BritePool Privacy Shield Notice
EU-US and Swiss-US Privacy Shield Notice for Personal Data Transfers to the United States
Effective Date: March 4, 2020 (last updated 3/24/2020)
PRIVACY SHIELD COMPLIANCE STATEMENT
BritePool, Inc. (“BritePool,” “we,” “us,” “our”) complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal data from European Union member countries, the United Kingdom, and Switzerland transferred to the United States pursuant to Privacy Shield. BritePool has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy notice and individual rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and view our certification page, please visit: https://www.privacyshield.gov/.
BritePool is an identity resolution services company. Our proprietary technology platform and solutions utilize unique identifiers (“BPIDs”), rather than third-party cookies, to aid marketers in delivering effective advertising across the open Web, while maintaining standards of data transparency and control (collectively, “Service” or “Services”). We pride ourselves on collecting, using and disclosing minimal amounts of personal data to do what we do; however, to the extent the collection of such data is necessary to make our website accessible and otherwise provide our Services, we have committed to do so within the confines of the Privacy Shield Principles described further below.
Types of Personal Data Collected. BritePool collects personal data from individuals who visit our website and voluntarily provide certain information, such as first name, email address and preferences (“1st Party Data”). BritePool also collects personal data, such as IP addresses, hashed email addresses, MAIDs and other online identifiers, Internet activity and transactional data, from third-party data providers, online publishing partners, advertising clients, DSPs, SSPs, analytics technology providers and providers of email and other Web services (“3rd Party Data”). BritePool does not collect, use or disclose any sensitive information, such as information related to an individual’s physical or mental health, race, ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership or sex life.
Purposes of Personal Data Collection and Use. BritePool uses 1st Party Data and 3rd Party Data to create and/or make matches to BPIDs, and otherwise for the purpose of: operating, delivering, improving, personalizing and monitoring use of our website and identity verification Services; pursuing other legitimate interests; responding to inquiries about, and providing access to, our Services; maintaining data security; and any other lawful purposes disclosed at the time of collection. When BritePool collects and processes personal data as a data processor on behalf of a controller (i.e. our advertising clients, online publishers), we do so pursuant to controller’s written contractual instructions and in accordance with the purposes identified by the controller.
Types of Third Parties to Which Personal data is Disclosed and Purposes. BritePool does not disclose the 1st Party Data or 3rd Party Data. BritePool only shares BPIDs. BritePool shares the BPIDs for the purpose of delivering our Services. For example, BritePool shares BPIDs with our advertising clients and DSPs so that they can more effectively serve personalized advertising without the use of third-party cookies. BritePool shares BPIDs with SSPs and our online, ad-supported publishing partners to ensure they can service the demands of advertisers and continue to offer quality online content for free. This sharing of data in turn affords individuals greater transparency and control of, as well as incentivization for, their personal data.
In many instances as it relates to our advertising clients/publishing partners, they serve in the capacity of controller, and BritePool as data processor. In other words, when we share BPIDs we do so at the direction of, and via written contract providing the same level of protection as required by the Privacy Shield, with each respective client/partner.
In other instances, BritePool serves in the capacity of controller and may share personal data with third-party data processors, such as email and web-hosting services, which process the data on our behalf and at our instruction pursuant to written contract that obligates third-party compliance with these Privacy Shield Principles.
BritePool may also disclose personal data: i) as necessary in connection with the sale or transfer of all or part of its business; ii) as required or permitted by law; iii) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; and/or iv) when an individual consents.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
BritePool will provide an individual opt-out choice, or opt-in for sensitive data, before we share an individual’s data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. Request(s) to limit the use and disclosure of personal data should be submitted in writing via email to: email@example.com.
ACCOUNTABILITY FOR ONWARD TRANSFER
BritePool’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. BritePool remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless BritePool proves that it is not responsible for the event giving rise to the damage.
BritePool takes personal data privacy very seriously and protects personal data from loss, misuse, and unauthorized access, disclosure, alteration and destruction through its security protocols and policies.
DATA INTEGRITY AND PURPOSE LIMITATION
In compliance with the Privacy Shield Principles, BritePool limits the collection of personal data to information that is relevant for the purposes of processing. BritePool will only process such personal data in a way that is compatible with the purposes for which it has been collected or subsequently authorized. BritePool takes reasonable and appropriate steps to ensure that such personal data is reliable for its intended use, accurate, complete, and current. Moreover, BritePool takes reasonable and appropriate measures to ensure that our retention of any such personal data adheres to the Privacy Shield Principles for so long as the personal data is retained.
Pursuant to the Privacy Shield Frameworks, EU, UK and Swiss individuals have the right to obtain confirmation of whether we maintain personal data relating to each respective individual in the United States. Upon request, we will provide said individual with access to the personal data that we hold about the individual. The individual may also correct, amend or delete the personal data we hold about said individual. An individual who seeks access, or who seeks to correct, amend or delete inaccurate data transferred to the United States under Privacy Shield, should email their request to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe and otherwise in accordance to applicable laws.
BritePool is committed to annually reviewing and verifying its compliance with the Privacy Shield Principles. BritePool may do so by undergoing a self-certification process or by retaining an independent third-party certification provider.
In compliance with the Privacy Shield Principles, BritePool commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union, UK and Swiss individuals with Privacy Shield inquiries or complaints should first contact BritePool by email at:
or via post at:
444 W New England Ave Suite 220
Winter Park, Florida 32789
BritePool has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If the Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, binding arbitration may be invoked for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, BritePool is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
BritePool can be contacted for questions about Privacy Shield and our commitment thereto by emailing email@example.com, or by writing:
BritePool, Inc., 444 New England Ave., Suite 220, Winter Park FL, 3278, Attn.: Privacy Shield Info.