Privacy and Data Security Policy (Last Updated: 17th September 2020)
Lifesight provides consumer intelligence services using disparate data elements (such as location data, offline and digital identifiers, device metadata etc) that we collect and infer for anonymized individuals. The following describes our data collection and use practices for the information that we collect and the data we receive from our data partners (such as mobile app publishers and developers) about individuals. It also describes the choices available to you regarding the use of that information and data. This statement doesn’t apply to the data collection and use practices of our clients and partners and the websites, services, and applications that they operate.
Data We Collect
Data You Give Us. When you ask to be contacted or have questions about our products and services and you provide us with your contact information (like your name and email address).
Data We Receive from Others. We receive data that was initially collected (over time and across websites, mobile apps, and devices) by our data partners (such as mobile app publishers and developers, advertising networks and exchanges and other websites and services), which includes:
Ad Data. We receive advertisement requests (to display an advertisement on a website, mobile app or device) along with its associated data, such as a device identifier (like a browser ID or an advertising ID (the operating system-supplied ID meant for advertising use, such as the IDFA and AAID), or another similar identifier), the browser or device type, IP address, app publisher, operating system, location, and other similar device-specific information.
Movement Data. We receive data about the places people go and visit with their mobile devices (if the mobile or other location-aware device is configured to share its location data when the device or a mobile application on the device is in use or when operating in the background). In addition to location, we receive a device identifier and other information about that device (such as the browser or device type, IP address or app publisher, operating system, carrier provider, and other similar device-specific information). We do not receive the phone number or the unique hardware device ID of a mobile device through this channel. We identify devices using the advertising ID or a randomly assigned unique identifier (that is created through our own system).
Personal Data: We receive Personal Data during your registration, when you choose to provide it, such as your name and email address. The decision to provide such data is optional. In addition, we may also receive certain personal data from third parties that includes hashed email addresses and hashed phone numbers. We make our best endeavor to ensure that all such data is explicitly opted-in with clearly defined permitted use cases that the data subject consents to including sharing it with non-affiliated third parties.
Data We Receive from Other Sources. We receive data and information from other data sources about places that we use to verify their location, to classify those locations (such as a business, residential parcel, or other point of interest), and to identify the location’s boundaries.
Note about children. We do not knowingly collect personal information from children. If we learn that we have collected personal information of a child under 18, we will take steps to delete such information from our files as soon as possible.
How We Use the Data We Collect
We associate the data and information that we collect with the data and information we receive from others. Our technology contextualizes and aggregates this data. The consumer intelligence we derive (and infer) from the data and the information we amass is the basis of the services we provide:
• for measurement and reporting services,
•for capturing and understanding the interests, activities, and trends of consumers in the physical world,
•for data analytics and data services (such as for marketing and advertising, trend analysis, or market research), and
•for providing, maintaining, and improving the products and services we offer (and to develop new products and services).
We may use (and store) the data and information we collect and receive on servers that may be located outside the country where you live.
Information We Share with Others
We share the data and information we compile about someone using advertising IDs or another type of identifier:
•for measurement, statistics, usage reporting, and other data analytics
•To allow third parties to market to you, including through mobile devices and applications
•for industry analysis, demographic profiling, market research and other such purposes
•For lead generation, analytics, fraud prevention, credit scoring and contextual recommendations.
If you don’t want the data that is collected about you to be used for certain purposes, you have options:
You may control how your browser responds to cookies by adjusting the privacy and security settings of your web browser. Further, Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties.
Please note that the opt-out choices you select are stored in opt-out cookies only in the browser that you use to visit the opt-out websites, so you should separately set your preferences for other browsers or Devices you may use. For more information on cookie opt-out, please visit this link.
On your mobile devices, you have an option to reset the Advertising IDs (for both Android & iOS).
We honor these “limit” or “opt out” instructions or “flags” by removing recognized Devices from our reporting solutions, on a going forward basis. (We may continue to use information from these Devices for other purposes, such as market research and aggregated customer analytics, but we will not use this information for interest-based advertising purposes.)
Location Settings. If you want to limit or prevent location data from your device from being collected, you can adjust this capability through your mobile device settings.
Additional Opt-out Links
Network Advertising Initiative : https://optout.networkadvertising.org/
Ad Choices (Digital Advertising Alliance) : https://optout.aboutads.info/
Security and Data Retention
We take steps to help ensure that the data we possess is housed and transmitted securely. We use multiple types and layers of physical and electronic security, including firewall protections, encryption of data during transfer, and strict access controls to personal information. While neither we nor any platform can guarantee 100 percent safety from hacks or illegal intrusion, we make substantial efforts to ensure that this does not occur.
We use public cloud providers (AWS and GCP) for all our data storage and processing applications. For example, we use Server-Side Encryption for protecting data at rest in Amazon S3. This encrypts objects before saving it on disks in its data centers and then decrypts it when we download the objects.
We also enforce encryption of data in transit by using https (TLS) to prevent potential attackers from eavesdropping on or manipulating network traffic using person-in-the-middle or similar attacks. We allow only encrypted connections over https (TLS) using the aws SecureTransport condition on Amazon S3 bucket policies.
We generally retain mobile advertising IDs on the following schedule:
(a) we render mobile advertising IDs inactive for interest-based advertising purposes within 120 days,
(b) we continue to use mobile advertising IDs for analytics purposes and other purposes unrelated to interest-based advertising and reporting (for instance, in aggregated form for market research) for up to 24 months (outside of EEA countries and Switzerland) or 13 months (in EEA countries and Switzerland), provided that we may retain them if we have a legal or significant operational or legal need to do so, such as for auditing, corporate record-keeping, compliance, record-keeping, accounting or security and bug-prevention purposes.
If we change our data collection and/or use practices, we will post an updated statement (and a more prominent notice if the changes are significant) with the new practices and when they go into effect. The data and information that we collect are subject to the privacy statement in effect at the time the data and information were collected by us.
General Data Protection Regulation (GDPR)
“Personal Data” in GDPR context means any data that identifies or can identify a particular unique user or device – for instance, names, addresses, cookie identifiers, mobile device identifiers, precise location data and biometric data.
To comply with the GDPR, we provide the below representations and information, which are specific to persons located in EEA countries or Switzerland:
Legal grounds for processing your Personal Data
The legal basis for us processing your Personal Data will typically be because:
You provided your consent. In order to provide our services that involve use of precise location information related to other Personal Data, (and to store and gain access to information stored on your device such as mobile advertising IDs), we rely on your consent. To obtain this consent, we rely on our own compliance steps and our web and mobile partners’ compliance steps, designed to ensure that consent is collected and passed on to partners, and to ensure that we only facilitate the collection of legally obtained data. We may choose to obtain consent in other cases as well, in which case we will adhere to applicable laws relating to such consent and its withdrawal.
The processing is in our legitimate interest. We rely on legitimate interest when we use Personal Data to maintain the security of our services, such as to detect fraud or to ensure that bugs are detected and fixed. We also rely on legitimate interest when we use our own customers’ data to communicate with them about our Services.
Some processing of data may be necessary for us to comply with our legal or regulatory obligations.
CCPA Consumer Rights
At Lifesight, we take privacy and personal information very seriously and are committed to complying with all applicable laws and regulations, including the new California Consumer Privacy Act (“CCPA”) regulation. In compliance with CCPA rules effective as of January 1, 2020, consumers who are California residents (as defined by the CCPA) have:
•The right to know what personal information is being collected about them and what the business purposes are for doing so
•The right to know to whom their personal information is being disclosed or sold to
•The right to opt-out of the sale of their personal information
•The right to access and request deletion of their personal information
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
• Deny you goods or services
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties
•Provide you a different level or quality of goods or services
•Suggest that you may receive a different price or rate for goods or services or a different level of goods or services.
CCPA Requirements for Minors
The CCPA includes special restrictions on the sale of children’s personal information. Businesses must obtain special “opt-in” consents for the sale of personal information if they wish to sell information related to minors under 13, or information of minors 13 to 16 years of age.
Lifesight does not knowingly accept, process, or sell any personal information related to minors.
In compliance with CCPA regulation, California residents have the right to request that Lifesight delete any personal data that we may have collected from a Consumer. A delete request may be submitted to us via email at email@example.com or you can submit your information here. We will confirm receipt of Delete Requests within 10 days including a brief description about how Lifesight will process the request.
We will complete the processing of your delete request within 45 days after receipt. If Lifesight is unable to process the request within 45 days, we will notify you with an explanation of the delay, with an extension to not exceed an additional 45 days.
Right to Access Personal Information
In compliance with CCPA regulation, California residents may request certain information with respect to the PII we (when we act as a “business” under the CCPA) store, process, or share with third parties for those third parties’ direct marketing purposes.
The categories of personal information that have been collected
The specific pieces of personal information that have been collected about that consumer
To exercise your rights, please submit a request to us by either completing our ‘Request to Know’ via email at firstname.lastname@example.org
We take security and privacy very seriously and take proactive measures to ensure we do not inadvertently disclose your personal information to an unauthorized third party. In order to securely verify your identity for all detailed Right to Access requests, we request a copy of a government issued ID as part of the required information (along with your name/address, email or MAID ID).
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable customer request related to your personal information. You may only make a request for access twice in a 12-month period. The request must provide sufficient information that allow us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and if you are an authorized agent, we may request additional proof as permitted by the CCPA, such as power of attorney. The scope will be limited to data from the 12-month period preceding the Consumer’s request.
Lifesight will confirm receipt of your Right to Access request within 10 days including a brief description about how Lifesight will process the request. This includes Lifesight’s verification process and timing of when the consumer should expect a response.
We will respond to your verified request within 45 days. If we cannot verify your identity or authority to make the request and confirm the personal information relates to you, we will notify you within 45 days as to why the request cannot be completed.
If Lifesight is unable to process the request within 45 days, and requires more time to do so, Lifesight will notify you with an explanation of the delay, with an extension to not exceed an additional 45 days.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
You can also opt out of Lifesight’s database by submitting your mobile advertising ID at the below link: