PRIVACY POLICY SUPPLEMENT FOR EUROPEAN ECONOMIC AREA


Updated as of May, 2018

Our data collection, use, and disclosure practices are explained in more detail in the accompanying Website Privacy Policy and Platform Privacy Policy. The following supplements those privacy policies for our operations within the European Economic Area (EEA).

Your information will be held in a database within or outside the EEA. PulsePoint, Inc., with an office at 360 Madison Avenue, 14th Floor, New York, NY 10017, or one of its affiliates, including PulsePoint Ltd, located at  31-35 Kirby Street, London, EC1N 8TE, UK, will collect your information as controller of the database and your details may be accessible to and used by other PulsePoint group companies. PulsePoint provides services in the USA and EEA, and your information may be transferred within or outside of the EEA (including to the USA) where privacy laws may differ from those in the European Union (EU). However, we will employ technical security measures designed to protect your personal data as required by EU law.

Our legal basis for collecting and using the personal data described herein will depend on the personal data concerned and the specific context in which we collect it. We will normally collect personal data from you only where we have your consent to do so, where we need the personal data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interest or fundamental rights or freedoms. In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person.

As explained in our Platform Privacy Policy, our Platform may be used for online behavioral advertising (OBA) and/or interest based advertising (IBA) (collectively, “Targeted Advertising”). In operating our Platform, we may collect, use, and disclose for Targeted Advertising purposes personal datawhich may be considered to be more sensitive, including information which is considered under EEA data protection laws to be within a special category of personal data. Personal data may include information such as e-mail address, gender, IP address, location or certain specific demographic and other information, as well as the following information which is considered under EEA data protection laws to be a special category of personal data; data related to race or ethnicity, health conditions such as information on certain past, present, or future medical conditions and treatment of those conditions, prescriptions you have filled, laboratory results, information about your health or wellness, or information regarding sexually transmitted diseases. If personal data is used for Targeted Advertising purposes, we will obtain your consent or, if the data is acquired from a third party, we request in our contract with that third party that they obtain your consent.

In accordance with the Internet Advertising Bureau (IAB) Europe framework for OBA, we do not create segments for Targeted Advertising purposes that are specifically designed to target children age 13 and under.

If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data). Similarly, if we collect and use your personal data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

YOUR DATA PROTECTION RIGHTS

  • If you wish to access, correct, update or request deletion of your personal data, you can do so at any time by submiting such requests here, or by contacting us using the contact details provided under the “Questions and Comments” heading below.
  • In addition, if you are a resident of the EEA, you can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data. Again, you can exercise these rights by submiting such requests here, or by contacting us using the contact details provided under the “Questions and Comments” heading below.
  • You have the right to opt-out of marketing communications we send you at any time.You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “Questions and Comments” heading below. You can also set ad choices as described in our Privacy Policies.
  • Similarly, if we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your personal data.For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the US and Canada) are available here.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

PRIVACY SHIELD


PulsePoint participates in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (collectively “Privacy Shield”) regarding the collection, use, and retention of personal data from the EU member countries. PulsePoint remains responsible for personal data that is shared with third parties under the Onward Transfer Principle. We commit to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and to comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland. PulsePoint may be subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission or another U.S. statutorily authorized body.

To learn more about the Privacy Shield program, and to view our certification, click here. EU and Swiss individuals with inquiries or complaints should first contact PulsePoint at privacy@pulsepoint.com. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact U.S.-based third party dispute resolution provider JAMS. An individual may under certain circumstances invoke binding arbitration. Please see the Privacy Shield website for more information on conditions giving rise to binding arbitration.

REVISIONS


We may make modifications to the above provisions from time to time in response to changing legal, technical or business developments. When we do, we will take appropriate measures to inform you, consistent with the significance of the changes we make. Any changes will be posted here and the effective date of the changes will be revised accordingly.


Questions and Comments

If you have questions about your privacy, you may contact us at:

Attn: DPO
360 Madison Avenue, 14th Floor
New York, NY 10017
(212) 706-4800
privacy@pulsepoint.com