Effective Date: 3/29/21
TargetBay Inc. is subject to the investigatory and enforcement authority of the Federal Trade Commission.
Information We Collect
You may visit our site anonymously.
If you choose to register on our website, four categories of data to and on behalf of you will be processed:
When you register for an account on our site, place an order, subscribe to our newsletter or respond to a survey, basic contact details are collected such as the e-mail address and name of your contact person, company name, address, phone number, VAT number, preferred language and currency, any purchase order number, any e-mail address of invoice receivers and masked credit card or bank account details.
We collect your direct input to our cloud service TargetBay (the “Service”) after login, like the domain name(s) of the website(s) where you implement the Service and configuration of the content, looks and behavior towards website visitors (“End Users”).
“End User Data”
Data generated by End Users browsing your website(s) using the Service. When an End User submits a consent from your website(s), the following data are automatically logged at TargetBay:
The key and consent state are also saved in the End User’s browser in the first party cookie “CookieConsent” so that the website can automatically read and respect the End User’s consent on all subsequent page requests and future End User sessions for up to 12 months. The key is used for proof of consent and an option to verify that the consent state stored in the End User’s browser is unaltered compared to the original consent submitted to TargetBay.
“System Generated Data”
The Service automatically creates and stores meta data on basis of the other types of data, e.g.:
• Subscription data, like start date, latest invoice date and the result of a mandatory email validation. All new merchant accounts after Oct 1st 2019 invoices are stored outside of the system with our processor Stripe.com so that you may access any issued invoices from within Stripe.com.
• Aggregated statistical data on End User consents.
Subscribers/Merchants can issue instructions to TargetBay through configuration and/or execution of relevant functions offered by the Service from TargeBay’s backend. If a specific instruction regarding personal data cannot be carried out through the backend , you may send instructions to us through the help desk provided at https://targetbay.freshdesk.com/support/home
OUR CUSTOMERS AND SITE USERS
We collect information about you directly from you, from third parties, and automatically through your interaction with our Services. We may combine information that we collect from these various sources.
USERS OF OUR CUSTOMERS’ WEBSITES
TargetBay’ clients and customers (“Clients”) may use our Marketing and Analytics Services, which includes certain code, software, cookies and other tracking mechanisms, and services to obtain information regarding the activities that users engage in while visiting their websites (“Client Analytics Data”). When a user visits a website that uses our Marketing and Analytics Service, code contained on the website contacts our servers and enables TargetBay to collect Client Analytics Data. Some Clients may also use their own code to obtain analytics data about users of their Digital Properties, and then send such information to our servers. Client data is stored on TargetBay’ web servers and databases for use in performing analysis and producing reports for Clients, and for other purposes explained in this Policy.
Our Marketing and Analytics Services are used to collect and analyze behavioral, usage and activity information about the use of our Clients’ Digital Properties. The Marketing and Analytics Services will collect certain non-personally identifiable analytics data, including (but not limited to) IP address and location information, website URL, referring URL, pages viewed (including page address, name and title, data and time of access, and length of time spent on each page), activities on each page (including links clicked and search terms entered), operating system, browser type, User Agent header information, web page performance information, campaign information, java version, flash version, resolution and screen information, and language information.
How We Use Information
We use the information that we collect, including personal information, for the following purposes:
How We Disclose Information
We disclose the information that we collect, including personal information, as described to you at the time of collection or as consented by you before disclosure, or as follows:
Cookies and Other Tracking Mechanisms
Cookies. Cookies are alphanumeric identifiers that we transfer to a computer’s hard drive through a web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Services, while others are used to enable a faster log-in process or to allow us to track your activities while using our Services. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers provides information about how to prevent a computer from accepting new cookies, how to have the browser notify upon receiving a new cookie, or how to disable cookies altogether. Users who disable cookies will be able to browse certain areas of the Services, but some features may not function.
We use Cookiebot to manage all cookies on our website. Cookiebot brings this vision to life with three, fully automatic core functions that are easy to implement: cookie consent, cookie monitoring and cookie control. Cookiebot enables true compliance with privacy legislations through respectful and transparent data exchange, based on consent between end-users and our website. For more info please see our Cookie Declaration here.
Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on a computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (also referred to as web beacons, web bugs or pixel tags) in connection with our Services to, among other things, track user activities, help us manage content, and compile statistics about usage of our Services. We and our service providers also use clear GIFs in HTML emails to you, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
USER GENERATED CONTENT
We invite registered users to post content on our Site, including your comments, pictures, and any other information that you would like to be available on our Site. If you post content to our Site, all of the information that you post will be available to our registered customers. If you post your own content on our Site or services, your posting may become public and we cannot prevent such information from being used in a manner that may violate this Policy, the law, or your personal privacy.
Does TargetBay Disclose any information to third parties?
TargetBay does not sell, trade or otherwise transfer to outside parties any personally identifiable information.
This does not include trusted third parties or subcontractors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.
In the context of an onward transfer, TargetBay, as a Privacy Shield organization has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. TargetBay, as a Privacy Shield organization, shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.”
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety. Furthermore, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Subcontractors/trusted third parties
The subcontractors Amazon.com, Inc. is certified under the EU-US Privacy Shield and AWS is covered under this certification. This helps customers who choose to transfer personal data to the US to meet their data protection obligations. Amazon.com Inc.’s certification can be found on the EU-US Privacy Shield website here: https://www.privacyshield.gov/list
Any intended changes concerning the addition or replacement of subcontractors or subprocessors handling personal data will be announced to you with at least 3 months’ notice. You retain at all times the possibility to object to such changes or to terminate the contract with TargetBay.
Third-Party Links & Analytics
Do Not Track Disclosure
Our Services do not respond to Do Not Track signals. For more information about Do Not Track signals, please click here. You may, however, disable certain tracking as discussed in the Cookies and Other Tracking Mechanisms section above (e.g., by disabling cookies).
We use third parties such as network advertisers to display advertisements on our Services, to assist us in displaying advertisements on third-party services, and to evaluate the success of advertising campaigns. You may opt out of many third-party ad networks, including those operated by members of the Network Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”). For more information regarding this practice by NAI members and DAA members, and your choices regarding having this information used by these companies, including how to opt out of third-party ad networks operated by NAI and DAA members, please visit their respective websites: www.networkadvertising.org/optout_nonppii.asp (NAI) and www.aboutads.info/choices(DAA).
Opting out of one or more NAI member or DAA member networks (many of which will be the same) only means that those members no longer will deliver targeted content or ads to you. It does not mean you will no longer receive any targeted content or ads on our Services or other services. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., contextual advertising). Also, if your browsers are configured to reject cookies when you visit an opt-out page, or you subsequently erase your cookies, use a different computer or change web browsers, your NAI or DAA opt out may no longer be effective.
If you’d like us to provide access to, update, correct, or delete any personally identifiable information that you have provided on the Site or that we may have in connection with the Analytics Services, please send your request to firstname.lastname@example.org and the company will process your request within a reasonable period of time after receipt. EU data subjects have additional rights listed below.
We store personally identifiable information such as email address or billing details received from our Clients so long as they continue to have a business relationship with TargetBay. You may ask us to delete that information by following the instructions above. As an agent (i.e., data processor) of our Clients, store information collected via our Marketing and Analytics Services for a reasonable time as directed by our Clients.
Data retention policy
Account Data will due to tax regulations be retained for up to five full fiscal years from your cancellation of your Service account.
Configuration Data and System Generated Data will be erased immediately when you cancel the Service account.
End User Data will be erased on an ongoing basis after 12 months from registration, and immediately when you cancel the Service account.
Data retention for compliance with legal requirements
You cannot require TargetBay to change any of the default retention periods, except for the reasons for erasure pursuant to clause 11.3, but may suggest changes for compliance with specific sector laws and regulations.
Data restitution and/or deletion
No data except Account Data will be retained after the termination of the contract. You may request a data copy before termination. You must not cancel the Service account until the data copy has been delivered, as TargetBay otherwise will not be able to deliver the data copy.
DATA INTEGRITY, PURPOSE LIMITATION
We process information in a way that is compatible with and relevant for the purpose for which it was collected as described above. To the extent necessary for those purposes, we take reasonable steps to ensure that any information in our care is accurate, complete, current and reliable for its intended use.
We have implemented reasonable security precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee 100% security. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
We may send periodic promotional emails to you. You may opt-out of such communications by following the opt-out instructions contained in the e-mail. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you e-mails related to your account or any services you have requested or received from us.
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
To be in accordance with CANSPAM we agree to the following:
If at any time you would like to unsubscribe from receiving future emails, follow the unsubscribe instructions at the bottom of each email and we will promptly remove you from ALL correspondence.
Updating or Deleting Personal Information. Visitors and Customers can at any time update their cookie preferences by visiting our website and clicking on the cookie declaration in the footer. Once there they simply need to click the “change your consent” hyperlink. Visitors and Customers may correct or delete the personal information that they provide to us by emailing us at contactus@TargetBay.com and and describing their request to update or delete their personal information. Please note that we may retain certain information about them as required by law or as permitted by law for legitimate business purposes (e.g., in accordance with our record retention policies or to enforce our Terms of Service). End Users who wish to correct or delete the personal data that we use on behalf of Customers should contact the Customer with which they interact to make such a request.
Opting out of Email or text Communications. We may send periodic promotional or informational emails to Visitors and Customers. Visitors and Customers may opt out of such communications by following the opt-out instructions contained in the email or contacting us at the Contact Us information below. Please note that it may take up to 10 business days for us to process opt-out requests. If Visitors or Customers opt out of receiving marketing emails from us, we may still send them non-promotional emails (e.g., about their account with us). If you are an End User that receives emails from one of our Customers and you no longer want to be contacted by that Customer, please unsubscribe directly from that Customer’s communication or contact the Customer directly to update your email preferences
Our Services are not targeted to children under thirteen (13) years of age, and we do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will promptly delete such personal information from our systems.
Within the scope of this privacy notice, if a privacy complaint or dispute cannot be resolved through TargetBay Inc.’s internal processes, TargetBay Inc. has designated it will work with EU Data Protection Authorities (DPA). The DPA (Data Protection Authority) is the agency within each European Union country that is responsible for GDPR (General Data Protection Regulation) assistance and … EUROPEAN FREE TRADE AREA (EFTA).
Terms of Service
Please also visit our Terms of Service section establishing the use, disclaimers, and limitations of liability governing the use of our website at https://staging.targetbay.com/terms-of-service-agreement/
If you have questions about the privacy aspects of our Services or for further information about our data privacy policies and practices, please contact us at contactust@TargetBay.com or 404-903-5146.
EU DATA SUBJECTs
EU General Data Protection Regulation (GDPR)
The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b).
If the processing is based on your consent, you may at any time withdraw your consent by contacting us using the contact information in clause 1.
In order to enter into a contract regarding the purchase of TargetBay’s Service, you must provide us with the required personal data. If you do not to provide us with all the required information, it will not be possible to deliver the Service.
In addition to the above referenced privacy practices, EU Data subjects are granted additional privacy rights under the General Data Privacy Regulation (“GDPR”). For example, an EU individual who seeks access, or who seeks to correct, amend, port over and/or delete inaccurate data, or who wishes to limit the use and disclosure of their personal data should visit our EU Subject Access Page. Those rights also include the right to complain to EU Supervisory Authorities.
With respect to EU data subjects, personal data includes Pseudonymous Data such as an IP address, a mobile advertising ID or a cookie ID as well as PII. EU Data subject wishing to object to TargetBay’ processing of data using the opt-out methods described above should note that the presence of a TargetBay opt-out cookie tells our systems that you object to our processing of data.
TargetBay operates the Platform and provides the Services as a “data processor” under the GDPR. That means that TargetBay processes data via the Platform and Services as directed by each of our Clients pursuant to our contracts with Clients. While TargetBay does enable Clients to create profiles of Internet Users, none of those profiles contain sensitive information, nor do the profiles present a “high risk” to the fundamental human rights of EU data subjects.
We process certain EU personal data provided by Clients and Data Partners under contractual necessity. For example, we require the billing details of our Clients located in the EU to process payment for the Services and we need email addresses from Clients to enable them to login to our systems. We collect contact details from EU data subjects via our Website with consent and ask for consent to place cookies onto EU desktops. Our sales and marketing team may obtain additional additional contact details for current and prospective Clients via our legitimate interest.
TargetBay’ data protection officer Nash Ogden President of TargetBay.
RECOURSE, PRIVACY COMPLAINTS BY EU RESIDENTS
Under certain conditions – available for the User in full on the Privacy Shield website – the User may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Privacy Notice for California Residents – CPPA Privacy Notice
California residents may have additional personal information rights and choices. Please review these below.
California Online Privacy Protection Act Compliance
Because TargetBay values your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute any personal information to outside parties without your consent except as required by law.
As part of the California Online Privacy Protection Act, all users of our website may make any changes to their information at any time by logging into their account and navigating to the “profile page”.
The CCPA changes the way Californians can handle their own data, as it empowers them with new rights to request businesses to disclose or delete the data they have already collected, or to opt out completely of third-party data sales.
Effective Date: [12/31/2019]
Last Reviewed on: [12/31/2019]
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||[YES]|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||[YES]|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||[NO]|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||[YES]|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||[NO]|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||[YES]|
|G. Geolocation data.||Physical location or movements||[YES]|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||[NO]|
|I. Professional or employment-related information||Current or past job history or performance evaluations.||[NO]|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||[NO]|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||[YES]|
This Privacy Notice for California Residents applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this notice.
Information We Collect
Our Website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information“). In particular, TargetBay’s website, www.targetbay.com (“Website”), has collected the following categories of personal information from its consumers within the last twelve (12) months:
Personal information does not include:
TargetBay obtains the categories of personal information listed above from the following categories of sources:
Use of Personal Information
We may use, or disclose the personal information we collect for one or more of the following business purposes:
TargetBay will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
TargetBay may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. (See our third-party privacy addendum)
We share your personal information with the following categories of third parties:
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, Company has disclosed the following categories of personal information for a business purpose:
[Category A: Identifiers.]
[Category B: California Customer Records personal information categories.]
[Category D: Commercial information.]
[Category F: Internet or other similar network activity.]
[Category G: Geolocation data.]
[Category K: Inferences drawn from other personal information.]
We disclose your personal information for a business purpose to the following categories of third parties:
Sales of Personal Information
In the preceding twelve (12) months, Company has not sold personal information
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that TargetBay disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
Deletion Request Rights
You have the right to request that TargetBay delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to email@example.com and firstname.lastname@example.org
or write to us at:
Attn: Legal – Global Privacy Officer
7000 Central Pkwy Suite 220
Atlanta, GA 30328
Changes to Our CCPA Privacy Notice & FAQ
TargetBay reserves the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.
FAQ If you have questions about Privacy Shield frequently asked question, please see: https://www.privacyshield.gov/article?id=Privacy-Policy-FAQs-1-5
Email: email@example.com and firstname.lastname@example.org
Attn: Legal – Global Privacy Officer
7000 Central Pkwy Ste 220
Atlanta, GA 30328
CHANGES TO THIS POLICY
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Site. TargetBay reserves the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.. We always indicate the date the last changes were published and we offer access to archived versions for your review.
EFFECTIVE DATE: Dec 31, 2019; Updated Dec 31, 2019; updated Feb 26, 2021; Updated Mar 29, 2021.