Commission as optional in that decision), as amended or replaced from time to time by the European Commission.

 

GDPR (General Data Protection Regulation) means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC; The terms, “Controller”, “Processor” “Data Subject”, “Member State”, “Personal Data” or “Data”, “Personal Data Breach”, and “Processing”, and “Supervisory Authorities” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.

 

Interested Party means the party to the Main Agreement and on whose behalf GumGum processes the Personal Data of Interested Party or of Interested Party’s clients, whether received from Data Subjects/Consumers, third parties or Interested Party.

 

Interest-Based Advertising means the collection of data across web domains owned or operated by different entities for the purpose of delivering advertising based on preferences or interests known or inferred from the data collected.

 

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).

 

Main Agreement means the agreement between the Interested Party and GumGum whereby GumGum provides the Services and, in connection with the supply of such Services, engages in the processing of Personal Data of Data Subjects on behalf of Data Controller.

 

Opt-In Consent Opt-In Consent is an affirmative action taken by an individual that manifests the intent to opt in.

 

Opt-Out Mechanism is an easy-to-use mechanism by which individuals may exercise choice to disallow Personalized Advertising with respect to a particular browser or device.

 

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

 

Personal Directory Data is calendar, address book, phone/text log, or photo/video data (including any associated metadata), or similar data created by a user that is stored on or accessed through a device.

 

Personalized Advertising is a collective term for Interest-Based Advertising, Cross-App Advertising, and Retargeting, as well as any combination of these practices.

 

Personally-Identifiable Information (PII) is any information used, or intended to be used, to identify a particular individual, including name, address, telephone number, email address, financial account number, and government-issued identifier.

 

Precise Location Data is information that describes the precise geographic location of a device derived through any technology that is capable of determining with reasonable specificity the actual physical location of an individual or device, such as GPS-level latitude-longitude coordinates or location-based Wi-Fi triangulation.

 

Retargeting is the practice of collecting data about a browser’s or device’s activity in one unaffiliated web domain or application for the purpose of delivering an advertisement based on that data in a different, unaffiliated web domain or application.

 

Sensitive Data means and includes:  

 

  • Social Security Numbers or other government-issued identifiers;
  • Insurance plan numbers;
  • Financial account numbers;
  • Information about any past, present, or potential future health or medical conditions or treatments, including genetic, genomic, and family medical history based on, obtained or derived from pharmaceutical prescriptions or medical records, or similar health or medical sources that provide actual knowledge of a condition or treatment (the source is sensitive);
  • Information, including inferences, about sensitive health or medical conditions or treatments, including but not limited to, all types of cancer, mental health-related conditions, and sexually transmitted diseases (the condition or treatment is sensitive regardless of the source); and
  • Sexual orientation.

Services means the services as defined in the Main Agreement between Interested Party and GumGum.

 

Sub-processor means any third party (including any Processor affiliate) appointed by or on behalf of Data Processor to process Personal Data on behalf of Interested Party in connection with an Agreement.

 

Viewed Content Advertising is the collection of Viewed Content Information, or the use of such data for the purpose of tailoring advertising based on preferences or interests known or inferred from the data collected. Viewed Content Information is data about the video content viewed on a television.