PRIVACY RIGHTS ADDENDUM FOR CALIFORNIA RESIDENTS
Last Modified: August 10, 2020
The California Consumer Privacy Act of 2018 (“CCPA”) provides certain rights to residents of California. This Addendum to FLUID’s Privacy Policy (“Addendum”) is intended solely for, and is applicable only as to, natural persons who are residents of the State of California (“California Consumers”). For California Consumers, this Addendum supplements the information in FLUID’s Privacy Policy. If you are not a California Consumer, this Addendum does not apply to you, and you should not rely on it. In addition, FLUID reserves the right to amend or revise this Addendum at any time and in our sole discretion and with an associated effective date. Any revised Addendum will be posted on FLUID’s website(s).
In the tables and sections below, we describe (as required by the CCPA):
- Our Collection of Personal Information– the types of Personal Information (which the CCPA defines broadly) that we collect, and the types of sources we collect it from;
- Our Disclosure and Sale of Personal Information– the types of recipients to whom we disclose or sell Personal Information;
- Our Business Purposes– our business purposes for (a) collecting and (b) sharing Personal Information, which are generally the same;
- Your California Privacy Rights and Choices– what rights you have under the CCPA, for instance, to request that we “opt out” your information from our marketing databases (also called “do not sell” rights), or to request the categories of personal information and/or the personal information that we may have collected about you;
- How to Exercise Your Rights Under the CCPA – how to submit a request and our process for responding to requests.
OUR COLLECTION OF PERSONAL INFORMATION
Depending on how you interact with us, we may collect about you the categories of information summarized in the table below. This table also describes how we collect and use such categories of information.
Categories of Personal Information | Categories of Sources |
---|---|
Identifiers, e.g., name; alias; postal address; IP address; mobile ad identifiers; email and corporate address (e.g., from prospective business clients) | From data compilers (generally providing publicly available information to us), mobile applications, public records and other publicly available sources, and government entities, including the U.S. Postal Service and U.S. Census Bureau
From advertising networks, data analytics providers, and operating systems and platforms From business prospects who provide their information to us Directly from you |
Characteristics of protected classifications under California or US law, e.g., religion, military, or veteran status (which may be inferred) | From data compilers |
Commercial or transactions information, e.g., records of personal property; products or services purchased, obtained, or considered; or other purchasing or consuming histories or tendencies | From data compilers |
Internet or other electronic network activity information, e.g., browsing history; online interests, such as information about categories of consumer interests derived from online usage; and information on a consumer’s interaction with a website, application, or advertisement | From advertising networks
Directly from you |
Geolocation data | From data compilers
From advertising networks |
Professional or employment-related information, e.g., categories of occupations (generally inferred) or job titles of potential business prospects | From data compilers
From advertising networks From business prospects |
In many instances, the information listed above is received from our clients to run a marketing campaign, and, for those clients, we act as a service provider. Clients may provide information that includes, for instance, clients’ customer names, addresses, and other information about customer interaction with the client. That information is more fully described in the privacy policies of each of our clients. FLUID does not use, retain, or disclose Clients’ customer information, except to provide services to the client.
OUR DISCLOSURE AND SALE OF PERSONAL INFORMATION
We may share the information collected from and about you for various business purposes and with service providers and third parties, including our clients. The chart below details how and with whom we may share or disclose personal information, and, whether based on the CCPA’s definition of “sell,” we believe we have “sold” a particular category of information in the prior 12 months.
Categories of Personal Information | Categories of Third Parties We Share With |
---|---|
Identifiers, e.g., name; alias; postal address; IP address; mobile ad identifiers; email and corporate address (e.g., from prospective business clients) | Service Providers (see more below) |
Characteristics of protected classifications under California or US law, e.g., religion, military, or veteran status (which may be inferred) | Our clients, including consumer brands and consumer goods sellers, automotive brands and other online and offline retailers (including when we act as a Service Provider) |
Commercial or transactions information, e.g., records of personal property; products or services purchased, obtained, or considered; or other purchasing or consuming histories or tendencies | Our clients, consumer brands and consumer goods sellers, automotive brands and other online and offline retailers |
Internet or other electronic network activity information, e.g., browsing history; online interests, such as information about categories of consumer interests derived from online usage; and information on a consumer’s interaction with a website, application, or advertisement | Service Providers |
Geolocation data | Service Providers |
Professional or employment-related information, e.g., categories of occupations (generally inferred) or job titles of potential business prospects | Service Providers |
Inferred Data, e.g., inferences we derived from the above information that we collect, such as regarding consumers’ likely interests, activities or personal characteristics | Our clients, including consumer brands and consumer goods sellers, automotive brands and other online and offline retailers |
Our “sale” of personal information: The CCPA defines the “Sale” of data in a broad manner. For purposes of the CCPA, we sell (and during the past 12 months have sold) inferences we have made about consumers’ likely interests, activities or personal characteristics, such as to provide insights to our clients about their own customers’ likely or inferred product preferences.
We also may share any of the personal information we collect as follows:
- Sharing for Legal Purposes: We may share personal information with third parties in order to: (a) comply with legal process or a regulatory investigation (g. a subpoena or court order); (b) enforce our Terms of Service, this Privacy Policy, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; and/or (d) protect the rights, property, or personal safety of FLUID, our platform, our clients, our agents and affiliates, and/or the public. We likewise may provide information to other companies and organizations (including law enforcement) for fraud protection, spam/malware prevention, and similar purposes.
- Sharing in the Event of a Corporate Transaction: We may share personal information in the event of a major corporate transaction, including a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets, or for purposes of due diligence connected with any such transaction.
- Sharing with Service Providers: We share any personal information we collect with our service providers, such as providers involved in tech or customer support, operations, web or data hosting, billing, accounting, security, marketing, data management, validation, enhancement or hygiene, or service providers otherwise assisting us to provide, develop, maintain and improve our services.
- Sharing of Aggregate Information: We may aggregate and/or de-identify any information collected so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with third parties, including advertisers, promotional partners, and sponsors, in our discretion.
OUR BUSINESS PURPOSES FOR COLLECTING AND SHARING PERSONAL INFORMATION
Generally speaking, we collect and share Personal Information for the following purposes, as we also have described in our Privacy Policy and/or our website:
Data marketing services, for example:
Generally, creating and providing data marketing sets and tools to our marketer clients, as more fully described in our Privacy Policy (and on our websites). This includes our provision of datasets comprising data “appends” (connecting data across datasets) and/or inferences about potential consumer behavior.
Helping our Clients to target or retarget consumers who have visited their websites or used their web or mobile services, including through display media and direct mail or other marketing channels.
Helping our Clients identify and understand their consumers better, by providing insights about them and managing loyalty programs, as well as providing financial and other scoring products.
Assisting our Clients through our Services to provide their current and prospective customers with better service, improved offerings, and special promotions, for instance, advising on which current or prospective customers are most likely to be interested (or uninterested) in certain offers.
Additional marketing services (which may overlap with “data marketing services” above), for example:
Assisting in targeting and optimizing of direct mail and email campaigns, display, mobile and social media marketing.
Measuring the effectiveness of online or offline ad campaigns by determining which messages are most likely to be seen or opened by which types of consumers, or which types of ads are most likely to lead to purchases.
Helping Clients to target marketing (including by email, direct mail, or other marketing channels) based on visits or log-ins to a Client (or affiliated) website.
Operating our Services, for example:
Improving, testing, updating and verifying our own database.
Developing new products.
Operating, analyzing, improving, and securing our Services.
Other internal purposes, for example:
For internal research, internal operations, auditing, detecting security incidents, debugging, short-term and transient use, quality control, and legal compliance. We sometimes use the information collected from our own website, from social networks, from other “business to business” interaction (such as at trade shows) or from data compilers for the above, as well as for our own marketing purposes. |
YOUR CALIFORNIA RIGHTS AND CHOICES
Without being discriminated against for exercising these rights, California residents have the right to:
- request that we disclose what personal information we have collected from you,
- delete that information, and/or
- opt-out of the sale of your personal information, subject to certain restrictions.
You also have the right to designate an agent to exercise these rights on your behalf. This section describes those rights in more detail.
If you are NOT a California resident (as that term is used in the CCPA), please do not rely on this Section, as the rights provided herein do not apply. In addition, please note that we may sometimes act as a “business” and sometimes as a “service provider” under the CCPA (for instance, when we merely process our clients’ data). The rights described in this document only apply when we are acting as a “business.” When we act only as a “service provider” to our clients (for instance, if they provide information to us for analytics, processing, or other data management services), any consumer requests for opt-out, deletion or access to data must be made through that client, and we will forward any such requests to a named client, as feasible.
Right to request access to your personal information
California residents have the right to request that we disclose the categories of your personal information we collect, use, or sell. You may also request the specific pieces of personal information we have collected from you.
We may withhold some personal information, however, when we are not able to verify to a reasonably high degree that the personal information we have is that of the person who submitted the request, and, consequently, the release of the information would pose a risk to individuals or our business. For example, we often are not able to provide such specific pieces of personal information – in particular, precise location coordinates – for this reason. For those sets of information, we are not able to sufficiently verify that the personal information we have pertains to the person who has submitted the request, or whether either the person in possession of a device or the person requesting the information is the actual device owner. A number of people may be temporarily in possession of another person’s phone, such as a partner, friend, or work colleague – whether consensually or not. We seek to avoid (and believe California law requires us to avoid) a situation where such a person might obtain potentially detailed and sensitive records pertaining to the phone’s owner. (A recent study concluded that one half of mobile phones were not password protected.) Moreover, because in operating our services we do not collect or connect names to home addresses (which we avoid in order to protect consumer privacy), we do not have other, more conventional ways to verify the identity of an actual device owner.
If you are uncomfortable with your device information being used in the ways described above, we recommend that you request an “opt out” of your information, found here. The Network Advertising Initiative (“NAI”), a leading self-regulatory organization, provides additional, comprehensive information about how to opt out here.
Right to request deletion of your personal information
We do not generally collect personal information directly from consumers. Therefore, if you seek to exercise your right, please complete an “opt out” request by visiting the opt-out pages offered by the NAI (here) and the Digital Advertising Alliance (DAA) (here).
Under the CCPA, we may retain personal information collected directly from consumers, even after receiving a “deletion” request, for certain important purposes, such as: (a) to protect our business, systems, and users from fraudulent activity, (b) to address technical issues that impair existing functionality (such as de-bugging purposes), (c) as necessary for us, or others, to exercise free speech or other rights, (d) to comply with law enforcement requests pursuant to lawful process or other legal obligations, (e) for scientific or historical research, or (f) for our own internal purposes reasonably related to your relationship with us. Additionally, we need certain types of information so that we can provide our Services to you. If you ask us to delete it, you may no longer be able to access or use our Services.
Right to opt-out of the sale of your personal information
California residents may also opt out of the “sale” of their personal information. California law broadly defines what constitutes a “sale,” including in the definition making available a wide variety of information in exchange for “valuable consideration.” Depending what information we have about you, and whether we have included any of it in our marketing services, we may have sold (as defined by California law) certain categories of information about you in the last 12 months, as described in the above table of this Addendum.
HOW TO EXERCISE YOUR ACCESS, DELETION, AND OPT-OUT RIGHTS (IF APPLICABLE)
This section explains how to exercise your rights under the CCPA and details our process for handling requests. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request. For all requests, we strive to respond within 45 days of receipt of the request (except that opt-outs will be effective within 15 days). If we require more time, we will inform you of the reason and extension period in writing. If we are unable to complete your requests fully for any reasons, we will provide you additional information about the reasons that we could not comply with your request.
Exercising Your Right to Access (“Right to Know”)
To request that we disclose the categories of your personal information that we collect, use, or sell, or the specific pieces of personal information that we have collected from you, you may:
- Send an email to privacy@f8020.net, detailing your request;
For security purposes (and as required under California law), we will verify your identity by requesting certain information from you. For instance, if you request categories or specific pieces of personal information we have received about you, you may need to confirm that you reside at a particular address or that you are in possession of a particular identifier that confirms to the sufficient statutory degree that you are the person you claim to be. Please see above for more information about the limits of such verification and our ability to provide specific pieces of information, and how we thus may respond to such requests.
Exercising Your Right to Deletion
To request that we delete your personal information that we collect directly from you, you may:
- Send an email to privacy@f8020.net,, detailing your request;
As explained above please note that “deletion” rights only apply to information that we have collected “from” consumers – which does not apply to much of the information in our databases.
When you request that we delete personal information we have collected from you, we will seek to confirm whether your request is for “deletion” or “opt out.” Because “opt out” (also known as “do not sell”) rights enable us to maintain your information for “suppression” purposes (i.e., to prevent us from selling information about you in the future, which is what many consumers requesting “deletion” actually desire to occur), we try to explain this in order to ensure we are meeting consumers’ preferences.
Upon completion of the above process, we will send you a notice that explains the categories of personal information we were able to locate about you and whether we (1) deleted, (2) deidentified, or (3) retained the information we collected from you. Certain information may be exempt from such requests under applicable law.
Exercising Your Opt-Out / Do Not Sell Rights
If you would like to opt out of the “sale” of your personal information:
- Send an email to privacy@f8020.net,, including your name and postal address.
Upon receipt of your request, we will remove you from our marketing database and/or suppress your name and postal address going forward.
You also may “opt out” by visiting the opt-out pages offered by the NAI (here) and the DAA (here). In addition, this NAI page explains how consumers may opt out of cross-app advertising through their device settings.
Right to nondiscrimination: We do not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights.
Information about persons under 16 years of age: We do not knowingly collect personal information from minors under 16 years of age in California unless we have received legal consent to do so. If we learn that personal information from such California residents has been collected, we will take reasonable steps to remove their information from our database (or to obtain legally required consent).
Authorized agents: You may also designate an agent to make requests under CCPA on your behalf. We will take steps both to verify the identity of the person seeking to exercise their rights as listed above, and to verify that your agent has been authorized to make a request on your behalf by providing us with a signed written authorization or a copy of a power of attorney.
QUESTIONS OR CONCERNS: If you have any questions about this Addendum, our Privacy Policy, or FLUID’s services or data practices or services, please contact us at privacy@f8020.net.