State of Connecticut
Version Date: April 20, 2021
GATHERING, USE AND DISCLOSURE OF NON-PERSONALLY-IDENTIFYING INFORMATION
“Personally-Identifying Information” or “Personal Information” is information, such as a name or email address, that, without more, can be directly associated with a specific person, or from which a specific person is directly or indirectly identifiable.
“Non-Personally-Identifying Information” or “Other Information” by contrast, is information that, without the aid of additional information, cannot be directly associated with a specific person.
Personal Information together with Other Information is hereinafter referred to as “User Information”.
“Process”, “Processing” or “Processed” means anything that is done with any Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Users of the Services Generally
Like most website operators, Company gathers from users of the Websites Non-Personally-Identifying Information. That information includes the user’s Internet Protocol (IP) address, operating system, browser type and the locations of the websites the user views right before arriving at, while navigating and immediately after leaving the Websites. Company also gathers Non-Personally-Identifying Information from users of their software applications such as user’s Internet Protocol (IP) address and operating system. Although such information is not Personally-Identifying Information, it may be possible for Company to determine from an IP address a user’s Internet service provider and the geographic location of the visitor’s point of connectivity as well as other statistical usage data. Company analyzes Non-Personally-Identifying Information gathered from users of the Services to help Company better understand how the Services are being used. By identifying patterns and trends in usage, Company is able to better design the Services to improve users’ experiences, both in terms of content and ease of use. From time to time, Company may also release the Non-Personally-Identifying Information gathered from Services users in the aggregate, such as by publishing a report on trends in the usage of the Services.
Microsoft Bing Ads
We use the conversion and tracking tool Bing Ads from Microsoft Corporation as part of our Websites. Microsoft stores a cookie on the user’s computer to enable an analysis of the use of our online services. The prerequisite for this is that the user has accessed our Websites through an ad from Microsoft Bing Ads. This enables Microsoft and us to know that someone has clicked on an ad, has been redirected to our online Services and has reached a predetermined target page. We only see the total number of users who clicked on a Bing ad and were then forwarded to the target page (conversions).
Users can find further information on data protection and the cookies used at Microsoft Bing ads in Microsoft’s data protection declaration: https://privacy.microsoft.com/de-de/privacystatement.
If you do not wish to participate in the Bing Ads tracking process, you can communicate your objection to Microsoft here: http://choice.microsoft.com/de-DE/opt-out.
We may use third-party vendors, including Google, who use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize and serve ads based on your past activity on the Websites, including Google Analytics for Display Advertising. The information collected may be used to, among other things, analyze and track data, determine the popularity of certain content and better understand online activity. If you do not want any information to be collected and used by Google Analytics, you can install an opt-out in your web browser (https://tools.google.com/dlpage/gaoptout/) and/or opt out from Google Analytics for Display Advertising or the Google Display Network by using Google’s Ads Settings (www.google.com/settings/ads).
Aggregated and Non-Personally-Identifying Information
We may share aggregated and Non-Personally Identifying Information we collect under any of the above circumstances. We may also share it with third parties and our affiliate companies to develop and deliver targeted advertising on the Websites and on websites of third parties. We may combine Non-Personally Identifying Information we collect with additional Non-Personally Identifying Information collected from other sources. We also may share aggregated information with third parties, including advisors, advertisers and investors, for the purpose of conducting general business analysis. For example, we may tell our advertisers the number of visitors to the Websites and the most popular features or Services accessed. This information does not contain any Personally-Identifying Information and may be used to develop website content and services that we hope you and other users will find of interest and to target content and advertising.
Mobile Device Additional Terms
If you use a mobile device to access the Websites or download any of our applications, we may collect device information (such as your mobile device ID, model and manufacturer), operating system, version information and IP address.
We may use hyperlinks on the Websites which will redirect you to a social network if you click on the respective link. However, when you click on a social plug-in, such as Facebook’s “Like” button, Twitter’s “tweet” button or the Google+, that particular social network’s plugin will be activated and your browser will directly connect to that provider’s servers. So, for example – when you click on the Facebook’s “Like” button on the Websites, Facebook will receive your IP address, the browser version and screen resolution, and the operating system of the device you have used to access the Websites. Settings regarding privacy protection can be found on the websites of these social networks and are not within our control.
COLLECTION, USE AND DISCLOSURE OF PERSONALLY-IDENTIFYING INFORMATION
Sensitive Personal Information
We do not collect or otherwise Process Personal Information about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, or any other information that may be deemed to be sensitive under GDPR (collectively, “Sensitive Personal Information”) in the ordinary course of our business. Where it becomes necessary to Process Sensitive Personal Information under GDPR, we would rely on one of the following legal bases:
- Compliance with applicable law: We may Process your Sensitive Personal Information where the Processing is required or permitted by applicable law;
- Detection and prevention of crime: We may Process your Sensitive Personal Information where the Processing is necessary for the detection or prevention of crime (including the prevention of fraud);
- Establishment, exercise or defense of legal rights: We may Process your Sensitive Personal Information where the Processing is necessary for the establishment, exercise or defense of legal rights; or
- Consent: We may Process your Sensitive Personal Information where we have, in accordance with applicable law, obtained your prior, express consent prior to Processing your Sensitive Personal Information.
Collection of User Information
We may collect User Information about you from the following sources:
- Data you provide: We may obtain your Personal Information when you provide it to us across our Services (e.g., where you sign up for emails or newsletters; register for site membership or create a profile or account on any part of the Services; participate in surveys; contact us via email, telephone or by any other means; etc.).
- Business relationship data: We may collect or obtain your Personal Information in the ordinary course of our relationship with you (e.g., if you make a purchase from us).
- Data you make public: We may collect or obtain your Personal Information that you choose to make public, including via social media (e.g., we may collect information from your social media profile(s) if you make a public post about us).
- Service data: We may collect or obtain your Personal Information when you visit, download, use or register to use any part of our Service.
Creation of User Information
We may also create User Information about you, such as records of your interactions with us and details of your purchase history, for internal administrative purposes and analysis. We may also combine data you have provided to us with data obtained from third parties such as social networks.
Lawful Basis for Processing Personal Information
In Processing your User Information in connection with the purposes set out in this Policy, we may rely on one or more of the following legal bases, depending on the circumstances:
- Consent: We may Process your User Information where we have obtained your prior, express consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way);
- Contractual necessity: We may Process your User Information where the Processing is necessary in connection with any contract that you may enter into with us;
- Compliance with applicable law: We may Process your User Information where the Processing is required by applicable law;
- Vital interests: We may Process your User Information where the Processing is necessary to protect the vital interests of any individual; or
- Legitimate interests: We may Process your User Information where we have a legitimate interest in carrying out the Processing for the purpose of managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms.
As defined above, Personally-Identifying Information is information that can be directly associated with a specific person. Company may collect a range of Personally-Identifying Information from and about Services users. Much of the Personally-Identifying Information collected by Company about users is information provided by users themselves when (1) registering for any of our Services, (2) logging in with social network credentials, (3) participating in polls, contests, surveys or other features of our service, or responding to offers or advertisements, (4) communicating with us, (5) creating a public profile or (6) signing up to receive newsletters. That information may include each user’s name, address, email address and telephone number, and, if you transact business with us, financial information such as your payment method (valid credit card number, type, expiration date or other financial information). We also may request information about your interests and activities, your gender, age, date of birth, username, hometown and other demographic or relevant information as determined by Company from time to time. Users of the Services are under no obligation to provide Company with Personally-Identifying Information of any kind, with the caveat that a user’s refusal to do so may prevent the user from using certain Services or features.
BY REGISTERING WITH OR USING THE SERVICES, YOU CONSENT TO THE USE AND DISCLOSURE OF YOUR PERSONALLY-IDENTIFYING INFORMATION AS DESCRIBED IN THIS “COLLECTION, USE AND DISCLOSURE OF PERSONALLY-IDENTIFYING INFORMATION” SECTION AND UNDER THE CONDITIONS DESCRIBED IN THIS POLICY. YOU MAY WITHDRAW YOUR CONSENT AT ANY TIME BUT COMPANY MAY CONTINUE TO USE YOUR INFORMATION IF YOU CONTINUE TO USE THE SERVICES OR IF COMPANY HAS A LEGITIMATE INTEREST IN THE USE OF THE INFORMATION SUCH AS PROTECTION AND ENFORCEMENT OF COMPANY’S RIGHTS.
We may occasionally use your name and email address to send you notifications regarding new services offered by Company that we think you may find valuable. We may also send you service-related announcements from time to time through the general operation of the service. Generally, you may opt out of such emails at the time of registration or through your account settings, though we reserve the right to send you notices about your account, such as service announcements and administrative messages, even if you opt out of all voluntary email notifications.
Company will disclose Personally-Identifying Information under the following circumstances:
- Marketing Communications. Unless users opt-out from receiving Company marketing materials upon registration, Company may email users about products and services that Company believes may be of interest to them. If you wish to opt-out of receiving marketing materials from Company, you may do so by following the unsubscribe link in the email communications, by going to your account settings (if applicable) or contacting us using the contact information below. We will not send you any marketing materials you have selected to be unsubscribed from, but we may continue to contact you to the extent necessary for the purposes of any other Services you have requested.
Company uses the User Information we maintain about you, and other information we obtain from your current and past activities on the Services for:
- Provision of the Services to You: providing the Services to you from the Company including (i) management of your account, (ii) offering promotional and marketing information to you, and (iii) customer support and relationship management.
- Offering and Improving the Services: operating and managing the Services for you; communicating and interacting with you via the Services; identifying issues with the Services and planning improvements to or creating new Services; and notifying you of changes to any of our Services.
- Surveys: engaging with you for the purposes of obtaining your views on our Services.
- Communications: communicating with you via any means (including via email or social media) regarding information in which you may be interested, subject to ensuring that such communications are provided to you in compliance with applicable law; maintaining and updating your contact information where appropriate; and obtaining your prior, opt-in consent where required. We may provide direct marketing to you as set out in the Marketing Communications section.
- Audience Engagement: identification and development of audience engagement, advertising and promotional strategies on various platforms and channels.
- User Engagement and Purchases: tracking traffic and activity across the Websites, including review of your browsing history (if available); provision of analytics and measurement of cost of traffic against money being made.
- Marketing to Customers: We may market to current and prospective customers and their employees who have indicated an interest in doing business with, or have previously conducted business with, PilotFish, Inc. in order to further generate and promote our business. Such efforts include sending marketing emails to drive the use of services offered by PilotFish, Inc.
- IT Administration: administration of the Company’s information technology systems; network and device administration; network and device security; implementing data security and information systems policies; compliance audits in relation to internal policies; identification and mitigation of fraudulent activity; and compliance with legal requirements.
- Security: electronic security measures (including monitoring of login records and access details) to help mitigate the risk of and provide the ability to identify and rectify a security incident.
- Financial Management: general business and financial management purposes, including: economic, financial and administrative management; planning and reporting; personnel development; sales; accounting; finance; corporate audit; and compliance with legal requirements
- Investigations: detecting, investigating and preventing breaches of policy, and criminal offenses, in accordance with applicable law.
- Legal Proceedings: establishing, exercising and defending legal rights.
- Legal Compliance: Subject to applicable law, we reserve the right to release information concerning any user of Services when we have grounds to believe that the user is in violation of our Terms and Conditions or other published guidelines or has engaged in (or we have grounds to believe is engaging in) any illegal activity, and to release information in response to court and governmental orders, other requests from government entities, civil subpoenas, discovery requests and otherwise as required by law or regulatory obligations. We also may release information about users when we believe in good faith that such release is in the interest of protecting the rights, property, safety or security of Humble Bundle, any of our users or the public, or to respond to an emergency.
At times, we may look across multiple users to identify problems. In particular, we may examine your Personally-Identifying Information to identify users using multiple user IDs or aliases. We may compare and review your Personally-Identifying Information for accuracy and to detect errors and omissions. We may use financial information or payment method to process payment for any purchases made through any of the Services or made to Company for the use of any of the Services, enroll you in the discount, rebate and other programs in which you elect to participate, to protect against or identify possible fraudulent transactions and otherwise as needed to manage our business.
We take the security of your Personally-Identifying Information seriously and use reasonable electronic, personnel and physical measures to protect it from loss, theft, alteration or misuse. However, please be advised that even the best security measures cannot fully eliminate all risks We cannot guarantee that only authorized persons will view your information. We are not responsible for third-party circumvention of any privacy settings or security measures.
We are dedicated to protecting all information in relation to the Services as is necessary. However, you are responsible for maintaining the confidentiality of your Personally-Identifying Information by keeping your password confidential. You should change your password immediately if you believe someone has gained unauthorized access to it or your account. If you lose control of your account, you should notify us immediately.
We take every reasonable step to ensure that your User Information that we Process is accurate and, where necessary, kept up to date, and any of your User Information that we Process that you inform us is inaccurate (having regard to the purposes for which they are Processed) is erased or rectified.
We take every reasonable step to ensure that your User Information that we Process is limited to the User Information reasonably necessary in connection with the purposes set out in this Policy or as required to provide you services or access to the Services.
We take every reasonable step to ensure that your User Information is only Processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will keep your User Information are as follows: we will retain copies of your User Information in a form that permits identification only for as long as is necessary in connection with the purposes set out in this Policy, unless applicable law requires a longer retention period. Unless there is a specific legal requirement for us to keep the information, we plan to retain it for no longer than is necessary to fulfill a legitimate business need.
The Children’s Online Privacy Protection Act (“COPPA”) protects the online privacy of children under 13 years of age. We do not knowingly collect or maintain Personally-Identifying Information from anyone under the age of 13, unless or except as permitted by law. Any person who provides Personally-Identifying Information through the Services represents to us that he or she is 13 years of age or older. If we learn that Personally-Identifying Information has been collected from a user under 13 years of age on or through the Services, then we will take the appropriate steps to cause this information to be deleted. If you are the parent or legal guardian of a child under 13 who has become a member of the Websites or has otherwise transferred Personally-Identifying Information to the Services, please contact Company using our contact information below to have that child’s account terminated and information deleted.
CALIFORNIA PRIVACY RIGHTS
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about the Personally-Identifying Information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of the Personally-Identifying Information that was shared and the names and addresses of all third parties with which we shared Personally-Identifying Information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to our privacy officer as listed below.
GDPR provides certain rights for EU residents. You may decline to share certain information with us, in which case we may not be able to provide some of the features and functionality of the Services. These rights include, in accordance with applicable law, the right to object to or request the restriction of processing of your information, and to request access to, rectification, erasure and portability of your own information. Where we process your information on the basis of your consent, you have the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Personal Information in reliance upon any other available legal bases). Requests should be submitted by contacting us (using the contact instructions in the CONTACT section below). If you are an EU resident and have any unresolved privacy concern that we have not addressed satisfactorily after contacting us, you have the right to contact the appropriate EU Supervisory Authority and lodge a complaint.
Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. The Websites DO NOT currently respond to DNT browser signals or mechanisms.
Attn: Privacy Officer
100 Roscommon Drive, Suite 220
Middletown, CT 06457
Phone: (860) 632-9900