I. Overview
The California Consumer Privacy Act of 2018 (as may be amended, replaced, or superseded, as well as any implementing regulations, the “CCPA”) provides certain rights to residents of California. This Privacy Notice of Connexity, Inc. (“we”, “us”, or “our”) applies if you are a natural person who is a resident of California (“California Consumer” or “you”) and uses our services. This Privacy Notice supplements the information in our Privacy Policy https://connexity.com/privacy-policy. However, this Privacy Notice is intended solely for, and is applicable only as to, California Consumers. If you are not a California Consumer, this does not apply to you and you should not rely on it.
Generally, under the CCPA “Personal Information” means information within certain categories set forth in the statute that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Please note that personal information is different from the term “personal data” mentioned in our Privacy Policy or the term Personally Identifiable Information (“PII”).
You should read this entire Privacy Notice, but here is a partial list of some of the key topics.
- Click here to learn what categories of personal information we collect from California Consumers.
- Click here to learn about our disclosure and/or sales of personal information.
- Click here to learn about our purposes for collecting and sharing personal information.
- Click here to learn about your rights and choices with respect to your personal information and how to exercise those rights.
- Click here to learn how to contact us for more information about our privacy practices.
- Click here to learn more about CCPA for Service Providers (for businesses).
II. Personal Information we collect about California Consumers
Depending on how you interact with us, we may collect the following categories of information summarized in the table below:
Our Personal Information Collection Practices |
||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
In addition to the above, we collect personal information from job applicants, current or former employees, owners, directors, officers, and contractors (and emergency contacts for the foregoing), from CRM tools, and from business to business communications or transactions. The categories of personal information may include those listed above as well as those listed in Cal. Civ. Code § 1798.80(e) and professional or employment-related information.
III. Our Disclosure and/or Sale of Personal Information
We will share the information collected from and about you as discussed above for various business purposes, with service providers, and with third parties including our customers. The chart below describes how and with whom we share or disclose personal information, and whether (based on the CCPA’s definition of “sell”) we believe we have “sold” a particular category of information in the prior 12 months.
Our Disclosure and/or “Sale” of Personal Information |
||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
We also may share any of the personal information we collect as follows:
- Sharing for Legal Purposes: We may share personal information with third parties in order to: (a) comply with legal process or a regulatory investigation (e.g. a subpoena or court order); (b) enforce our terms of service, our Privacy Policy, this Privacy Notice, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; and/or (d) protect the rights, property or personal safety of us, our platform, our customers, our agents and affiliates, its users and/or the public. We likewise may provide information to other companies and organizations (including law enforcement) for fraud protection, spam/malware prevention, and similar purposes.
- Sharing In Event of a Corporate Transaction: We may also share personal information in the event of a major corporate transaction, including for example a merger, investment, financing, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets, or for purposes of due diligence connected with any such transaction.
- Aggregate/De-Identified Information: We may aggregate and/or de-identify any information collected so that such information can no longer reasonably be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes.
We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is at least 13 but not yet 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time.
Please see “Right to Opt-out of the sale of your personal information” within Section V below for information about your rights to opt-out of sales under the CCPA.
IV. Our Purposes for Collecting and Sharing Personal Information
Generally speaking, we collect and share the personal information that we collect for the following purposes:
- Processing payments between publishers and advertisers.
- Developing new products and improving our services.
- Helping clients target ads to online audiences based on inferred and/or shared interests or preferences.
- Personalizing your website experience and delivering content, product and service offerings relevant to your interests.
- Creating audiences and lookalikes to which our clients can market their products and services.
- Providing analytics regarding the effectiveness of online ad campaigns, including by reporting on the number of ads viewed and actually clicked (or swiped) on, and if the consumer purchased any items from the advertiser.
- Auditing.
- Detecting security incidents and protecting against malicious or fraudulent activity (and, if necessary, prosecuting those responsible).
- Quality control and debugging.
- Short-term and transient use.
- Internal research.
- Supporting employment, infrastructure, and human resource management (e.g., processing employment applications, providing benefits to employees and dependents, managing compensation, operating facilities and infrastructure).
- Conducting business to business relationships.
- Fulfilling or meeting the reason you provided the information.
- Complying with our legal obligations.
V. Your Rights and Choices
The CCPA provides California Consumers with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights. You have the right not to receive discriminatory treatment by us for the exercise of such rights.
Right to Opt-out of the sale of your personal information: California residents may opt out of the “sale” of their personal information. If you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. You may “opt out” of our “sale” of your personal information (as those terms are defined by the CCPA) by clicking here or by e-mailing us at dataprotection@connexity.com. Please note that this is not an opt out of interest-based advertising. To opt out of interest-based advertising, please visit our Ad Opt-Out Policy page
Access to Specific Information and Data Portability Rights: You have the right to request that we disclose certain information to you about our collection, use, disclosure, and sale of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see “Exercising Access, Data Portability, and Deletion Rights” below), we will disclose to you the specific pieces of personal information that we have collected from you. However, we may withhold some
personal information where the risk to you or our business is too great to disclose the information, or where we cannot verify your identity in relation to such personal information. Thus, for security purposes (and as required under California law), we will verify your identity – in part by requesting certain information from you — when you request to exercise certain of your California privacy rights.
Deletion Request Rights: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see “Exercising Access, Data Portability, and Deletion Rights” below), we will delete (and direct our service providers to delete) your personal information from our records unless an exception applies.
Exercising Access, Data Portability, and Deletion Rights:
- How to submit requests:
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by visiting connexity.com or via e-mail at dataprotection@connexity.com. - Who may submit requests:
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may designate an authorized agent to make a request on your behalf by verifying your own identity with us and providing a copy of written authorization for the agent to act on your behalf or other validation method used by us to confirm that an agent has been authorized to act on behalf of a consumer. - How often you can submit requests:
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. - How we verify and respond to requests:
Your request must be verifiable. That means that you, or your authorized agent, must provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative of that person. We may verify your request:- If you have a password protected account with us, we may verify your request using our existing authentication practices for that account.
- For requests to know or have personal information deleted, by requiring you to provide us at least two data points, depending on the type of personal information in question.
Your verifiable consumer request must also describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. - Response Timing and Format:
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
VI. Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. You have a right not to receive discriminatory treatment by us for exercising your privacy rights.
VII. Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to. third parties for their direct marketing purposes. To make such a request, please contact us using the contact information set forth below in SectionVIII.
VIII. Who to contact for more information
For questions or concerns about our privacy practices, you can contact us at the method set forth below.
Phone: 310-571-1235
Website: https://connexity.com/contact
Email: dataprotection@connexity.com
Postal Address:
Connexity, Inc.
Attn: Legal Dept.
2120 Colorado Ave, Suite 400
Santa Monica, CA 90404
California Privacy – Service Provider Addendum
This Service Provider Addendum (“Addendum”) supplements the Merchant Program Agreement, Publisher Program Terms & Conditions, or other written or electronic agreement for the provision of internet advertising services between Connexity, Inc. (“Connexity”) and the other party thereto (“Company”) (each respectively, the “Agreement”).
This Addendum reflects the agreement of Connexity and Company with respect to the following terms regarding the personal information of California consumers and covered information of Nevada residents. To the extent there is a conflict between this Addendum and the terms of the Agreement, this Addendum will control. Connexity may make reasonable changes to this Addendum from time to time, which shall become effective immediately on posting here.
1.0 California Consumer Personal Information. With respect to personal information of California consumers that Connexity processes on behalf of Company pursuant to the Agreement, Connexity and Company agree that:
1.1 “CCPA” shall mean the California Consumer Privacy Act of 2018 (California Civil Code §§ 1798.100 to 1798.198), as amended or superseded, including any regulations or guidance provided by the California Attorney General.
1.2 The terms, “collect”, “commercial purpose”, “consumer”, “personal information”, “processing”, “sale“, “sell”, and “service provider” shall have the same meaning as in the CCPA, and their cognate terms shall be construed accordingly.
1.3 Connexity is a service provider under the CCPA.
1.4 The disclosure of personal information to Connexity is not for monetary or other valuable consideration.
1.5 Connexity will only process personal information on behalf of Company for fraud prevention, pricing optimization, ad placement, advertising campaign optimization, invoice amount, payment or invoice detail verification, or for any other business purpose set forth in the Agreement. In addition, (1) Connexity will not retain, use, or disclose personal information for any purpose other than for the specific purpose of performing the services specified in the contract for the business, or as otherwise permitted by the CCPA, as reasonably determined by Connexity; (2) Connexity will not further collect, sell, or use consumer personal information except as reasonably necessary and proportionate to achieve the operational purpose for which the information was collected or processed or, in Connexity’s reasonable discretion, for another operational purpose that is compatible with the context in which the personal information was collected; and (3) unless Company directs Connexity to sell personal information on Company’s behalf, Connexity is prohibited from selling such personal information. Connexity may disclose personal information to its own service providers, provided that Connexity shall require its service providers to comply with terms that are equivalent to those in this Addendum. Without limiting the foregoing, Connexity may also use personal information (i) internally to build or improve the quality of its services, (ii) to detect data security incidents, or protect against fraudulent or illegal activity, and (iii) for the purposes enumerated in Cal. Civil Code section 1798.145, subsections (a)(1) through (a)(4).
1.6 Company shall post a CCPA-compliant privacy notice. Section 2 of this Addendum describes the personal information categories that Connexity may collect and/or process under this Agreement. Connexity may update Section 2 from time to time, upon written notice to Company.
1.7 Connexity shall promptly and in good faith take such actions and provide such information and assistance as Company may reasonably request to enable Company to honor requests of individuals to exercise their rights under the CCPA, including requests to access, delete or opt-out of sale of personal information pertaining to them. If feasible and to the extent required by the CCPA, Connexity shall give Company written notice of any such requests that Connexity may receive directly from consumers that pertain to the services provided to Company and performed by Connexity for Company under the Agreement.
2.0 Personal Information Categories. Connexity may process the following categories of personal information, as defined and classified by Cal. Civ. Code § 1798.140(o)(1)(A) through (K), from California consumers on Company’s behalf under the Agreement: identifiers (e.g. unique personal identifier and IP address); commercial information (e.g. records of purchase order value); internet or other similar network activity (e.g. consumer’s interaction with website or advertisement); and geolocation data (e.g. IP address). The foregoing listing of personal information categories does not necessarily indicate that all (or any) of such categories are applicable to the Agreement or the services provided thereto. Information is only personal information to the extent it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.
Connexity may also collect personal information from Company, its representatives and personnel through CRM tools and business to business communications between the parties. Related categories of personal information may include those listed above as well as those listed in Cal. Civ. Code § 1798.80(e) and professional or employment-related information.
Additional information regarding Connexity’s personal information collection is set forth in its California Privacy Notice at https://connexity.com/california-privacy.
3.0 Nevada Residents. With respect to the covered information of consumers who reside in the State of Nevada that Connexity processes on behalf of Company pursuant to the Agreement, Connexity and Company agree that:
3.1 The terms “sale“, “consumer“, and “covered information” shall have the meanings set forth in or applicable to Nevada Senate Bill 220, which amends and supplements Nevada’s Online Privacy Law, Nev. Rev. Stat. 603A, et seq., and their cognate terms shall be construed accordingly.
3.2 Connexity shall not sell covered information.
