1. Introduction and Overview.
If you have any questions about our privacy practices, please contact us as set forth in the section entitled “Contact Us” below.
2. Information Collection.
A. Information You Provide.
We collect information that you provide directly via the Service, such as when you access our content, contact customer support, or apply for a job. We may use Service Providers (defined below) to collect this information.
The information we collect includes information that identifies you personally (whether alone or in combination). Some examples of information we collect include the following:
• Contact Data. We collect your first and last name, e-mail address, postal address, phone number, and other similar contact data.
• Demographic Data. We collect demographic information such as your age, gender, and country.
• Content. We collect the content of messages you send to us, such as your feedback or questions and information you provide to us.
• Resume Data. We collect data as necessary to consider you for a job opening if you submit an application to us, such as your employment history, cover letter, transcript, writing samples, and references.
You may choose to voluntarily submit information to us through the Service that we do not request, and, in such instances, you are solely responsible for such information.
B. Information Collected Automatically.
We automatically collect information about your device and how your device interacts with our Service. We may use Service Providers to collect this information. Some examples of information we collect include the following:
• Service Use Data. We collect data about the features you use, the pages you visit, the e-mails and advertisements you view, the products you purchase, the time of day you browse, your referring and exiting pages, and other similar information.
• Device Connectivity and Configuration Data. We collect data about the type of device or browser you use, your device’s operating software, your internet service provider, your device’s regional and language settings, and other similar information. This data also includes IP address, MAC address, device advertising Id (e.g., IDFA or AAID), and other device identifiers.
• Location Data. We collect data about your device’s location, which can be precise (e.g., latitude/longitude data) or imprecise (e.g., location derived from an IP address or data that indicates a city or postal code level).
We use various current – and later – developed technologies to collect this information (“Tracking Technologies”), including the following:
• Log Files. A log file is a file that records events that occur in connection with your use of the Service, such as your service use data.
• Cookies. A cookie is a small data file stored on your device that acts as a unique tag to identify your browser. We use two types of cookies: session cookies and persistent cookies. Session cookies make it easier for you to navigate the Service and expire when you close your browser. Persistent cookies help with personalizing your experience, remembering your preferences, and supporting security features. Additionally, persistent cookies allow us to bring you advertising both on and off the Service. Persistent cookies may remain on your device for extended periods of time, and generally may be controlled through your browser settings.
• Location-Identifying Technologies. Location data may be used for purposes such as verifying your device’s location and delivering or restricting relevant content and advertising based on that location.
Some information about your use of the Service and certain Third Party Services (defined below) may be collected using Tracking Technologies across time and services and used by us and third parties for purposes such as to associate different devices you use, and deliver relevant ads and/or other content to you on the Service and certain Third Party Services.
For further information on Tracking Technologies and your rights and choices regarding them, see the sections entitled “Third Parties” and “Your Rights and Choices” below.
C. Information on Behalf of Our Clients.
For further information on your rights and choices regarding Client Data, see the section entitled “Your Rights and Choices” below.
D. Information from Other Sources
• Data suppliers from which we purchase demographic data to supplement the data we collect.
• Social networks when you reference our Service or grant permission to Kepler to access your data on one or more of these services.
• Partners with which we offer co-branded services, sell or distribute our products, or engage in joint marketing activities.
• Publicly-available sources such as data in the public domain.
For further information on Third Party Services, see the section entitled “Third Parties” below.
3. Use of Information.
• Manage our Service.
• Perform services requested by you, such as to respond to your comments, questions, and requests, and provide customer service.
• Send you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages.
• Prevent and address fraud, breach of policies or terms, and threats or harm.
• Monitor and analyse trends, usage, and activities.
• Conduct research, including focus groups and surveys.
• Improve the Service or other Kepler websites, apps, marketing efforts, products and services.
• Develop and send you direct marketing, including advertisements and communications about our and third party products, offers, promotions, rewards, events, and services.
• Serve advertising tailored to your interests on our Service and Third Party Services.
• Fulfill any other purpose disclosed to you and with your consent.
We may use information that does not identify you (including information that has been de-identified) without obligation to you except as prohibited by applicable law. For information on your rights and choices regarding how we use your information, please see the section entitled “Your Rights and Choices” below.
4. Sharing of Information.
• Service Providers. We may share your information with our agents, vendors, and other service providers (collectively “Service Providers”) in connection with their work on our behalf. Service Providers assist us with services such as data analytics, marketing, website hosting, and technical support. Service Providers are prohibited from using your information for any purpose other than to provide this assistance, although we may permit them to use aggregate information which does not identify you or de-identified data for other purposes.
• Affiliates. We may share your information with our related entities including our parent and sister companies. For example, we may share your information with our affiliates for customer support, marketing, and technical operations.
• Clients. We share your information with our clients in connection with us processing your information on their behalf. For example, we share your information with our clients to provide them with strategic guidance, execute and optimizes media buys on their behalf, respond to your questions and comments, comply with your requests, and otherwise comply with applicable law.
• Business Partners. We may share your information with our business partners in connection with offering you co-branded services, selling or distributing our products, or engaging in joint marketing activities.
• Third Parties. We may share your information with third parties for purposes of facilitating your requests (such as when you choose to share information with a social network about your activities on the Service) and in connection with tailoring advertisements, measuring and improving our Service and advertising effectiveness, processing data and enabling other enhancements.
• Merger or Acquisition. We may share your information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.
• Security and Compelled Disclosure. We may share your information to comply with the law or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also share your information to protect the rights, property, life, health, security and safety of us, the Service or any third party.
• Consent. We may share your information for any other purpose disclosed to you and with your consent.
Without limiting the foregoing, in our sole discretion, we may share aggregated information which does not identify you or de-identified information about you with third parties or affiliates for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we share your information, please see the section entitled “Your Rights and Choices” below.
5. Third Parties.
A. Third Party Services.
B. Third Party Features.
• Liking and Sharing. We may embed a pixel or SDK on our Service that allows you to “like” or “share” content on Third Party Services, including social networks such as Facebook and Twitter. If you choose to engage with such a Third Party Service through our Service, we may collect any information you have authorized the Third Party Service to share with us (such as your user ID, public profile information, e-mail address, birthday, and other account and profile data). Likewise, if you choose to engage with such a Third Party Service through our Service or visit our Service while logged in to that Third Party Service on your device, the Third Party Service may receive information about your activities on our Service and be able to associate that information with information the Third Party Service already has about you.
C. Analytics and Interest-Based Advertising.
Our Service contains Tracking Technologies owned and operated by Third Parties. For example, we use Tracking Technologies from third party analytics provides, such as Google Analytics, to help us analyze your use of the Service, compile statistic reports on the Service’s activity, and provide us with other services relating to Service activity and internet usage. We also work with ad serving services, advertisers, and other third parties to serve advertisements on the Service and/or on Third Party Services. These third parties may use Tracking Technologies on our Service and Third Party Services (including in e-mails and advertisements) to track your activities across time and services for purposes of associating the different devices you use, and delivering relevant ads and/or other content to you on the Service and Third Party Services or third party devices after you have left the Service (“Interest-based Advertising”).
We may serve ads on Third Party Services, such as Facebook and Google, that are targeted to reach people (or similar people) on those services that have visited our Service or that are also identified in one of more of our databases (“Matched Ads”). This is done by matching common factors between our data and the data of Third Party Services. To opt-out of us using your data for Matched Ads, please contact us as set forth in the “Contact Us” section and specify that you wish to opt-out of Matched Ads. We will request that the applicable Third Party Services not serve you Matched Ads based on information we provide to it. You may also contact the applicable Third Party Services to opt-out. We are not responsible for such Third Party Services’ failure to comply with our or your opt-out instructions.
For further information on Tracking Technologies and your rights and choices regarding them, please see the sections entitled “Information Collected Automatically” above and “Your Rights and Choices” below.
6. Your Rights and Choices.
A. Tracking Technology Choices.
• Cookies and Pixels. Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.
• Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, we do not monitor or take action with respect to “Do Not Track” signals or other mechanisms. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.
Please be aware that if you disable or remove Tracking Technologies some parts of the Service may not function correctly.
B. Analytics and Interest-Based Advertising.
You can opt-out of your data being used by Google Analytics through cookies by visiting https://tools.google.com/dlpage/gaoptout and downloading the Google Analytics Opt-out Browser Add-on.
Some of the third parties that collect information from or about you on the Service in order to provide more relevant advertising to you participate in the Digital Advertising Alliance (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. This program offers a centralized location where users can make choices about the use of their information for online behavioral advertising. To learn more about the DAA and your opt-out options for their members for websites, please visit http://www.aboutads.info/choices. In addition, some of these third parties may be members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt-out options for their members, please visit http://www.networkadvertising.org/choices/. Please note that if you opt-out of online behavioral advertising using any of these methods, the opt-out will only apply to the specific browser or device from which you opt-out. Further, opting-out only means that the selected members should no longer deliver certain Interest-based Advertising to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). We are not responsible for effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.
You can opt-out of receiving promotional e-mails from us at any time by following the instructions as provided in e-mails to click on the unsubscribe link, or e-mailing us at the e-mail address set forth in the section entitled “Contact Us” below with the word UNSUBSCRIBE in the subject field of the e-mail. Please note that you cannot opt-out of non-promotional e-mails, such as those about your account, transactions, servicing, or Kepler’s ongoing business relations.
Please note that your opt-out is limited to the e-mail address used and will not affect subsequent subscriptions.
D. Your California Privacy Rights.
California’s “Shine the Light” law permits customers in California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. Under the law, a business should either provide California customers certain information upon request or permit California customers to opt in to, or opt out of, this type of sharing.
Kepler may share personal information as defined by California’s “Shine the Light” law with third parties and/or affiliates for such third parties’ and affiliates’ own direct marketing purposes. If you are a California resident and wish to obtain information about our compliance with this law, please contact us as set forth in the section entitled “Contact Us” below. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that Kepler is not required to respond to requests made by means other than through the provided e-mail address or mail address.
E. Your European Privacy Rights.
Data subjects in Europe have additional rights as set out in the “Additional Disclosures for Data Subjects in Europe” section below.
The Service is intended for a general audience and not directed to children under thirteen (13) years of age. Kepler does not knowingly collect personal information as defined by the U.S. Children’s Privacy Protection Act (“COPPA”) in a manner that is not permitted by COPPA. If you are a parent or guardian and believe Kepler has collected such information in a manner not permitted by COPPA, please contact us as set forth in the section entitled “Contact Us” below, and we will remove such data to the extent required by COPPA.
8. Data Security.
We implement reasonable security measures to protect the information in our care, both during transmission and once we receive it. This includes, but is not limited to the use of encryption. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.
9. Privacy Shield and International Transfer
Kepler will comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the European Union, the United Kingdom, and Switzerland to the U.S. Kepler will certify that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability.
In accordance with our obligations under Privacy Shield, and subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission, we hereby affirm our commitment to subject to the Privacy Shield Principles all personal data transferred from the European Union, the United Kingdom, and Switzerland in reliance on Privacy Shield. This means that, in addition to our other obligations under the Privacy Shield Principles, we shall be liable to you for any third party agent to which we transfer your personal data and that processes such personal data in a manner that violates the Privacy Shield Principles, unless we can demonstrate that we are not responsible for the resulting damages.
In the event that you have any inquiry, dispute, or claim arising out of or relating to our compliance with Privacy Shield, please contact us as set forth in the section entitled “Contact Us” below. If we are unable to resolve your complaint directly, you may submit your complaint at no cost to you to JAMS at https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim. In the event there are residual complaints that have not been resolved by JAMS, or any other means, you may seek a non-monetary remedy through binding arbitration to be provided to you in accordance with the Privacy Shield Principles.
To learn more about the Privacy Shield Framework, and to view Kepler’s certification, please visit https://www.privacyshield.gov/.
11. Contact Us.
Kepler Group LLC, Privacy Officer
6 East 32nd Street, Floor 9
New York, NY 10016
12. Additional Disclosures for Data Subjects in Europe.
A. Data Controller.
Data protection laws in Europe make a distinction between organizations that process personal data for their own purposes (known as “controllers”) and organizations that process personal data on behalf of other organizations (known as “processors”).
B. Lawful Basis for Processing.
Data protection laws in Europe require a “lawful basis” for processing personal data. Our lawful bases include where: (a) you have given consent to the processing for one or more specific purposes, either to us or to our Service Providers, partners, or clients; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests.
C. Your European Privacy Rights.
If you are a data subject in Europe, you have the right to access, rectify, or erase any personal data we have collected about you through the Service. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you through the Service. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.
To exercise any of these rights, contact us as set forth in the section entitled “Contact Us” below and specify which right you intend to exercise. We will respond to your request within 30 days. We may require additional information from you to allow us to confirm your identity. Please note that we store information as necessary to fulfil the purposes for which it was collected, and may continue to retain and use the information even after a data subject request for purposes of our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.
We acknowledge that you have rights in connection with Client Data. If your information has been processed by us on behalf of a client and you wish to exercise any rights you have with such information, please inquire with our client directly. If you wish to make your request directly to us, please provide the name of the client on whose behalf we processed your information. We will refer your request to that client, and will support them to the extent required by applicable law in responding to your request.
If you have any issues with our compliance, you have the right to lodge a complaint with a European supervisory authority. We would, however, appreciate the opportunity to address your concerns before you approach a data protection regulator, and would welcome you directing an inquiry first to us. In addition to the contact information above, for EU-specific requests, you can reach us at firstname.lastname@example.org.