BritePool Privacy Shield Notice
EU-US and Swiss-US Privacy Shield Notice for Personal Data Transfers to the United States
Effective Date: March 4, 2020 (last updated May 18, 2021)
PRIVACY SHIELD COMPLIANCE STATEMENT
BritePool, Inc. (“BritePool,” “we,” “us,” “our”) complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework, as set forth by the US Department of Commerce, regarding the collection, use and retention of personal data from European Union member countries, the United Kingdom, and Switzerland transferred to the United States pursuant to Privacy Shield. BritePool has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy notice and individual rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and view our certification page, please visit: https://www.privacyshield.gov/.
BritePool is an identity resolution services company. Our proprietary technology platform and solutions utilize unique identifiers (“BPIDs”), rather than third-party cookies, to aid marketers in delivering effective cross-channel advertising, while maintaining standards of data transparency and control (collectively, “Service” or “Services”). We pride ourselves on collecting, using and disclosing only minimal amounts of personal data to do what we do; however, to the extent such processing of data is necessary to provide our Services, we have committed to do so within the confines of the Privacy Shield Principles described further below.
Types of Personal Data Collected.
Visitor Data. BritePool collects personal data of individuals who visit our website (“Visitors”). We obtain this information in two ways: i) the Visitors voluntarily provide the information, such as first name and email address, when subscribing to an email newsletter or inquiring about our Services; or ii) email, Web hosting and analytics providers provide IP address and/or Internet activity information related to their visits.
Client Data. BritePool also collects personal data of individuals other than Visitors (“Client Data”). These individuals are users of digital, mobile and other platforms. We collect this data from clients who retain our Services, such as advertisers and agencies, and our partners who help us deliver our Services, such as publishers, publisher networks, supply- and demand-side platforms, and data service providers (collectively, “Client”). Client Data includes hashed email addresses but may also include MAIDs and/or other online identifiers and associated transactional advertising data.
All personal data that BritePool collects in the delivery of our Services is hashed and restricted to forms that are not directly identifying in nature.
BritePool does not collect, use or disclose any personal information that is sensitive in nature, such as information related to an individual’s physical or mental health, race, ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership or sex life.
Purposes of Personal Data Collection and Use.
Visitor Data. BritePool collects and uses Visitor Data to monitor the use of our website, respond to inquiries about our Services, maintain data security and pursue any other legitimate interest or lawful purpose disclosed at the time of collection.
Client Data. BritePool collects and uses Client Data to deliver our Services. More specifically, BritePool creates BPIDs from and/or matches BPIDs to Client Data. BritePool uses the BPIDs to aid in the delivery of effective cross-channel advertising. BritePool also uses Client Data to maintain data security and pursue any other legitimate interest or lawful purpose disclosed at the time of collection.
Types of Third Parties to Which Personal data is Disclosed and Purposes.
Visitor Data. BritePool does not disclose Visitor Data (except as otherwise provided herein below).
Client Data. BritePool discloses BPIDs to the respective Client so that the Client can more effectively serve personalized advertising without relying on third-party cookies. If required to deliver our Services, BritePool may also disclose the BPIDs and/or Client Data to a processor of that Client and/or a subprocessor of BritePool (“Subprocessor”), such as supply-side platforms, demand-side platforms, and/or data service providers, provided said disclosure is done only at the lawful written instruction of the Client, and the Subprocessor is bound by written contract providing the same level of protection as afforded under the Privacy Shield Principles. Client Data and BPIDs are always encrypted, both at rest and in transit.
Other Disclosure. BritePool may also disclose personal data: i) as necessary in connection with the sale or transfer of all or part of its business; ii) as required or permitted by law; iii) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; and/or iv) when an individual provides consent.
BritePool will provide an individual opt-out choice, or opt-in for sensitive data, before we share an individual’s data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. Request(s) to limit the use and disclosure of personal data should be submitted in writing via email to: firstname.lastname@example.org.
ACCOUNTABILITY FOR ONWARD TRANSFER
BritePool’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. BritePool remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless BritePool proves that it is not responsible for the event giving rise to the damage.
BritePool takes personal data privacy very seriously and protects personal data from loss, misuse, and unauthorized access, disclosure, alteration and destruction through its security protocols and policies.
DATA INTEGRITY AND PURPOSE LIMITATION
In compliance with the Privacy Shield Principles, BritePool limits the collection of personal data to information that is relevant for the purposes of processing. BritePool will only process such personal data in a way that is compatible with the purposes for which it has been collected or subsequently authorized. BritePool takes reasonable and appropriate steps to ensure that such personal data is reliable for its intended use, accurate, complete, and current. Moreover, BritePool takes reasonable and appropriate measures to ensure that our retention of any such personal data adheres to the Privacy Shield Principles for so long as the personal data is retained.
Pursuant to the Privacy Shield Frameworks, EU, UK and Swiss individuals have the right to obtain confirmation of whether we maintain personal data relating to each respective individual in the United States. Upon request, we will provide said individual with access to the personal data that we hold about the individual. The individual may also correct, amend or delete the personal data we hold about said individual. An individual who seeks access, or who seeks to correct, amend or delete inaccurate data transferred to the United States under Privacy Shield, should email their request to email@example.com. If requested to remove data, we will respond within a reasonable timeframe and otherwise in accordance to applicable laws.
BritePool is committed to annually reviewing and verifying its compliance with the Privacy Shield Principles. BritePool may do so by undergoing a self-certification process or by retaining an independent third-party certification provider.
In compliance with the Privacy Shield Principles, BritePool commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union, UK and Swiss individuals with Privacy Shield inquiries or complaints should first contact BritePool by email at:
or via post or phone at:
444 W New England Ave Suite 220
Winter Park, Florida 32789
BritePool has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If the Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, binding arbitration may be invoked for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, BritePool is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
BritePool can be contacted for questions about Privacy Shield and our commitment thereto by emailing firstname.lastname@example.org, or by writing BritePool, Inc., 444 New England Ave., Suite 220, Winter Park FL, 3278, Attn.: Privacy Shield Info.