THE DATA PRIVACY
MEmob Data processing document
Effective Date: 05-SEP-2020
MEmob Plus FZ-LLC (“MEmob” or “We”) is a proprietary technology platform (the “Platform”) that receives location information among other data from computers and mobile devices via various partners to help our customers (our “Customers”) understand their consumer’s behavior better and make more informed decisions on their digital marketing programs.
MEmob Technology Privacy Practices
MEmob technology Platform receives information about the location of mobile devices and associated information. This information is provided to MEmob by mobile app partners who have obtained appropriate consumer consent to collect and share such information. Here are the important ground rules under which MEmob operates:
- MEmob Platform never actively requests from consumers or stores information that can be used by us to identify you personally.
- MEmob gives an option for you and other consumers to opt-out or object to processing your information via the Platform at any time.
- MEmob complies with local laws in countries that are covered by its Platform, Website and services.
- MEmob does not share any data with third parties other than service providers acting on MEmob behalf.
- MEmob only shares aggregate analytics information with our Customers and Partners (defined below).
Types of Information We Collect and How We Use It
MEmob obtains precise location data (e.g., lat/long) only at a pre-defined geo-hash level of devices from business partners, which are generally publishers (mobile app owners), mediation platforms and 1st party partners (our “Partners”). Many of these Partners also help deliver advertising onto your mobile device. We require that these Partners have your permission prior to sending us location information obtained at the time of installing the app itself, which enables the Partner to share information with our Platform and other third party platforms. We never store precise location coordinates in our system.
We also collect pseudonymous personal data via our Platform, including but not limited to device type, the advertising identifier associated with your mobile device (“Pseudonymous Identifier”), mobile browser type, operating system, log information, and IP address (which gets re-assigned periodically so that we are not able to identify individuals) etc. However, the information we are able to collect may differ among the various Partners that we work with as we closely integrate and comply with their privacy policies. Some of this pseudonymous data is considered personal data in places like the European Union, but we do not collect information that may be used to identify someone such as name, email or telephone number via our Platform. In other words, we are unable to identify who you are via our Platform (as we analyze and process location data only at a pre-defined geohash level).
In some instances MEmob collects information such as points of interest (“POI”) data. POI data includes restaurant location/pricing data, real estate pricing data, etc. from other publicly available third party data sources. We combine this POI data with information we already have about you. MEmob also supplements, appends and annotates its data with licensed data from third party sources such as data providers and geo-demography vendors for the purposes of verifying and improving the quality of data models. However, none of this information allows MEmob to identify you personally.
MEmob uses the information thus collected from its Partners and other secondary and tertiary sources to power its analytics technology to derive actionable consumer insights for marketers and publishers. Information collected is used to build user behavior/interest inference data models and audience/interest profiles that could be used for delivering relevant ads or other content to the user. For e.g. if the user indicates his gender in the app and has given the consent to the publisher to disclose this information, MEmob may use this information to bid for the relevant ad slot available.
Most mobile devices include an identifier that allows application publishers and marketers to track user activity on mobile devices for advertising purposes (e.g. Google’s Android Advertising Identifier (AAID) and Apple’s Identifier for Advertising (IDFA)). We refer to those identifiers as “Pseudonymous Identifiers.” MEmob Platform uses Pseudonymous Identifiers associated with your mobile device in order to help make the digital advertisements you see more relevant to you. We employ hashing, encryption and de-identification techniques to help ensure your privacy is safeguarded.
Opt-out, Objecting to MEmob Processing and other Choice Provisions
The manufacturers of Pseudonymous Identifiers generally offer consumers with choices regarding whether mobile device data is used for advertising purposes. For example, you can opt-out of interest-based ads by enabling “Limit Ad Tracking” setting on iOS mobile devices and “Opt out of Interest-Based Ads” setting on Android devices. More information on Choices for Psuedonymous Identifiers may be found at http://www.networkadvertising.org/mobile-choice/.
MEmob honors these choice settings offered by the creators of Psuedonymous Identifiers in that it will not use information collected from that device to serve ads targeted based on a user’s inferred interests or share that data with any external systems or partners for targeting via the Platform. Please note that EU data subjects may enjoy additional choices as described below.
While users may decide to opt-out of interest-based ads, they should remember that doing so will prevent MEmob from providing them with a personalized experience and this may impair the quality of their overall user experience. Also, though MEmob always honor users’ opt-out settings, some app developers/publishers may not allow users to opt-out of all the information collected, as it would hinder effective ad delivery. In such cases, users might be required to purchase a paid version of those apps to disable ads.
MEmob complies with the California Consumer Privacy Act (CCPA). We provide a form for all US consumers to exercise the right to access their data, direct MEmob to delete their data, and opt-out of any further use of their data.
Privacy Practices applicable to the Platform
The security of the consumer’s information is important to us. MEmob has implemented reasonable security measures to protect the information in our care, both during transmission and once it is received. This includes but is not limited to the use of firewalls and encryption. No method of transmission over the Internet or method of electronic storage is 100% secure; therefore, while the company strives to use commercially acceptable means to protect your information, it cannot guarantee absolute security.
Accessing Your Information
If we have collected personal data about you and you wish to update, correct, or delete inaccuracies within that information, you may contact us as described in this policy. We will respond to your request within a reasonable timeframe. EU data subject should scroll down to better understand their access rights.
Information Relating to Children
MEmob products and services are designed for those 18 years of age and older and we don’t collect personal data via our Platform. MEmob does not knowingly collect personal data from anyone under the age of 13 via our website. If we are made aware that we have received personal data from someone under 13 (e.g., a child sends us an email with her postal address and date of birth), we will use reasonable efforts to immediately remove that information from our records.
Disclosure of Information to Third Parties
MEmob does not rent, sell or share personal data with non-affiliated third parties without user consent. MEmob may, however, share information with trusted third-party service providers who provide services on our behalf to help with our business activities, such as providing cloud computing infrastructure or payment processing. These third party service providers are authorized to use your information only as necessary to provide these services to us and are prohibited from using the information for purposes other than performing services for MEmob.
As required by its business, MEmob may also share pseudonymous data with third parties such as DSPs, DMPs and other platforms to facilitate the usage of the data by MEmob Partners and Customers. In these cases, the third party does not own the data and the ownership of that data stays with MEmob or with MEmob Partners and Clients.
MEmob may disclose your information to third parties when obligated to do so by public authorities or by law pursuant to judicial or other government requests, subpoenas, warrants, orders, and in order to investigate, prevent, or take action regarding suspected, or actual prohibited activities, including but not limited to fraud and situations involving potential threats to the physical safety of any person, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
Finally, MEmob may transfer information, including any personal data, to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change. If MEmob is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal data.
EU Data Subjects
The General Data Privacy Regulation (“GDPR”) affords additional rights to EU data subjects. Those rights include the right to complain to EU Supervisory Authorities and the right to access, correct, port to another party and delete certain personal data processed by MEmob.
With respect to EU data subjects, personal data includes pseudonymous personal data such as an IP address, a Pseudonymous Identifier or a cookie ID. Where MEmob is a controller of data via the Platform, the legal basis to process the data will be consent. Where MEmob is a controller of data received from Partners and Customers, our legal basis shall be contractual necessity. When we collect personal data via the Website such as email address and other contact details, we will obtain your consent. When prospecting for new Customers and Partners, we will collect personal data via our legitimate interest. We may transfer data from the EU into the United States for processing and will generally do so via model contractual clauses.
Where MEmob receives from an EU data subject a request to cease processing of data via one of the choice mechanisms listed above, MEmob will stop all data processing with respect to the opted out browser or mobile device unless such processing is required by law.
If you’re an EU data subject and believe MEmob is processing your pseudonymous data (e.g., MEmob cookie ID or mobile advertising ID) or your contact information (e.g., email address, telephone number) and you wish to exercise your right to access, delete, port or remove such information, please send an email to [email protected] and we will respond to your request within 30 days.
DATA PRIVACY & SECURITY
Data Security In-Transit / At-Rest
MEmob employs industry standard encryption and authentication technologies, such as SSL/TLS and SSH, to protect data while it is in transit over public networks. MEmob employs industry standard encryption technology to protect data while it is at rest on third party systems (e.g., Google Cloud services) and industry standard firewall technology to protect data while it is at rest on its own systems.
Data Center Security
MEmob processes and stores data on servers located in the United States and Singapore. All data processing and storage occurs within high security data centers that are, at a minimum, certified SSAE16 Type II SOC 2.
In the event that a client utilizes “MEmob Intelligence” tools, MEmob stores an unmodified copy of all client data at the moment of ingestion in a secure offsite facility (e.g. Google BigQuery). Otherwise, MEmob retains multiple redundant copies of data in its production facilities on physically separate servers.
MEmob conducts ongoing internal security audits of all aspects of its organization. MEmob completes an audit of each aspect of the organization, including its physical security, network security, and security policies and procedures on a quarterly basis. MEmob also contracts with an independent third party to perform annual compliance audits and security tests on its physical and logical systems.