|
|
Data Policy
This policy governs all data collected or received from the Websites, by any means, including without limitation via an advertising unit, widget, code (as defined below) or other data collection process whether now known or hereafter developed, including without limitation data that relates to usage of the Websites, user behavior, and/or analytics (collectively, “Data”).
This policy may be modified from time to time in our sole discretion. Continued access of the Websites by you will constitute your acceptance of any changes or revisions to the policy. (1) You will not collect or use, or direct, authorize or assist other persons or entities to collect or use, any Data, nor will you access or place any code, or direct, authorize or assist other persons or entities to access or place any code, on the computer or device operated by a user of the Websites, including without limitation via actions such as cookie synching, without our prior express written permission in each instance. As used throughout this policy, “code” shall mean all pixel tags, cookies, clear gif, HTML, web beacon, scripts and all other tracking technologies. (2) Without limiting the generality of the foregoing: (a) no Data may be collected, used or transferred for purposes of retargeting, behavioral remarketing, or targeting any advertisements, segment categorization or any form of syndication which is related to any Website, its content, or its users without our prior express written permission in each instance; and (b) you may not place any code that collects Data or tracks user activity on any Website without our prior express written permission in each instance. (3) All Data collected is and will continue to be anonymous or you will immediately anonymize such Data. You will not deliberately collect Data that is “personally identifiable” or that constitutes “personal information” according to any applicable law, regulation, or agreement to which you are a party, and to the extent such Data is accidently collected, you will immediately securely delete or discard such Data. Without limiting the generality of the foregoing, you do not and will not aggregate Data collected into databases or engage in any other process that would result in the collation or organization of the Data such that the Data in such combined form would provide sufficient detail to enable the identification of individual users even if such Data was originally collected anonymously. (4) All Data is and will continue to be our exclusive property. You may only use the Data in accordance with the agreement between us and you, subject to applicable confidentiality provisions, and must be destroyed by you upon completion of the project or termination of the Agreement, except as expressly set forth therein. (5) Without limiting the generality of the foregoing, you will not use, resell or otherwise distribute Data: (a) to retarget users outside of our Website, (b) in a manner that competes with our advertising services (including, by way of example and not limitation, by claiming to provide Data that identifies our users or users that “look like,” or share characteristics of our users, without necessarily tagging them on the Website), (c) as Data about, originating from or otherwise related to us, our customers, or the Website, and shall not label, denote or refer to in any manner the Data as having been derived from us or the Website, whether or not such Data contains any personally identifiable information, or (d) combine Data with third party data to create a new audience profile. (6) Specific guidelines applicable to cookies on the Website: (7) Pixel tags on the Website may not be used in non-standard IAB, OPA, added value, or remnant online advertising units. (8) You may not use Flash cookies, HTML storage or any forms of locally stored objects on the computer or device operated by a user of the Website. (9) JavaScript file may not be used unless we approve in writing. (10) No more than one asset may be loaded, unless we approve in writing. This includes your 1st party assets as well as any 3rd party assets you may utilize. Specific guidelines applicable to any asset, including pixel tags or JavaScript on the Website:
(b) must be able to support 4000 requests per second with 100 milliseconds or less Time to First Byte response and must fully load in 200 milliseconds or less; (c) may only load after the online advertising unit itself loads using a “polite download” technique; (d) may only trigger a single DNS lookup; (e) must return the correct MIME Content Type (e.g. image/gif for GIF images, text/javascript for JavaScript); (f) may not be over 1 kilobyte in size unless we approve in writing; and (g) must support TLS/HTTPS. (10) Redirects are not permitted. Only direct requests can be made. (11) You will not block or otherwise limit delivery of advertising for any reason related to impression guarantees, verification or other targeting, without our express prior written permission in each instance. (12) We (and our representatives) shall have the right to inspect, review, and examine your policies, procedures, practices, records, and systems to verify compliance with this policy, provided that such inspection and review is conducted during reasonable business hours with no less than five (5) business days’ prior notice. (13) You do and will employ up-to-date, industry recognized “best practices” with respect to technology and procedures to prevent and detect theft, piracy, leakage, unauthorized access, copying, duplication or distribution of all Data. (14) You will notify us of any actual or suspected breaches of security in connection with Data as soon as practicable, but no later than one (1) week of discovery of such incident. (15) Without limiting any of the foregoing, you hereby represent and warrant that you do and will comply with all applicable international and U.S. federal, state, and local laws, rules, regulations, legal orders or decrees and similar promulgations in connection with your collection, use and distribution of Data, including without limitation the Children’s Online Privacy and Protection Act (COPPA), the EU ePrivacy Directive, and FTC guidelines, as well as laws or regulations limiting the types of Data that can be collected (e.g., health information, credit scores etc.). (16) You will provide a meaningful opportunity for users to opt-out from Data collection and targeting by you and your affiliates and customers. Data collection must respect Do Not Track headers. (17) You will comply with the Self-Regulatory Principles for Online Behavioral Advertising as promulgated by the Digital Advertising Alliance (“DAA”), which is explained in detail at www.AboutAds.info, to the extent such principles, or part thereof, are applicable to your activities in connection with the Website. (18) You will make reasonable efforts to use secure coding practices in the provision of all services to us and in all interactions with our users or customers. Secure coding practices means coding practices capable of meeting Level 2 of the most recent Application Security Verification Standard (ASVS) published by the Open Web Application Security Project (OWASP). (19) You will not grant access to Data to any third party except a) on a need to know basis in order to provide specific services to you; b) after conducting a reasonable investigation of such third party; and c) upon entering a written agreement with such third party which contains obligations which are at least as restrictive as the foregoing. (20) Our failure to object to your action or inaction, or our prior express written permission, in any instance does not and may not be deemed to constitute our opinion that such action or action is in compliance with, or brings you into compliance with, this policy or any applicable law, rule, regulation, legal order, or decree, and does not in any circumstance relieve you of your obligations to comply in all respects with this policy.
|
