Effective Date December 17, 2020
2. NOTICE AT COLLECTION - how we collect and use your personal information
Our Services are not directed at and should not be used by children under the age of 16. If we learn that we have collected the personal information of a child under the age of 16, we will delete it or take other steps if required under applicable law. Please inform us if you believe we have collected the personal information of a child under the age of 16 by emailing us at email@example.com
The legal basis for our collection and use of your personal information
We will only use your personal information when the law allows us to. If you are based in the United Kingdom or Europe we will only use your personal information if we have one of the following legal bases:
- where we need to perform the contract we have entered into with you (for example the Terms of Service);
- where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests;
- where we need to comply with a legal obligation;
- where we need to protect your interests (or someone else’s interests); and/or
- where we have obtained your consent.
In addition to the specific reasons set out above, we also use your personal information to:
- provide our Services to Brands, Creators, users, and others;
- improve our Services and create new ones;
- respond to questions, concerns, or customer service inquiries;
- send information about our current and future Services (or the offerings of Brands or Creators), including marketing communications by phone, email, online display advertising, and other channels (in line with our legitimate interest in marketing our Services and offerings);
- analyze market conditions and use of our Services;
- customize the content and advertising individuals see on our Sites, across the Internet, and elsewhere
- enforce the legal terms that govern our business relationships;
- detect and take measures against fraud, cybersecurity violations and other risks;
- comply with law, protect rights and ensure safety; and
Personal Information collected when you scan one of our QR Codes:
- a record of the specific QR Code you scanned in line with our legitimate interests (to provide our Services);
- information about your device, such as its current IP address, the operating system and the browser used by the device in line with our legitimate interests (to improve our products);
- unique cookie IDs we assign to your browser in line with our legitimate interests (marketing);
- Geolocation; and
- inferences drawn from any of the above in line with our legitimate interests (to provide our Services).
Personal Information collected in other contexts through use of our Sites or interactions with our business contacts or other counterparties:
- contact information, such as name, username, email address, phone number and address, and professional or employment-related data (such as title) in line with our legitimate interests (to provide our Services);
- information about your purchases in accordance with your contract with us under our Terms of Service;
- payment details, such as payment card number in accordance with your contract with us under our Terms of Service;
- records of services carried out and business relationships in line with our legitimate interests (to provide our Services, carry out marketing and improve our Services);
- information about your interests and marketing preferences in line with our legitimate interests (to carry out marketing and improve our Services);
- information about your device or browser, that we collect through automatic means such as cookies and other technology (e.g., unique browser identifiers, IP address, browser and operating system information, device identifiers (such as the Apple IDFA or Android Advertising ID), geolocation information, list of installed apps, local Wi-Fi network name; and internet connection information) in line with our legitimate interests (to improve our Services);
- details you provide through forms or other interactive content that we host, such as a COVID check-in form;
- Other information or content stored on your device, such as in its address book or photo library;
- other information collected through automatic means about your interactions with Brands, Creators and other partners, and about your interactions with our Sites and Services; and
- inferences drawn from any of the above.
Collection and Disclosure of California Personal Information During Past 12 Months
|Information collected when you scan a Flowcode:|
|Category of personal information collected||Categories of third parties to which it was disclosed for a business purpose|
|Identifiers, such as IP address||Affiliates, customers, and service providers, contractors or agents who perform functions on our behalf, such as data storage and hosting providers, email service providers, analytics providers, network and system management providers, communications tools, IT support providers, CRM providers, incentive providers, accounting services.
|Commercial information, such as information about your use of our QR codes||Same as first row|
|Internet or other electronic network activity information, such as technical data about your device and information about your use of QR codes and your interactions with our Sites and Services, and with Brands, Flowcodes and Flowpages||Same as first row|
|Inferences drawn from any of the above information||Same as first row|
|Other personal information|
|Category of personal information collected||Categories of third parties to which it was disclosed for a business purpose|
|Identifiers, such as your name, username, email address, phone number and address||Affiliates, customers, and service providers, contractors or agents who perform functions on our behalf, such as data storage and hosting providers, email service providers, analytics providers, network and system management providers, communications tools, IT support providers, CRM providers, incentive providers, accounting services.
|Professional or employment-related information, such as your title||Same as first row|
|Commercial information, such as information you provided to us in your communications (some of which is personal information) and information about your purchases or interactions with our Services||Same as first row|
|Financial information such as your payment card number||Handled directly by payment card processors and payment service providers|
|Internet or other electronic network activity information, such as technical data about your device and your interactions with our Sites and Services, and with Brands and Flowpages||Same as first row|
|Inferences drawn from any of the above information||Same as first row|
3. COOKIE NOTICE – what cookies we use as part of our Services
This information may include unique browser identifiers, IP address, browser and operating system information, device identifiers (such as the Apple IDFA or Android Advertising ID), geolocation, other device information, Internet connection information, as well as details about your usage and interactions with the relevant website, application, email or other online property (for example, the URL of the third-party website from which you came, the pages and content on our Site that you view, how frequently you access or use the Services, and how you engage with or navigate our Services (including the links you click on), error logs, and other similar information). In some cases (such as cookies), the tools described here involve storing unique identifiers or other information on your device for later use.
In addition, when you point the camera on any modern phone or tablet at a QR code, you’ll either be given an option to take some action, or your device will automatically take that action. For example, when you point the camera at the QR code above, you’ll see the option to visit a webpage. Some QR codes can do other things, like download some content or install an app.
These technologies help:
- Display personalized content;
- Facilitate online marketing;
- Remember your settings on the pages you visit so that we can display your preferred content the next time you visit;
- Perform analytics, measure traffic and usage trends, and better understand the demographics of users;
- Diagnose and fix technology problems;
- Plan for and enhance our business; and
For example, in some cases, we assist with the collection of information by advertising services provided by third parties. We and ad services may track your online activities over time by collecting information through automated means such as cookies, and we or they may use this information to show you ads that are tailored to your individual interests or characteristics, your prior visits to certain websites, or other information we or they know, infer, or have collected from people like you.
How to opt-out of cookies
To opt out of the non-essential cookies, please select ‘Cookie Settings’ on our pop-up banner to view the full list of cookies in use and manage your preferences.
To learn more about interest-based advertising generally, or to opt out of targeted, interest-based ads by some of our current ad service partners, visit aboutads.info/choices from each browser you use.
For mobile devices, please read your operating system's instructions for complete instructions.
- iOS 7 or Higher: Go to your Settings > Select Privacy > Select Advertising > Enable the "Limit Ad Tracking" setting.
- For Android devices with OS 2.2 or higher and Google Play Services version 4.0 or higher: Open your Google Settings app > Ads > Enable "Opt out of interest-based advertising".
- See theNAI guideto mobile device options for additional suggestions for managing ad-related preferences.
You can also opt out of Google Analytics and customize the Google Display Network ads by visiting the Google Ads Settings page from each browser. Google also allows you to install aGoogle Analytics Opt-out Browser Add-on for each browser.
If you replace, change, upgrade or reset your browser or device, or delete your cookies, you may need to use these opt-out tools again. We do not respond to browser-based do-not-track signals.
When you point the camera on any modern phone or tablet at a QR code, you’ll either be given an option to take some action, or your device will automatically take that action. Some QR codes can do other things, like download some content or install an app.
4. DATA TRANSFER – how we share your information
We share your information with third parties as follows:
- With Brands and Creators: We share information with Brands and Creators. For example, when we collect information about you in the context of your relationship with (or interaction with) a Brand or Creator, we may share that information with the Brand or Creator. We may also share personal information with Brands or Creators in other situations.
- With Vendors: We may share your information with companies that provide services to us, including, without limitation, facilitating some aspects of our Sites or Services such as sending emails and fulfilling customer service requests.
- With Business Partners: Where we are permitted to do by applicable privacy laws and with your consent if required by law, we may share information with businesses with which we partner to offer you certain products, services, and promotions which may be of interest to you.
- Legal Proceedings: We share information when we believe disclosure is appropriate due to a subpoena or similar investigative demand, a court order, or other request from a law enforcement or government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law;
- Compliance: We share information when we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce our Services’ terms and conditions or other agreements or policies.
- Corporate Transactions: We may disclose your information as part of, or to take steps in anticipation of, a sale of all or a portion of our business, a divestiture, merger, consolidation, or asset sale, a bankruptcy, or other significant corporate event.
Whenever we transfer your personal information out of the United Kingdom or Europe, we ensure a similar degree of protection by using at least one of the following safeguards:
- We will transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission or the United Kingdom authorities as appropriate.
- We use specific contracts approved by the European Commission or the United Kingdom authorities as appropriate which give personal information the same protection it has in Europe or the UK, such as the model contracts for the transfer of personal information to third countries.
- Any data transfer mechanism approved by the European Commission or the United Kingdom authorities as appropriate, such as a privacy shield or updated model clauses.
Please contact us at firstname.lastname@example.org if you would like further information on the specific mechanism used by us when transferring your personal information out of the United Kingdom or Europe.
5. DATA SECURITY – how we protect your personal information
dtx have put in place appropriate technical and physical safeguards to protect your personal information and prevent your personal information from being accidentally lost or used, altered or accessed in an unauthorised way. We have put in place procedures to deal with data security breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.
Third parties will only process your personal information where they have agreed to treat the personal information confidentially and in a secure manner. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to access it.
We urge you to use a unique password for each of the Services, to keep them in a safe place and not to give them to anyone. Also remember to sign off your account and close your browser window when you have finished your visit to the Sites or your other use of the Services. However, no security method is perfect, and even if you take those steps, we cannot guarantee that any personal information will remain secure.
6. RETENTION – how long we keep your personal information for
In general, we will retain your information in identifiable form only for the time necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the potential risk of harm from unauthorised use or disclosure of your personal information, the amount, nature, and sensitivity of the personal information and the purposes for which we process your personal information, to determine if we can achieve those purposes through other means, and the applicable legal requirements.
Information may persist in copies made for backup and business continuity purposes for longer than original copies.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
7. PRIVACY RIGHTS – what rights you have regarding your personal information
If you are a resident of Nevada:
If you are a resident of California:
Californians have a right to direct us not to “sell” certain personal information as that term is defined under the California Consumer Privacy Act or CCPA. You can exercise that right by completing our CCPA Data Requests Form or emailing us at email@example.com
CCPA Information and Deletion Rights
If you are a California resident, California law may permit you to request that we:
- Inform you of the categories of personal information we have collected about you in the last twelve months; the categories of sources of such information; the categories of personal information (if any) that we sold or disclosed about you for a business purpose, the business or commercial purpose for collecting or (if applicable) selling your personal information; and the categories of third parties to whom your personal information was sold or otherwise disclosed for a business purpose.
- Provide a copy of certain information we hold about you.
- Delete certain information we have about you.
Certain information is exempt from such requests under applicable law. You also may have the right to receive information about the financial incentives that we offer to you (if any). You also have certain rights under the CCPA not to receive discriminatory treatment by dtx for the exercise of your CCPA rights. To request to exercise those CCPA rights, please email us at firstname.lastname@example.org. For security and legal reasons, dtx may not accept requests that require us to access third-party websites or services. We do not respond to browser-based do-not-track signals or similar mechanisms. We will take steps to verify your identity before responding to your request, which may include confirming that the browser in your possession matches the one associated with the relevant QR Codes, requesting that you respond to an email that we send to you, or otherwise verifying your name, email address or other information that will help us to confirm your identity.
If you are an agent making a request on behalf of a consumer, you must verify that you are authorized to make that request, which may include requiring you to provide us with written proof that satisfies CCPA requirements, such as an appropriate letter signed by the consumer or a power of attorney. We also may require the consumer to verify their identity directly with us.
CCPA “sale” of California personal information
dtx does not “sell” and has not “sold” personal information in the way those terms are conventionally defined. For example, we do not sell email lists or any other personal information in exchange for monetary value from a purchaser. However, the CCPA defines a “sale” in very specific terms, that may encompass some situations when a website or application uses third-party cookies and similar technology for its own analytics or advertising purposes, even when the website or application pays the third-party provider (not vice versa). dtx, like most companies, does use those sorts of services.
California Shine the Light Disclosure
The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we shared certain categories of “personal information” with third parties for their “direct marketing purposes” (as defined in the Shine the Light law) in the prior calendar year. To exercise that right, please contact us as described below.
If you are located in Europe or the United Kingdom:
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Under certain circumstances you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, or request that we transfer a copy of your personal information to another party, please contact us.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any unauthorised people.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
8. MARKETING – what choices you have regarding marketing you receive from us
You can unsubscribe from dtx marketing emails at any time. If you have established an online account with our Services, you may also be able to login to that account to access or change your personal information, or to use certain privacy preference settings.
If you do not want us to see or access your device location, you can turn off location sharing on your device, change your device privacy settings, or change your device’s location settings for our application. Please note that disabling such features may result in you not being able to access or receive some of the present or future content available in the Services.
If you would like to opt out of receiving marketing or promotional emails from dtx, please contact email@example.com or follow the instructions in those messages. Please note that if you opt out, we may still send you non-promotional or non-marketing messages, such as communications regarding Services you have requested.
9. CONTACT DETAILS – how to get in touch with us
- email at firstname.lastname@example.org
- mail at:
the dtx company
Attn: Privacy Team
45 Grand St.
New York, NY 10013