PRIVACY STATEMENT
Last updated: 16 September 2024
This privacy policy applies to Affinity Global Inc. and its performance marketing platform VEVE (collectively, “VEVE,” or “we“, “us“, “our“).
VEVE offers a performance marketing platform to reach consumers through OEMs and browsers. We help driving new customer acquisitions, sales, app downloads and website views through unique formats and media placements.
We are committed to protecting your privacy. The purpose of this notice is to supply you with the required information at the time of providing us with your personal data. This Privacy Notice explains how we collect, use and disclose your personal data and what rights and options you have in this respect. This should help you feel more confident about privacy and security of your personal data.
Please read this Privacy Notice carefully. By visiting our website or using any of our services, you indicate your acceptance of our use of your personal data as set out in this Privacy Notice.
Services
VEVE engages with third party publishers to serve ads on their digital properties on behalf of its demand side advertising partners. VEVE also engages in media planning and measurement (e.g. whether an advertisement was viewed, its timestamp etc.)
VEVE provides performance marketing platform Services, including optimization of advertising campaigns, data analytics/enrichment, segment creation, user acquisition or re-engagement through various digital advertising channels. VEVE receives data into its marketing platform from various sources, including end user information collected by our systems, applications, business partners or customers, which may include third party apps and services that you use. Please refer to the privacy policies of the OEMs, apps and services you use to understand how those apps and services collect, use and share data from your interactions with them. VEVE is not responsible for how those third-party services collect and use data.
It is our policy to respect your privacy regarding any information we may collect while using our services and websites, collectively called the Services.
Domains and Websites for this Policy
For the purposes of this Policy, the term, “Websites”, shall refer collectively to www.veve.com as well as the other websites that the Affinity Group operates and that link to this Policy.
Information We Collect
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
a. When do we collect Information?
We may collect personal data about you in several circumstances:
Information provided by you: We collect personal data when you use our website/services or provide the personal data directly to us.
Information collected through our website: In certain cases, we automatically collect personal data when you use our website/services. This data is recorded in log files or other such files. Examples of such data include IP addresses.
Information from other sources: Apart from data that you provide us directly, we also may collect information about you from publicly available sources and third-party sources.
What Information do we collect and why?
Information Provided by you:
Contact information: Publishers and Advertisers provide data that is necessary to create user accounts. For creation of user accounts, you provide your name, email address, password, telephone number and correspondence address.
Financial details: Billing details you provide us for invoicing purposes.
Details of the services: We collect the details of the services you request from us;
Contact Us Data: When you enquire about our services, we collect and store this data to communicate with you and respond to your enquiry. Also when you register with us, apply to use any of our services or newsletter subscriptions, become our client, or contact us in person, by telephone, by email or by post;
Subscription Data: You provide personal data to us as part of signing up for communication from us through our websites. We may also collect personal information from you when you use interactive features of the Websites, promotions, request customer support, or otherwise communicate with us.
Information collected automatically:
In certain cases, we automatically collect personal data when you use our website/services. This data is recorded in log files or other such files.
View an advertisement: When you view an advertisement distributed through VEVE on any digital media, we may collect information on your device and your interaction with the advertisement. This information enables us to serve advertisements to you, and improve our Services including to recognize your device when you use other sites and applications that have partnered with us. The information includes:
- Device identifiers such as iOS devices’ Identifier for Advertising (IDFA) and iOS Identifier for vendors, Google Advertising ID (GAID), or Android ID for Android devices
- Location information, including
- Geo-location or precise location of your device if you have given the app or site permission to collect your location information
- Location information we infer from your device’s IP address
- Other information such as Device type, Operating System and Language settings
Log Data: Our servers automatically collect information when you access or use our applications and services. This data is recorded in log files. Examples of such data include IP Address.
Website user’s Data – Our servers automatically collect website users data when you visit our website to for advertising and other purposes.
Session information – During some visits we may use software tools to measure and collect session information, including page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. We may use this information to measure website activity, to develop ideas for improving our websites and for any other purpose to the extent permitted by applicable law.
Information from other third-party sources:
Apart from the data that you provide us directly, we also may collect information about you from publicly available sources and third-party sources.
Third-party sources: In some circumstances, we collect personal data about you from a third-party source.
How We Use Your Data
How we use your personal data will depend on which Services you use and how you use those Services.
We use the ‘Website user’s Data’ that we collect about your device to:
- Display advertisements on your device, which may include interest-based advertising customized to your interests, preferences, locations
- For tracking the number of clicks an ad receives
- For tracking if you are navigating between two sites
- For bidding to serve advertisements and to determine which ads are most effective
- To analyze and provide our demand partners or advertisers reports on the effectiveness of advertisements and campaigns, including across different types of devices based on our determination of devices that are related to the same person.
- For pushing the notifications based on the consent you have given to our publishers such as browsers or devices
- For pushing the notifications based on the consent you have given to us when we act as publishers
- To detect, deter and prevent fraud, fraudulent traffic or to protect the security of our systems
- For redirect tracking
- Internal reporting
‘Other Data’ is used by us to provide our services, send our newsletters and to communicate with you by responding to your requests, comments and questions.
In such instances, Affinity will only do so where we have either received consent from you or we have assessed that there is a legitimate interest for us to send you the communication. When assessing legitimate interest, we will balance our interest with your rights and will only send communications where you would reasonably expect to hear from us. You may opt out of receiving this information when we collect details or at any time by using the details in the ‘Contact us’ section of this notice.
Lawful bases for processing
We understand that we are only allowed to process personal data collected if we have a lawful basis to do so. So, we collect and process information about you only where we have legal bases for doing so under applicable data protection regulations. The legal bases depend on the Services you use and how you use them.
Our legal basis is as follows:
- Consent – We process your data if you have given your consent freely for the same. Where we rely on your consent to use your personal data, you have the right to withdraw that consent at any time. Please contact us using the details in the ‘Contact us’ section of this notice.
- Performance of contract – We process your data when it’s necessary for the performance of the contract. For example, if the processing is necessary to fulfil our commitments under the applicable terms of service.
- Legal Obligation – We process your data if the use of your information is necessary for compliance with legal obligations.
- Legitimate Interest – We may also process your data on the grounds of legitimate interest for a particular processing activity. For example, to safeguard our services, to understand our user preferences etc.
Where you have consented to a particular processing, you have a right to withdraw the consent at any time.
Holding Personal Data:
We hold Personal Data in electronic formats. In some cases, we engage third parties to host electronic data (including data about the services we provide) on our behalf. We take security measures to protect the Personal Data we hold which includes physical controls (for example, security passes to enter our offices and storage of files in lockable cabinets) as well as technological controls (for example, restriction of access, firewalls, the use of encryption, passwords and digital certificates).
We also have policies and processes which govern document retention and data breach incidents. We endeavour to ensure that Personal Data is kept as current as possible and that irrelevant or excessive data is deleted or made anonymous as soon as reasonably practicable. However, some Personal Data may be retained for varying periods to comply with legal and regulatory obligations and for other legitimate business reasons.
Cookies
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information about your actions to the owners of the website.
The categories of cookies used are:
- Strictly necessary cookies – These cookies are needed to run our website, keep it secure, and comply with regulations that apply to us.
- Performance/analytics cookies – We may use performance/analytics cookies on our website. These cookies collect information about how visitors use our website and services, including which pages visitors go to most often and if they receive error messages from certain pages. It is used to improve how our website functions and performs
- Marketing Cookies – We may use cookies storage required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
VEVE uses cookies to identify and track visitors, their usage of website, and their website access preferences. VEVE visitors can control cookies through Cookies Settings.
For more details about how we use these technologies, please see our Cookie Policy.
Users under 16 years of age
The Sites and Services do not knowingly collect personal information from users under the age of 16
If you are under the age of 16, you are not permitted to use the Sites and Services or to disclose Personal Information. If we learn we have collected or received Personal Information from a child under 16, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us using the details in the ‘Contact us’ section of this notice to ask us to delete the personal data.
Data Retention Policy
Website user’s Data:
We will retain information collected in the context of our Marketing Platform for a period of up to 3 years, unless otherwise required by law or applicable contract.
We may retain the information it obtains about you as per the instructions of its customers or partners who provide such information or as required to fulfil our contractual obligations.
After the applicable retention period, we may only retain and use your data:
- in an aggregated or anonymized format;
- to comply with its legal obligations;
- to resolve disputes and enforce agreements.
Please note that the use cases stated in this provision will apply as an exception to your data subject or consumer rights related requests.
Other Data
VEVE may retain Other Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy
We retain your personal data as per our retention policy.
Your Rights
Data Subjects have certain rights in respect of their personal data. The rights given with respect to your personal data include:
- The Right of Access: You have the right to access personal data and supplementary information. You can ask us for a copy of your personal information.
- The Right to Rectification: You can ask us to change, update or fix your data in certain cases, particularly if it is inaccurate.
- The Right to Erasure: You can ask us to erase or delete all or some of your personal information (e.g., if it is no longer necessary to provide Services to you) without undue delay.
- The Right to Restriction of Processing: You can ask us to stop using all or some of your personal information (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if you think your personal information is inaccurate or unlawfully held).
- The Right to Data Portability: You have the right to data portability which provides the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to transmit the same to another controller.
- The Right to Object: You have the right to object to the processing of personal data.
- Automated individual decision-making, including profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you (data subject).
- The right to withdraw consent: You have the right to withdraw your consent at any time with effect for the future. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
- The right to lodge a complaint: You have the right to lodge a complaint with the supervisory authority if you are dissatisfied with the way we handle or process your personal data.
Whenever you use our services, we aim to provide you with easy means to access, modify, delete, object to or restrict the use of your personal information.
We strive to give you ways to access, update/modify your data quickly, or delete it unless we have to keep that information for legal purposes. These rights can be exercised by contacting us using the details set out in the “Contact Information” section below.
Your information shared with others
Recipients of your data
VEVE may share the Website user’s data we collect or receive about you as described in this Policy as follows:
- Employees and Subsidiaries- We at Affinity might share your personal data with our employees, subsidiaries that need to know in order to help us provide our services or to process the information on our behalf.
- Publishers and Supply Partners- We may share your information with publishers (the app or site publishers) to help them understand how users interact with their apps and sites and advertisements on their apps and sites.
- Demand Partners and Advertisers- We may share your information with demand partners, brands and advertisers who use our Marketing Platform, to allow them to understand the performance of their campaigns; and to help them better target their campaigns, products or offerings
- Marketing Partners- We may share your information with data partners who help us with better understanding your preferences by providing data enrichment services and measurement companies who help us with attribution and tracking of advertisements distributed through us ( “Marketing Partners”)
- Content Providers- We may share personal information we collect about you with our content providers who provide content to be displayed on our websites.
- Service Providers- We may share personal information we collect about you with our third- party service providers. The categories of service providers to whom we entrust personal information include: IT and related services such as cloud-based data centers, analytics service providers; service providers for fraud detection; CRM and email marketing services.
- Disclosures to Protect Us or Other- We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
- Disclosures in the Event of Merger, Sale, or Other Asset Transfers- If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.
- Legal Requirement- We provide your personal data when we are required to provide such information in response to a court order or other applicable law or legal process
- Regulators and Auditors- Affinity may share the personal data with the regulators, the Financial Conduct Authority, or any relevant regulatory authority where they are entitled to the disclosure. Also, we may be required to share information with auditors appointed by the providers of such products or services.
Cross-Border Data Transfers
Personal information we hold about you may be transferred to other countries outside your residential country for any of the purposes described in this Privacy Policy.
These countries may not have the same standard of data protection laws as your own country. These international transfers of your personal information are made pursuant to the appropriate safeguards.
We will comply with applicable legal requirements providing adequate protection for the transfer of Personal Data to recipients in countries outside the country in which the information originally was collected.
Links to other sites:
Our website may contain links to the websites of other organizations. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. This Privacy Policy does not cover how those organizations process your personal information. We encourage you to read the Privacy Policies on the other websites you visit.
Security Measures to Protect your Data:
Security Measures
We implement security controls to prevent breaches and unauthorised access to your data.
We maintain reasonable and appropriate security measures to protect Customer Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Examples of security measures include physical access controls, restricted access to data, monitoring for threats and vulnerabilities etc.
Protection of personal information
Our Sites and Services uses commercial efforts to maintain safeguards for the protection of your Personal Information under all the applicable regulations. To refer to our jurisdiction-specific policy please click on the link
VEVE takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally identifying and personally identifying information.
Contact Information
You can contact us about this privacy policy or use of our services.
If you have questions or complaints regarding this Policy, you may contact us through email at [email protected]. You may contact us at our mailing address below
20 N. Wacker Drive, 12th Floor,
Chicago, IL 60606
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are aware of how and why we are using such information.
Privacy policy change
VEVE may change this Privacy Policy from time to time, at our sole discretion.
VEVE encourages visitors and customers to frequently check this page for any changes to its Privacy Policy. We will notify you of material changes in advance by email or by notice when you log in to the Sites and Services or both. You confirm that your continued use of our services after any change in this Privacy Policy will constitute your acceptance of such changes and agree to be subject to the revised privacy policy.
ANNEXURE:
Jurisdiction-specific provision:
| Categories of Personal data | Personal data collected |
|---|---|
| Identifiers | Name, postal address, phone number, email address etc. IP address Device identifiers such as iOS devices’ Identifier for Advertising (IDFA) and iOS Identifier for vendors, Google Advertising ID (GAID), or Android ID for Android devices Unique hash value if Device Id is not shared |
| Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | Name, signature, tax identification number (i.e. National Insurance Number), Government ID number etc. for individual who are signing up as our partners and customers. |
| Financial Information | Bank details, payment information etc. |
| Commercial Information | If any collected |
| Protected Classification characteristics under California or federal law. | N/A – We do not collect information such as Gender, Age, national origin, marital status etc. |
| Biometric information | N/A – We do not collect Biometric information |
| Internet or other similar network activity. | Log data, session information, Cookie Id . |
| Geolocation data | Such as your location information generated based on your IP address etc.
|
| Sensory data. | N/A – We do not collect any Sensory data. |
| Professional or employment-related information. | Employment status, previous employment details, salary details etc only for job applicants. |
| Inferences drawn from other personal information. | If any collected |
| Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | From job applicants only such as educational details, history, degree etc. |
Sensitive data: We do not generally seek to collect sensitive data through this site or otherwise. In the limited cases where we do seek to collect such data, we will do this in accordance with California Privacy Rights Act (“CPRA”) requirements. If in case, VEVE ever chooses to use Sensitive Personal Data, you would have the right to limit the use of your sensitive personal Data The term “sensitive data” refers to the various categories of personal data identified by CPRA as requiring special treatment, including in some circumstances the need to obtain explicit consent from you. These categories include racial or ethnic origin, political opinions, religious, philosophical, or other similar beliefs, membership of a trade union, physical or mental health, biometric or genetic data, sexual life or orientation, or criminal convictions and offences (including information about suspected criminal activities). Disclosures of Personal Data for a Business Purpose: In the preceding twelve (12) months, VEVE has not disclosed Personal Data for business purposes. Your Rights: The CPRA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CPRA rights and explains how to exercise those rights.
- Access to Specific InformationYou have the right to request that Affinity disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- Sales, identifying the personal information categories that each category of recipient purchased; and
- Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- Deletion Request RightsYou have the right to request Affinity delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- Right to Correct Inaccurate Personal InformationYou have a right to request for correction of Inaccurate personal information. We shall use commercially reasonable efforts to correct the inaccurate personal information as directed by the consumer.
- Right to Know What Personal Information is Sold or Shared and to WhomYou have a right to request us information about what personal information is sold or shared by us and with whom. Once request received, we shall disclose the following:
- The category or categories of consumers’ personal information it has sold or shared, or if we have not sold or shared consumers’ personal information, it shall disclose that fact.
- The category or categories of consumers’ personal information it has disclosed for a business purpose, or if we have not disclosed consumers’ personal information for a business purpose, it shall disclose that fact.
- Right to Opt Out of Sale or Sharing of Personal InformationYou have a right to opt out of sale or sharing of personal information if we sell or share such personal information. We shall prohibit from selling or sharing the consumer’s personal information after its receipt of the consumer’s direction, unless the consumer subsequently provides consent, for the sale or sharing of the consumer’s personal information.
- Right to Limit Use and Disclosure of Sensitive Personal InformationYou have a right to request us to limit Use and Disclosure of Sensitive Personal Information. Upon such request we shall prohibit, from using or disclosing the consumer’s sensitive personal information for any other purpose after its receipt of the consumer’s direction unless the consumer subsequently provides consent for the use or disclosure of the consumer’s sensitive personal information for additional purposes.
- Right of No Retaliation Following Opt Out or Exercise of Other Rights – Non-DiscriminationWe will not discriminate against you for exercising any of your CPRA rights. Unless permitted by the CPRA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
- Response Timing and FormatWe endeavour to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
CONTACT FOR MORE INFORMATION
If you have any questions or concerns about VEVE’s privacy policy and practices, please contact us by email at [email protected] , or by mail at:
20 N. Wacker Drive, 12th Floor,
Chicago, IL 60606
Privacy policy change
We will review and update this CPRA Privacy Policy periodically and will note the date of its most recent revision at the top of this CPRA Privacy Policy. If we make material changes to this Policy, we will post the revised Policy on our website and may take additional measures to inform you about such changes prior to such changes taking effect, if required by applicable data protection laws. We encourage you to review this Policy frequently to be informed of how VEVE is protecting your information.