Effective Date: March 16, 2020
CSCONNECT.io (together with its subsidiaries, affiliates, officers and directors, as applicable (each individually, or collectively “SmartTag LLC.”, “Csconnect.io”, “Company”, “we” or “us”) is a global retail-tech company that provides consumer packaged goods brands (“Business Partners”) with an advertising platform for for the purpose of delivering advertising to individuals (“user(s)”) who scan QR code, tap NFC tag, download, use or otherwise interact with an app, landing pages or our services (“Digital Assets”), as defined below (collectively, “ Service(s)“).
- Information we collect from visitors of our website available at https://www.csconnect.com and/or https://www.csconnect.com (“Websites”) and our Business Partners who register to our Services through our Websites.
- Information we collect from users who interact with our Business Partners’ Digital Assets which are using our advertising platform.
- LAWFUL BASIS (as required under the EU General Data Protection Regulation (“GDPR”), and applicable for European Economic Area (“EEA”) residents).
- PRIVACY PRACTICES FOR THE OUR BUSINESS PARTNERS’ DIGITAL ASSETS
- Information Collect Through The Digital Assets
- How We Use the Information Collected Through the Digital Assets
- How We Share Information We Collect Through the Digital Assets
- User Opt-out Choices
- PRIVACY PRACTICES FOR THE CSCCONNECT WEBSITES
- Information We Collect Through the CSCONNECT Websites
- How We Use Information We Collect Through the CSCONNECT Websites
- How We Share Information We Collect Through the CSCONNECT Websites
- DATA ACCESS AND RETENTION
- DATA SECURITY
- THIRD-PARTY WEBSITES AND APPS
- SPECIAL JURISDICTIONS
- Users From Outside The United States
- California Residents
- CHILDREN UNDER CCPA
- CONTACTING US
If you are a resident of any member state of the EU, EEA or UK, this section applies to you.
As required under GDPR, the lawful basis for our data collection and processing is as follows:
- Where a Business Partner uses our Services, we process the Business Partner’s Personal Data in order to perform our contract with the Business Partner.
- Certain Online Identifiers, such as third party cookies or mobile advertising identifiers we use, are based on consent, when such usage involves any aspect of personalization; and when we use them for functionality abilities, compatibility, run statistics, aggregations, analytics and measurements.
- When we use an IP address for fraud detection and prevention, or, when we use it to detect country and language, we are based on legitimate interest.
- For direct marketing of Business Partners, we will process such data under our legitimate interest.
CSCONNECT.io acts as a Processor of certain Personal Data, as defined under the GDPR, such as the data processed from our users using our Business Partners’ Digital Assets. CSCONNECT.io is also a Controller of certain Personal Data, such as our Business Partner’s registration data, or if individuals contact us via our Site.
PRIVACY PRACTICES FOR THE OUR BUSINESS PARTNERS’ DIGITAL ASSETS
Information Collect Through The Digital Assets
Through the Digital Assets, we may (but do not necessarily, or always) collect a variety of information about the users, including:
- IP addresses, from which geographic location may be inferred, and system configuration information such as information about users’ operating systems;
- Precise geolocation information (generally, a user’s latitude and longitude data);
- Mobile advertising identifiers, such as iOS IDFAs and Android Advertising IDs (collectively, “Mobile IDs”). These Mobile IDs may be associated with other information we collect through the Digital Assets, from third parties, or through any other services we offer;
- Whether and how users interact with ads, (e.g., time-stamp and clickstream information)
- Device type and other device information (e.g., whether a user is using a smartphone or tablet, and related information);
- Network provider; and
- Other unique identifiers that may be associated with users’ devices, including identifiers provided by Business Partners or third-party service providers.
We may also use third-party services, such as Google Analytics, that gather information such as user IP address, browser type, the device type, and the times of your visit.
We may combine and merge the various types of information collected from the Business Partners’ Digital Assets, and may also enhance it (or permit our Business Partners to enhance it) with information collected from third parties. We refer to all of the above information as the “Service Information.”
How We Use the Information Collected Through the Digital Assets
We use the Service Information to provide a variety of services to our Business Partners related to advertising and marketing. This includes the use of the Service Information for purposes such as:
- Providing and improving the CSCONNECT Platform and apps, and the relevant Business Partners’ Digital Assets. This includes, for example, providing the customer, technical, and operational support for these features, detecting and protecting against errors, fraud, or other criminal activity, and resolving disputes and enforcing our terms and conditions and other rights we may have;
- Providing information and analytics to our Business Partners about the efficacy of marketing campaigns provided through the Digital Assets, or helping Business Partners create or enhance user profiles for marketing or analytics purposes;
- Creating inferences about users categorized into “Audience Segments” or to help Business Partners do so. For example, if the information we collect indicates that a user clicks on ads about organic cosmetics, we or our Business Partners may categorize the user of that device as someone who is interested in organic cosmetic products;
- Developing and use data models that try to predict users’ potential future behavior and interests on a per-device basis or across devices;
- Analyzing ad performance, for example, by attributing users’ app installations to ad campaigns; and
- Combining the Service Information to perform (including by working with our Business Partners) any of the above functions, or other advertising, marketing, or analytics services. Or, we may aggregate and create data models to do this, by creating algorithms in order to predict common interests among users.
How We Share Information We Collect Through the Digital Assets
Generally, we share the Service Information with our Business Partners in order to provide the Digital Assets to the users. For example, we share the Service Information with:
- Consumer Brands and their marketing and service providers, so they may provide targeted content and advertising to users on top of the consumer goods packaging, using the QR and NFC technologies;
- Consumer Brands and their marketing and service providers, so they may provide targeted content and advertising to users on mobile apps;
- Consumer Brands and their marketing and service providers, to help measure the effectiveness of marketing or analyze their End Users’ likely interests or demographics; and
- Other third parties that target advertising. This may include, for example, analytics companies, data management platforms that help marketers maintain and use data, proximity solution providers, and other advertising technology providers. These companies may, for example, provide targeted content and advertising to users and others on third-party apps or other advertising media (such as email, direct mail, and display media).
We may also share Service Information with third parties:
- Pursuant to a request or authorization by an End User or Business Partner;
- If the disclosure is provided to: (a) comply in good faith with applicable laws, rules, regulations, governmental and quasi-governmental requests, court orders, or subpoenas, including for purposes of national security and law enforcement; (b) enforce our terms and conditions or other agreements; or (c) protect our, or any other person’s or entity’s, interests, rights, property, or safety, or in connection with an investigation of suspected or actual unlawful activity;
- Where the information is aggregated or de-identified; and
- As part of a business purchase, sale, merger, consolidation, investment, change in control, transfer of all or substantially all of our assets, reorganization or liquidation, bankruptcy, or in connection with steps taken in anticipation of such an event (e.g. due diligence).
User Opt-out Choices
Our Business Partners may provide ways for users to opt out from, or limit their collection of, certain information from and about users. Please, refer to the privacy policies of a specific brand to learn more about their privacy practices.
PRIVACY PRACTICES FOR THE CSCCONNECT WEBSITES
Information We Collect Through the CSCONNECT Websites
The CSCONNECT Websites provide information regarding CSCONNECT and our products and services. Through the CSCONNECT Websites, we collect information you voluntarily disclose to us, and we may also obtain automatically-collected information.
- Information You Disclose to Us
When registering for an account, expressing an interest in obtaining additional information about CSCONNECT or our products and services, or otherwise contacting us through the CSCONNECT Websites, we collect information you voluntarily disclose to us, such as your name, mailing address, email address, telephone number, credit card number, and other billing information. You may also provide us with certain information about your business or other individuals.
- Automatically-Collected Information
We may also use third-party services, such as Google Analytics, that gather information such as your IP address, browser type, the web page from which you came to the CSCONNECT Websites, and the times of your visit.
How We Use Information We Collect Through the CSCONNECT Websites
In addition to the uses described elsewhere in this Policy, we use the information we collect through the CSCONNECT Websites (alone or in combination) to provide, market, improve, and operate the CSCONNECT Websites, CSCONNECT Platform, and any other products or services we have or may develop. This includes the use of the information to:
- Fulfill your requests;
- Send information about our products and services, including marketing communications;
- Respond to your questions, concerns, or customer service inquiries;
- Create aggregated or de-identified information;
- Comply with applicable laws, prevent fraud, mitigate risk, and perform similar purposes;
- Understand usage trends and preferences;
- Analyze, improve, and provide products and services;
- Customize the content and advertising you see on the CSCONNECT Websites, across the Internet, and elsewhere; and/or
- Perform other purposes at your request.
How We Share Information We Collect Through the CSCONNECT Websites
- We may share the information we collect through the CSCONNECT Websites in the following situations:
- With your consent, including through this Policy;
- With our affiliates;
- With third parties that help us to operate our business and provide our services, such as entities that provide us with technical, customer, billing, administrative, event planning, marketing, or operational services;
- As part of a business purchase, sale, merger, consolidation, investment, change in control, transfer of all or substantially all of our assets, reorganization or liquidation, bankruptcy, or in connection with steps taken in anticipation of such an event (e.g. due diligence);
- When required by law or in response to lawful processes, such as a subpoena, or to cooperate in good faith with a request from a government or law enforcement agency or official, including for purposes of national security and law enforcement;
- If we believe sharing the information may prevent physical, financial or other harm, injury, or loss; or
- If we believe sharing the information is necessary to protect our, or any other person’s or entity’s, interests, rights, property, or safety, or in connection with an investigation of suspected or actual unlawful activity.
With respect to aggregated or de-identified information, we may share such information without restriction.
DATA ACCESS AND RETENTION
Generally speaking, we retain the information collected from the CSCONNECT Websites and CSCONNECT Platform for as long as necessary to achieve our objectives as detailed in this Policy, and to comply with our legal obligations, resolve disputes, and enforce our agreements.
If you are a resident of the European Union, you may obtain a copy of the information we have about you by contacting us at [ need this email: email@example.com]. Please be advised that, due to the manner in which we collect information, we will only be able to provide you with such information if we can determine that the information is identifiable to you. Under extenuating circumstances, we reserve the right to charge a fee for providing you with such information, and that fee will be based on costs and fees we incur to fulfill your request.
We have administrative, technical, and physical safeguards in place in our physical facilities and in our computer systems, databases, and communications networks that are designed to protect the information from loss, misuse, or alteration. No method of electronic transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security of your information.
To assist with data security, you understand that YOU ARE RESPONSIBLE FOR MAINTAINING THE SECRECY OF ANY ACCOUNT CREDENTIALS THAT CAN BE USED TO ACCESS ANY ACCOUNT WITH CSCONNECT.IO. ANY ACTIONS TAKEN USING YOUR ACCOUNT CREDENTIALS ARE YOUR SOLE RESPONSIBILITY.
THIRD-PARTY WEBSITES AND APPS
This Policy only applies to the CSCONNECT Websites and the CSCONNECT Platform. We are not responsible for the privacy practices or disclosures of websites, developers, or apps that access or use the CSCONNECT Websites or CSCONNECT Platform. Likewise, when you access the CSCONNECT Websites, you may be directed to other websites that are also beyond our control. We encourage you to read the applicable privacy policies and terms and conditions of such third parties and websites, and the industry tools that we have referenced in this Policy.
Users From Outside The United States
The CSCONNECT Websites and CSCONNECT Platform are provided, supported, and hosted in the United States, and their operation is governed by United States law. If you are using the CSCONNECT Websites or CSCONNECT Platform from outside the United States, be aware that your Information may be transferred to, stored, and processed in the United States and other countries where our facilities are located. The data protection and other laws of the United States might not be as comprehensive as those in your country. By using the CSCONNECT Websites or CSCONNECT Platform, you consent to your information being transferred to our facilities and to the facilities of those third parties with whom we share your information as described in this Policy.
Users residing in California are afforded certain additional rights with respect to their personal information under the California Consumer Privacy Act (“CCPA”). If you are a California resident, these additional terms and conditions apply to you.
Certain data sharing practices we use may be qualified as “data selling” according to the CCPA. In such cases, you will have the right to opt-out via the settings in CSCONNECT Websites, CSCONNECT Platform, and our Business Partners’ Digital Assets. In which case, where you opt-out from data selling, we will receive your opt-out request either directly or from our Business Partner to further execute as required by the CCPA.
(b) We provide the following additional disclosures related to the collection, use, and disclosure of personal information under the CCPA:
- Online Anonymous Identifiers. Such as cookie ID, Advertising ID or IP Address;
- Internet or other electronic network or device information. Operating system type and version, browser type and version, and IP address;
- Analytics. Such as interaction with CSCONNECT Websites or our Business Partners’ Digital Services;
Categories of Third Parties with Whom We Share Information. We may share your personal information with third parties as described in the “How We Share Information We Collect Through the Digital Assets” and “How We Share Information We Collect Through the CSCONNECT Websites” sections of this Policy.
Your Consumer Rights. If you reside in California, you have the right to request access to the specific pieces of personal information we have collected about you in the last 12 months. You may also request additional details about our information practices, including the categories of personal information we have collected about you, the categories of sources of such collection, the business or commercial purpose for collecting personal information, the categories of third parties with whom we share your personal information, and the categories of personal information we have disclosed about you in the preceding 12 months. As a California consumer, you also have the right to (i) request deletion of your personal information (subject to certain exceptions), (ii) opt-out of sales of personal information (where and in case existed), and (iii) receive equal service and price and not be discriminated against even if you exercise any of your other CCPA rights.
California consumers may make requests to exercise their rights by using the following methods:
Note that in order to fulfill your request, we may need you to provide certain information to verify your identity. You can also designate an authorized agent to exercise these rights on your behalf. We will not discriminate against you if you choose to exercise your rights under the CCPA.
Children under CCPA
Our Services are designed for adults, not children under the age of 16. As such, we do not intend to collect personal information from children under the age of 16, and our Services and Business Partners’ Digital Assets are not designed to manage such information. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at firstname.lastname@example.org.
We may occasionally update this Policy to reflect changes to our privacy practices. The amended Policy will be displayed on the CSCONNECT Websites. Please check our Policy regularly to ensure you have read the latest version and to stay informed of our privacy practices. Your continued access to and use of the CSCONNECT Websites and CSCONNECT Platform constitute your acknowledgment of this Policy and any updates.
If you have any questions regarding this Policy, please contact us at email@example.com.