Last Updated: September 2, 2022
OUR PRIVACY PHILOSOPHY
Thanks for visiting our website and using our services! GumGum is committed to providing you with meaningful information and making sure you know your rights when it comes to any information you share with us. We want you to know that we are a “Privacy Forward” company and that we embrace protecting consumer privacy. Our goal is to be transparent about the data we collect, whether directly or through our partners, and inform you about how your data is (or is not) used, so that you can exercise your right to control the use of your personal data.
ABOUT US & OUR PRIVACY POLICY
This Privacy Policy describes the types of information we may collect from you or that you may provide to us when you visit the website https://www.gumgum.com and when you access our services (collectively, our “Website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This Privacy Policy applies to information we collect:
On this Website and through our services.
In email, text, and other electronic messages between you and this Website.
Through any mobile and desktop applications you download from this Website, which provide dedicated non-browser-based interaction between you and this Website.
When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this Privacy Policy.
It does not apply to information collected by:
Us offline or through any other means, including on any other website operated by GumGum or any third party (including our affiliates and subsidiaries); or
Any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on the Website
Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.
When we say “GumGum,” “we,” or “us” in this Privacy Policy, we mean the GumGum entity that acts as the controller or processor of your information. A controller is the individual or entity which, alone or jointly with others, determines the purposes and means of the processing of personal data. A processor is the individual or entity which processes personal data on behalf of the controller.
This Privacy Policy is also relevant for any European Economic Area (“EEA”), Swiss, UK, or California resident sharing his/her personal data directly or indirectly with GumGum and is provided in a layered format so you can click through to the specific areas set out below.
Please also refer to the Glossary to understand the meaning of some of the terms used in this Privacy Policy.
DID YOU RECEIVE AN AD FROM US?
First, you’ll be happy to know that GumGum doesn’t know who you are! We don’t know your name, the names of your family or friends, yours or their phone number, home address, exact location - nothing! So, then you may be wondering how is it that you keep receiving ads that seem to be “targeting” you? Well, let us explain. GumGum serves advertisements contextually – meaning, we only use images and text to serve ads relevant to you based on your browsing habits. We have no idea who you are, only that you enjoy shopping for sneakers!
How do we do it? Well, everyone has heard of cookies. No; not the chocolate chip or peanut butter variety but the small text files sent by us to your computer or mobile device that enables GumGum features and functionalities that are unique to your account or your browser. To find out more about cookies, visit this site.
For advertising, cookies help GumGum to:
Understand your online behaviors as you go from one site to another so that we can show you more relevant ads (and not a bunch of ads that you don’t have any interest in);
Know if you have interacted with or viewed a particular ad; and/or
Synchronize audience data between advertising buyers and sellers. Basically, the cookies allow buyers and sellers to communicate about what you like. So, if you’ve frequented sneaker sites, a sneaker company can build a profile about you based on your computer or mobile device’s behavior. GumGum then uses the cookie to say to the buyer, “Hey buyer, this device is browsing a site and probably likes sneakers, do you want to buy that ad space for a sneaker ad?” The buyer will, in turn, either buy the space to serve you a sneaker ad or not. This process is called syncing and helps ads get served to you so that you can hopefully get a deal for those awesome sneakers!
As you see, we do not in any way collect any of your personal data or information. We really don’t want it. We just want to keep serving ads to you based on things you’re already shopping for!
TYPES OF DATA WE COLLECT AND HOW WE USE IT
Did we mention we are transparent? The table below explains exactly what kind of data we collect. We use the data to:
Identify you when you visit our websites or access our platforms
Perform under a contract
Provide the products and services you request
Improve our services and product offerings
Conduct statistical performance analysis
Respond to your inquiries related to support, employment opportunities, or other requests
Internal administrative purposes, as well as to manage our relationship with you
OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
For both our Advertising and Sports lines of business, we also collect, use and share aggregated data (e.g., statistical or demographic data). In Advertising, though this aggregated data may be derived from your personal information, it is not considered personal information under the law because this information does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. If, however, we happen to combine or connect aggregated data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information, which will be used strictly in accordance with this Privacy Policy.
In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources.
OPTING OUT
You can always ask us or third parties to stop sending you marketing message, even if you gave your consent previously. Just log into the website and check or uncheck relevant boxes to adjust your marketing preferences or you can click the opt-out links on any marketing message sent to you, or click here: Exercise Your Rights.
Opting out of receiving marketing messages does not apply to personal data provided to us as a result of a product/service purchase or experience or other transactions.
CHANGE OF PURPOSE
We will only use your personal information for the purposes it was collected, unless we reasonably determine that we need to use it for another purpose that is compatible with the original. If you want to know how the processing for the new purpose is compatible with the original purpose, please Contact Us.
PERSONAL INFORMATION WE DO NOT COLLECT
Special Categories. We do not collect any sensitive personal information about you, which includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric information.
Age Restrictions/Limitations. GumGum does not knowingly permit the use of our Services and Websites by anyone younger than 18 years old. If you learn that anyone younger than 18 has unlawfully provided us with personal data, please Contact Us and we will take immediate action to delete such information.
HOW WE COLLECT YOUR PERSONAL DATA
We use different methods to collect information from and about you, including:
Direct interactions. You (on behalf of a business or as an individual) may give us personal information by registering for one of our Service dashboards or platforms, completing online forms, or by corresponding with us by phone, email or otherwise. Examples of the types of Services or online correspondence you may provide such personal information may include:
Sign-up for our products or services;
Create an account on our website or platform;
Subscribe to our service or publications;
Request marketing materials be sent to you;
Enter a competition, promotion or survey; or
Give us feedback.
Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.
ABOUT COOKIES
GumGum is a National Advertising Initiative (NAI) Member. As such, if you are interested understanding or learning more about tailored browser advertising and how you can best control cookies from being put on your device, please visit NAI Consumer Opt-Out or the Digital Advertising Alliance’s (DAA) Consumer Opt-Out. Here you can opt-out of receiving tailored advertising from businesses that participate in those programs.
You can also set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our or our partner website may become inaccessible or not function properly. For more information about the cookies we use, please see OUR COOKIE POLICY.
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
Our website or platforms may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal information about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the Privacy Policy of every website you visit.
We may engage third parties as service providers or business partners to process other information and support our business or services that we provide pursuant to our obligations under a written agreement. These third parties may, for example, provide virtual computing and storage services.
We require all third parties with whom we work to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
Internal Third-Party Disclosures
Current and future corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control) are joint controllers or processors who provide technology and system administration services;
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets;
To the extent permitted by applicable law, in addition to our websites, applications and other digital channels, we may also obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms and other third parties; or
Alternatively, we may seek to acquire other businesses or merge with them.
External Third-Party Disclosures
Service providers acting as processors who provide technology, fraud prevention, and system administration support services.
Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
Regulators and other authorities acting as processors or joint controllers who require reporting of processing activities in certain circumstances.
Other disclosures with or without your Consent. We may disclose your personal information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your personal information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies.
DATA SECURITY
We have put in place appropriate technical and organizational security measures to prevent your personal information from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know and are subject to a duty of confidentiality. They will only process your personal information on our instructions.
We have procedures to deal with any suspected personal data breach. If we are required by law to tell you about any unauthorized access of your personal information, we may notify you in writing or by telephone. We will also notify any applicable regulator of a breach that we are legally required to. Unfortunately, no method of transmission over the Internet or method of electronic storage is fully secure so, we cannot guarantee the security of your personal information. But rest assured, we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure.
Some of our websites permit you to create an account, which requires you to create a password. You are responsible for maintaining the confidentiality of your password and for any access to or use of your account by someone else with your password, whether or not it has been authorized by you. You should notify us of any unauthorized use of your password or account.
HOW LONG WILL WE HOLD PERSONAL DATA?
We only keep your personal information for as long as we need it to fulfill business purposes while fulfilling our obligations pursuant to a contract, as permitted by law, and/or in satisfying any legal, accounting, or other regulatory reporting requirements.
When we decide how long to keep your personal information, we consider (1) the amount, nature and sensitivity of the personal information, (2) the potential risk of harm from unauthorized use or disclosure of your personal information, (3) the purposes of processing your personal information and whether we can achieve those purposes through other means, and (4) the applicable legal requirements – all with a commitment to make sure your rights are not any less protected regardless thereof.
INTERNATIONAL DATA TRANSFERS
If you are internationally located, including the European Union, we may share your personal information with other GumGum entities outside of your country, like the United States. Some of our external third parties are global and based outside of the EEA so their processing of your personal information may involve a transfer of data outside the EEA, the UK, or Switzerland.
Whenever we transfer your personal information outside of the EEA, the UK, or Switzerland, we make sure a similar degree of protection is afforded to you by ensuring we use specific contracts approved by the European Commission that give personal information the same protection it has in Europe.
EUROPEAN ECONOMIC AREA (EEA), UK AND SWISS RESIDENTS: YOUR LEGAL RIGHTS
If you are an EEA, UK or Swiss resident, you have the right to access, rectify, download, or erase your information, as well as the right to restrict and object to certain processing of your information. While some of these rights apply generally, certain rights apply only in certain limited circumstances. We describe these rights below:
Access
You can access your personal data by submitting a data subject access request. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You may also request to correct any incomplete or inaccurate personal data that we hold about you. However, we may need to verify the accuracy of the new data you provide to us.
Rectify/Restrict/Limit/Remove
You have the right to ask us to rectify, restrict, limit, or remove the processing of your personal data where (1) there is no good reason for us to continue processing it, (2) we may have processed information inaccurately, unlawfully or (3) we were required to erase for compliance with local law. Note that we may not always be able to comply with your request to erase for specific legal reasons, which will be notified to you at the time of your request.
You may also request the transfer of your personal data to a third party, in which we will provide your personal data in a structured, commonly used and machine-readable format. This right only applies to automated information that you previously consented for us to use and/or used to perform a contract with you.
Object/Withdraw
You may object to the processing of your personal data in certain circumstances when relying on a legitimate interest of yours or of a third party that you feel impedes on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which overrides your rights and freedoms.
You may also withdraw consent to processing your personal data at any time. This does affect the lawfulness of any processing we have done prior to your consent withdrawal, and we may not be able to provide certain products or services to you after your consent withdrawal. We will notify you if this is the case at the time of your consent withdrawal.
If you wish to exercise any of the rights set out above, please contact us at [email protected].
No Charge/Fees (in most cases)
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or we may refuse to comply with your request in these circumstances.
What We May Need from You
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any other right). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time Limit to Respond
We try to respond to all legitimate requests within thirty (30) days. Occasionally, however, it may take us longer to process your request if it is particularly complex and/or if you have made multiple requests. In this case, we will notify you and keep you updated on the status of your request(s).
Your Right to File a Complaint
If you are based in the European Union, you also have the right to make a complaint at any time to your local regulator for data protection matters. We would, however, appreciate the chance to address your concerns before you approach the regulator so, please contact us in the first instance.
If you are based in the UK, you can make a complaint to the Information Commissioner’s Office (ICO)—the UK supervisory authority for data protection issues ICO UK.
United Kingdom
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Phone: +44 (0) 0303 123 1113
Email: [email protected]
If you are based in the EU, you can make a complaint to the data protection authority at:
Netherlands
Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30
P.O. Box 93374
2509 AJ Den Haag/The Hague
Tel. +31 70 888 8500
Fax +31 70 888 8501
Website: https://autoriteitpersoonsgegevens.nl/
Member: Mr Aleid Wolfsen - Chairman of the Autoriteit Persoonsgegevens
To contact GumGum with any questions or concerns, please contact us at:
UNITED KINGDOM
GumGum UK Limited
WeWork Building
138 Holborn
London, UK EC1N2SW, GB
Company Number: 09922859
Email: Global Compliance Officer
Phone: 1-310-260-9666
EU
Stationsplein – NO 410
Constellation Building
1117CL Schiphol
The Netherlands
UNITED STATES OF AMERICA
GumGum, Inc.
Data Protection Officer
1314 7th Street, 4th Floor
Santa Monica, CA 90401
Email: Global Compliance Officer
Phone: 1-310-260-9666
CALIFORNIA RESIDENTS: CCPA DISCLOSURES
The CCPA requires businesses that are subject to this law to provide consumers who reside in California with certain rights with respect to their personal information.
As a California resident and within 45 days, GumGum will respond to your right to:
Request a copy of the specific personal information collected about you during the 12 months before your request (a “personal information request”);
Have such information deleted (with exceptions);
Request that your personal information not be sold to third parties, if applicable; and
Not to be discriminated against because you have exercised any of these rights.
Should you choose to exercise any of your rights above, CCPA allows consumers to make a personal information request no more than twice in a 12-month period and that business will need to collect information from the requesting party so that It can verify a Consumer’s identity. However, because GumGum collects very limited personal data that is further pseudo-anonymized, most times we will not be able to provide you with copies of specific personal information or delete same.
CALIFORNIA CONSUMER RIGHTS – DO NOT SELL MY PERSONAL INFORMATION
For California Residents Only: GumGum provides two ways to exercise your rights: Compete the form at DO NOT SELL or call 866-I-OPT-OUT and enter service code 319 when prompted. To assure a timely and accurate response, we kindly ask that you contact us by selecting only one of these methods.
CHANGES TO THIS PRIVACY POLICY
GumGum may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, GumGum will provide additional notice, such as via email or through the Services.
CONTACT GUMGUM
Questions or concerns about this policy, please email us at: [email protected].
GLOSSARY
Ad Delivery and Reporting (ADR) is separate and distinct from Personalized Advertising, and means the collection or use of data about a browser or device for the purpose of delivering ads or providing advertising-related services, including, but not limited to: providing a specific advertisement based on a particular type of browser, device, or time of day; statistical reporting, traffic analysis, analytics, optimization of ad placement; ad performance, reach, and frequency metrics (e.g., frequency capping); security and fraud prevention; billing; and logging the number and type of ads served on a particular day to a particular website, application, or device.
Applicable Laws means laws, rules, directives, regulations issued or enacted by any government entity (including any domestic or foreign, supra-national, state, county, municipal, local, territorial or other government, which includes to the extent applicable, Directive 95/46/EC, Directive 2002/58/EC, European Commission decisions and guidance) each as transposed into domestic legislation of each Member State or other country and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR, and any industry self-regulatory principles that are applicable in the location or region where the Services are provided or received, related to the Processing of Personal Data or the interception, recording or monitoring of communications.
CCPA means Assembly Bill 375 of the California House of Representatives, an act to add Title 1.81.5 (commencing with Section 1798.100) to Part 4 of Division 3 of the Civil Code, relating to privacy and approved by the California Governor on June 28, 2018 (California Consumer Protection Act, “CCPA”).
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Cross-App Advertising is the collection of data across applications owned or operated by different entities on a particular device for the purpose of delivering advertising based on preferences or interests known or inferred from the data collected.
Cross-Device Linking is the practice of linking two or more devices or browsers used or likely used by the same user, for advertising purposes.
De-Identified Data is data that is not linked or intended to be linked to an individual, browser, or device.
Device-Identifiable Information (DII) Formerly referred to as “Non-PII,” Device-Identifiable Information (DII) is any data that is linked to a particular browser or device if that data is not used, or intended to be used, to identify a particular individual. DII may include, but is not limited to, unique identifiers associated with browsers or devices, such as cookie identifiers or advertising identifiers, and IP addresses, where such data is not linked or intended to be linked to PII. DII includes data that is linked to a series of browsers or devices linked through Cross-Device Linking, if that data is not used, or intended to be used, to identify a particular individual. DII does not include De- Identified Data.
EU Model Clauses means the standard contractual clauses approved by European Commission on standard contractual clauses for the transfer of Personal Data to Processors or Controllers established in third countries (but which shall exclude any contractual clauses designated by the European Commission as optional in that decision), as amended or replaced from time to time by the European Commission.
GDPR (General Data Protection Regulation) means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC; The terms, “Controller”, “Processor” “Data Subject”, “Member State”, “Personal Data” or “Data”, “Personal Data Breach”, and “Processing”, and “Supervisory Authorities” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
Interested Party means the party to the Main Agreement and on whose behalf GumGum processes the Personal Data of Interested Party or of Interested Party’s clients, whether received from Data Subjects/Consumers, third parties or Interested Party.
Interest-Based Advertising means the collection of data across web domains owned or operated by different entities for the purpose of delivering advertising based on preferences or interests known or inferred from the data collected.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).
Main Agreement means the agreement between the Interested Party and GumGum whereby GumGum provides the Services and, in connection with the supply of such Services, engages in the processing of Personal Data of Data Subjects on behalf of Data Controller.
Opt-In Consent Opt-In Consent is an affirmative action taken by an individual that manifests the intent to opt in.
Opt-Out Mechanism is an easy-to-use mechanism by which individuals may exercise choice to disallow Personalized Advertising with respect to a particular browser or device.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Personal Directory Data is calendar, address book, phone/text log, or photo/video data (including any associated metadata), or similar data created by a user that is stored on or accessed through a device.
Personalized Advertising is a collective term for Interest-Based Advertising, Cross-App Advertising, and Retargeting, as well as any combination of these practices.
Personally-Identifiable Information (PII) is any information used, or intended to be used, to identify a particular individual, including name, address, telephone number, email address, financial account number, and government-issued identifier.
Precise Location Data is information that describes the precise geographic location of a device derived through any technology that is capable of determining with reasonable specificity the actual physical location of an individual or device, such as GPS-level latitude-longitude coordinates or location-based Wi-Fi triangulation.
Retargeting is the practice of collecting data about a browser’s or device’s activity in one unaffiliated web domain or application for the purpose of delivering an advertisement based on that data in a different, unaffiliated web domain or application.
Sensitive Data means and includes:
Social Security Numbers or other government-issued identifiers;
Insurance plan numbers;
Financial account numbers;
Information about any past, present, or potential future health or medical conditions or treatments, including genetic, genomic, and family medical history based on, obtained or derived from pharmaceutical prescriptions or medical records, or similar health or medical sources that provide actual knowledge of a condition or treatment (the source is sensitive);
Information, including inferences, about sensitive health or medical conditions or treatments, including but not limited to, all types of cancer, mental health-related conditions, and sexually transmitted diseases (the condition or treatment is sensitive regardless of the source); and
Sexual orientation.
Services means the services as defined in the Main Agreement between Interested Party and GumGum.
Sub-processor means any third party (including any Processor affiliate) appointed by or on behalf of Data Processor to process Personal Data on behalf of Interested Party in connection with an Agreement.
Viewed Content Advertising is the collection of Viewed Content Information, or the use of such data for the purpose of tailoring advertising based on preferences or interests known or inferred from the data collected. Viewed Content Information is data about the video content viewed on a television.