Division-D privacy policy

download pdf icon

Effective date: January 1, 2011

Last update: April 22, 2021

 

 

 

iii-interactive, LLC dba Division-D and our wholly owned subsidiary Torch Interactive (“Division-D”, “we” “us”) functions as a leading direct-to-publisher digital media agency (the “Agency”) facilitating digital media buys between top brands and publishers. This Privacy Policy pertains to the Division-D Website at https://www.divisiond.com (the “Website”) as well as the Agency. Please read the following policy to understand how your personal information will be treated. This policy may change periodically to reflect any changes in legal requirements, company procedures, company products, service offerings and/or technology.

 

Privacy Practices for the Website

 

The Website is used for providing business information to prospective clients and business partners. It is not directed to consumers. We do not sell consumer data as part of our business operations including via the Website. The Website serves as a marketing vehicle for Division-D. Division-D is committed to respecting your privacy and conducting business matters that follow all policies as required by law.

 

 

Collection and Use of “PII” (Personally Identifiable Information) on the Website

 

 

 

Collection and Use of “Non-PII” (Non-Personally Identifiable Information)

 

Division-D also collects Non-Personally Identifiable Information (“Non-PII”) from visitors to this Website. Non-PII is information that cannot by itself be used to identify a particular person or entity, and may include your IP host address, pages viewed, browser type, Internet browsing and usage habits, Internet Service Provider, domain name, the time/date of your visit to this Website, the referring URL and your computer’s operating system.

This Website uses Google Analytics to help analyze how users use the Website. The tool uses “cookies,” which are text files placed on your computer, to collect standard Internet log information and visitor behavior information in an anonymous form. The information generated by the cookie about your use of the Website (including IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of the Website and to compile statistical reports on Website activity for Division-D.

 

 

Cookies and Other Tracking Technologies

 

Division-D and our partners use cookies or similar technologies to analyze trends, administer the website, and track users’ movements around the Website. Users can control the use of cookies at the individual browser level. For more information about cookies, please visit https://www.allaboutcookies.org/cookies/.

 

We work with third party advertising technology platforms to manage our advertising on other sites. Our third party partners may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. Sometimes this practice is referred to as interest based advertising. If you wish to opt out of interest-based advertising from our partners click here. Please note you will continue to receive generic ads.

 

 

Privacy Practices for the Agency

 

Division-D functions as a leading direct-to-publisher digital media agency (the “Agency”) which facilitates digital media buys between top brands and publishers. The Agency directs 3rd party technology platforms, including other third party advertising networks and consumer data providers (our “Partners”) to help advertisers (our “Clients”) find the right digital audience and to help website and mobile application publishers (our “Publishers”) do a more effective job monetizing their content. The Agency does not physically store any data. Rather, we purchase media on behalf of our Clients and engage our Partners to serve the ads and provide additional services pursuant to ensuring the media we buy for Clients from our Publishers. We adhere to the Digital Advertising Alliance Code to the extent that it is applicable to our business.

 

 

Collection of Information via the Agency

 

The Agency doesn’t physically store information directly. Rather, information is collected and processed by our Partners pursuant to their privacy policies. We encourage you to read our Partners’ privacy policies. Generally, these partners collect Non-PII including but not limited to browser type, operating system, Internet Service Provider, IP address, and basic ad serving information such as the time and date an ad is served, the name of the mobile app or URLs from the web page visited. Some Partners work with us and our Clients to enable our Clients to bring their offline data into our systems for use by our technology. The business purpose(s) this data is used includes delivery and reporting of targeted advertising, measurement, attribution and market research – working generally with the types of pseudonymous personal data described above.

 

 

Cookies and Tracking Technologies

 

Our Partners generally use cookies, mobile advertising IDs and similar tracking technologies in order to more effectively run ad campaigns on our behalf. Division-D does not generally use cookies in connection with the Agency.

 

 

Choice Mechanisms

 

Division-D provides you with choices regarding how your data is processed. You can request the PII that Division-D has collected about you, correct factual inaccuracies in information, remove personal information and/or update your personal information by contacting privacy@divisiond.com.

 

While  Division-D doesn’t directly process data via the Agency, many of our Partners provide choices regarding how information is collected or used. Each of these opt-out mechanisms are designed to enable you to exercise choice as is applicable for each Partner:

 

Google CAmpaign Manager - https://adssettings.google.com/u/0/authenticated?hl=en

Appnexus - https://www.appnexus.com/en/company/platform-privacy-policy#choices

Oath - https://policies.oath.com/us/en/oath/privacy/adinfo/index.html

LKQD Platform - https://ad.lkqd.net/optout/optout.html

 

In general, in order for any of these tools to work on your computer, your browser must be set to accept third party cookies. If you buy a new computer, change web browsers or delete this cookie, you will need to perform the opt-out task again.

 

You may also visit the Digital Advertising Alliance’s (DAA) website and use the opt-out procedure, which can be used to opt-out from the use of data for interest based advertising purposes from digital advertising companies, including many of our Partners. To access this service, please visit the https://www.aboutads.info/choices/.

 

The NAI also provides a mechanism to opt out of its member networks here: https://www.networkadvertising.org/managing/opt_out.asp and the European Digital Advertising Alliance opt-out page may be found at https://youronlinechoices.com/.

 

If you are looking to exercise choice regarding your mobile device, please visit the NAI’s Mobile Choice information page at https://www.networkadvertising.org/mobile-choice/ and follow their instructions.

 

 

Onward Transfer of Information

 

We do not share PII collected via the Website with anyone outside of Division-D, unless specifically stated otherwise. Division-D does not sell, rent or lease such PII collected on the Website to non- affiliated third parties without your consent. We don’t generally sell or share PII provided from Clients, Publishers or Partners other than with our agents and service providers who are bound by confidentiality provisions.

 

We may disclose the information we collect to third party vendors, service providers, data processors, contractors or agents who perform functions on our behalf and are not permitted to use such data except on behalf of Division-D. The types of service providers to which we transfer data include: a) cloud computer and data storage providers, b) companies offering tools to send emails and similar communications on our behalf, c) website and b2b sales analytics providers, d) customer relationship management and project management software providers, e) customer billing systems partners, f) outsourced computer programmers helping ensure our systems are operating properly, g) auditing, debugging and security vendors. As legally required, we have contracts with these service providers instructing them to only process data as we direct them to and for no other purpose.

 

Division-D may share information for the following purposes: (i) to third party vendors, service providers, data processors, contractors or agents as described above to assist or facilitate in the services Division-D provides; (ii) to comply with applicable laws and regulations or to respond to a subpoena, search warrant or other lawful request for information Division-D receives, whether or not a response is required by applicable law, and to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of the Terms of Access, or as otherwise required by law; (iii) for law enforcement or national security purposes including sharing data of EU and Swiss individuals in response to lawful requests from public authorities to meet national security and law enforcement requirements; (iv) to enforce an agreement or to protect Division-D’s rights; with any parent, affiliated or successor entity; (v) in connection with any asset sale, transfer, divestiture, bankruptcy or liquidation; (vi) in connection with strategic alliances, partnerships or other business arrangements to permit the offering of products or services Division-D believes may be of interest to you or where Division-D has determined that the information will be used in a responsible manner by the third party; or (vii) as permitted under any agreement with you. Division-D may also share aggregated data with others.

 

While our Partners may provide Division-D, our Publishers and our advertising Clients with reports pertaining to advertising campaigns, neither Division-D, our Publishers nor our Clients have access to IP addresses, cookie IDs or other forms of pseudonymous data from the Agency, although Publishers and Clients may obtain this data independently. To the extent that our partners may transfer data across international borders, they are required by law to have an appropriate data transfer mechanism.

 

 

Children’s Information

 

 

 

Data Subject Access Rights

 

Security Measures

 

Division-D uses appropriate measures to ensure the security of all information, including the use of passwords, firewalls, encryption and remote servers, and routinely evaluate our practices to identify security threats or opportunities for the improvement of our services. No transmission of information is guaranteed to be completely secure. Unauthorized entry or use, hardware or software failure, and other factors may compromise data security. You acknowledge and agree to assume this risk when communicating with us.

 

 

Other Notices

 

Division-D uses appropriate measures to ensure the security of all information, including the use of passwords, firewalls, encryption and remote servers, and routinely evaluate our practices to identify security threats or opportunities for the improvement of our services. No transmission of information is guaranteed to be completely secure. Unauthorized entry or use, hardware or software failure, and other factors may compromise data security. You acknowledge and agree to assume this risk when communicating with us.

 

 

California Data Subjects

 

Starting January 1, 2020, the California Consumer Privacy Act (CCPA) provides additional privacy protections for California data subjects and users, including: a) the right to see what data we have about you, your computer or device (i.e., the right to know), b) the right to delete the data we have about you, your computer or device (i.e., the right to delete) and c) the right to opt-out of the sale of data about you, your computer or device to certain third parties (i.e., the right to opt-out from sales of your information). We do not discriminate against you if you exercise any of the above rights. Moreover, we may not be able to honor a right if doing so would violate applicable law.

 

You may access those rights with respect to Division-D by scrolling up and reading the section entitled “Data Subject Access Rights” or by sending us an email at

 privacy@divisiond.com. As a California data subject, if you make a subject access request as set out in this policy, you are entitled to see and delete the personal information that we have about you. We will confirm your request within 10 days and make a good faith attempt to fulfill your request within 45 days. In 2020, Division-D did not directly receive any requests to know, delete or opt-out from California consumers.

 

Under the CCPA, your request to see the personal information that we have about you may include: (1) specific pieces of personal information that we may have about you; (2) categories of personal information we have collected about you; (3) categories of sources from which the personal information is collected; (4) categories of personal information that we sold or disclosed for a business purpose about you; (5) categories of third parties to whom the personal information was sold or disclosed for a business purpose under the CCPA; and (6) the business or commercial purpose for collecting or selling personal information.

 

We may take reasonable steps to verify your request. We will fulfill requests we are able to verify so long as we are not prohibited from doing so by applicable law and/or the information is not essential for us for billing, fraud prevention or security purposes. We will share our reason(s) for denying your request in the event that we are unable to fulfill your request.

 

You may make an access or deletion request via an authorized agent by having such agent follow the process below. Please note that we will request any authorized agent demonstrate that they have been authorized by you to make a request on your behalf. And we will attempt to verify your request. We require any authorized agents to provide us with contact details such as an email address and phone number so that we may ensure a timely response.

 

 

European Economic Area

 

The General Data Privacy Regulation (“GDPR”) affords additional data protection rights to EU data subjects. For example, with respect to EU data subjects, the definition of personal data includes pseudonymous data such as an IP address, a mobile advertising ID or a cookie ID. EU Data subjects have the right to complain to EU Supervisory Authorities and the right to access, port, correct and delete certain personal data processed by Division-D (e.g., via the Website) and those Partners that serve ads on our behalf to EU data subjects via the Agency. You may access those rights with respect to Division-D by scrolling up and reading the section entitled “Data Subject Access Rights” or by sending us an email at privacy@divisiond.com.

 

While Division-D does not physically store personal data in the context of the Agency, we do have Clients located in the EU and we do place media buys on behalf of Clients which may collect data from data subjects located in the EU. Our Clients and Publishers direct us to process data under their general instructions, but we may direct our technology Partners to adjust advertising campaigns where we feel appropriate. We rely on the consent of the individual to process personal data in some instances (for example, when the user inputs personal data onto a web form of our Website). On other occasions, Division-D may process personal data when needed to fulfill a contract with a Client or partner or where required to do so by law.

 

We may also process data when it is in our or our Clients’ legitimate interests to do this and when these interests are not overridden by the individual’s data protection rights (which may vary based on an individual’s jurisdiction). Certain Publishers, Clients and Partners choose not to operate in the EU and/or collect data from EU data subjects – and each has a process to ensure they are not collecting personal data from the EU in relation to the Agency.

 

To the extent that our processing activities require the transfer of personal data from EU data subjects to a jurisdiction that does not have an adequacy designation from the EU, we will find a suitable data transfer mechanism such as the Standard Contractual Clauses. If you have questions about this, or want to understand your rights in more detail, please feel free to contact us at privacy@divisiond.com.

 

 

Third-party Websites

 

Division-D is not responsible for the methods by websites or applications that contain links on the Website or are linked to its website nor the contact and information presented therein. Third-party Internet websites and services accessible through Division-D have separate privacy and data collection practices, independent of Division-D. Division-D has no responsibility or liability for these independent policies or actions. The collection and use of that data is governed by the privacy policy and legal terms of the data collector and the website using the data; it is not governed by Division-D.

 

Contact

 

If you have any questions or concerns about your privacy in connection with this policy, please send us a thorough description to privacy@divisiond.com and we will try to resolve it. You may also contact us by mail at

 

Attn: Privacy Officer

Division-D

602 Fay Street

Suite 101

Columbia, MO 65201

 

 

 

California Data Processing Agreement for Division-D Clients

 

This Division-D (“Division-D”) California Data Processing Addendum (“California DPA”) incorporated by reference into any and all services agreements, insertion orders and addendums currently in place between Division-D and ______________________(“Client”) (the “Agreement(s)”).

 

Effective January 1, 2020 or as otherwise proscribed under the CCPA, the parties agree to comply with the following provisions with respect to any personal information processed in connection with the Agreement that is subject to the California Consumer Privacy Act (“CCPA”).  The purposes of this California DPA is to ensure such Processing is conducted in accordance with data protection laws, including the CCPA.  References to the Agreement will be construed as including this California DPA.

 

  1. Definitions:
    1. The terms “consumer,” “personal information,” “processing,” “sell,” “service provider,” and “verifiable consumer request” are as defined under Section 1798.140 of the CCPA.
    2. Approved Sub-processor” means a third-party entity that processes data on behalf of and as specifically directed by Division-D pursuant to a written contract and is thereby bound by obligations that are no less onerous than the obligations set out in this DPA.
    3. "Client Personal Information" means personal information provided by Client pursuant to the Agreement.
    4. "Incident" means the known or suspected accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to transmitted, stored, or otherwise processed by Division-D or a Sub-processor of Division-D.
  2. Mutual Warranties: Each of the parties represent and warrant that it understands the rules, restrictions, requirements and definitions of the CCPA and agrees to adhere to the requirements of the CCPA that applies to each party’s processing of Client Personal Information, including, but not limited to: a) providing privacy policy notice as required by CCPA; b) providing data subjects with a notice and opt-out choice where required by CCPA; c) providing each other reasonable cooperation with respect to verifiable consumer requests as required under CCPA.
  3. Division-D Warranties: Division-D agrees that: a) it shall collect, store, transfer, dispose, disclose and use all Division-D Personal Information using the highest standard of care to ensure the protection of such data and in compliance with all applicable federal, state and international laws, regulations and directives; b) it shall not collect, retain, process, share or otherwise use Client Personal Information except for performing the services as described in the Agreement unless as required by law or a government authority (in which case Division-D shall use its best efforts to notify Client before such disclosure or as soon thereafter as reasonably possible); c) it shall act as a service provider and shall not sell Client Personal Information; d) it shall take reasonable steps as a service provider to ensure that the transfer of Client Personal Information is not a sale of personal information; e) except for Approved Sub-processors, it shall only transfer Client Personal Information to a third-party as specifically directed by Client. Any Sub-processors will be permitted to obtain Client Personal Information only to deliver the services Division-D has retained them to provide and are prohibited from using Client Personal Information for any other purpose. Division-D shall remain fully liable for all acts or omissions of its subcontractors.
  4. Data Retention: Division-D shall retain Client Personal Information only for as long as necessary to provide Services to Client.  Upon termination of the parties agreement for any reason, Division-D shall promptly erase or destroy all or any part of such Client Personal Information.
  5. Security:
  • Information Security Standard. Both parties agree that they will use their commercially reasonable efforts to maintain administrative, technical, and physical safeguards that are no less rigorous than industry standard practices to ensure the security and confidentiality of Client Personal Information, protect against any anticipated threats or hazards to the confidentiality, availability or integrity of Client Personal Information, and protect against unauthorized access, use, or alteration of Client Personal Information.
  • Written Information Security Program.  Both parties shall maintain, in writing, reasonable security procedures and practices (“Written Information Security Program” or “WISP”) as necessary to protect Client Personal Information within its control from unauthorized access, destruction, use, modification, or disclosure. Without limiting the generality of the foregoing statement, the WISP shall at a minimum encompass each of the elements set forth below.
  • Incident Procedures.   Any Incident involving the nonencrypted or nonredacted personal information as defined under section 1798.81.5(d)(1) of the California Civil Code (each a “Reportable Incident”) shall be subject to the following procedures:
    • Division-D shall notify Client promptly (within 72 hours) of any Reportable Incident by sending an email with all available and relevant details to an email address specified by Client.
    • Division-D shall investigate the Reportable Incident, and provide reasonable and necessary cooperation with Client, including facilitating interviews with relevant personnel, making available all relevant records, logs, files, data reporting and other materials, and providing Client with reasonable physical access to the facilities affected where owned by Division-D.
    • Unless required by law, Division-D shall not inform any third party, other than incident response and forensics specialists under NDA, of any Reportable Incident without first obtaining Client’ prior written consent, other than to inform a complainant that the matter has been forwarded to Client’ legal counsel.
    • Following a Reportable Incident, Division-D shall document responsive actions taken in connection with the Incident and shall conduct a post-breach review of events and actions taken, if any, to make changes in security practices and procedures to prevent such Incident from occurring again in the future.
  • Incident Remediation.  Division-D shall use its commercially reasonable efforts to mitigate and remedy any Incident and prevent any further Incident at its sole expense.
  • Third Party notification.  Division-D agrees that, unless applicable law states otherwise, Client shall have the sole right to determine (i) whether notice of the Reportable Incident is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies or others as required by law or regulation, or otherwise in Client’ discretion, (ii) the contents of such notice, and (iii) whether any type of remediation may be offered to affected persons, as well as the nature and extent of any such remediation. Division-D agrees to reimburse Client for reasonable costs described in this section for Reportable Incidents and/or as required by applicable law.

 

OUR PRIVACY POLICY

WE ARE COMMITTED TO RESPECTING YOUR PRIVACY