Redbox Platform Privacy Policy

What is the GDPR and how does it affect Redbox Platform customers?

On May 25, 2018, The European Union began to enforce a new data privacy law called the General Data Protection Regulation (GDPR) replacing the previous Data Protection Directive. A primary aim of the GDPR is to provide people in the EU greater control over their personal data and data which is collected about them.

Any company that collects (or processes on behalf of the company that collects) personal data of persons in the EU falls under the scope of the GDPR, even if the company has no physical presence in the European Union. This means that most businesses with a global or online presence, including Redbox Mobile's customers are affected.

A detailed guide to GDPR from the ICO (Information Commissioner's Office), which is the UK's data protection authority, can be found here.

Privacy Policy

Redbox Mobile recognises that the information it collects can relate to:

  1. Data collected through Marketing Activities, such as registrations as part of webinars, conference events, emails, website browsing, and related activity.
  2. Data collected through the use of our Redbox Mobile Services – use of the Redbox Platform and related services (such as attribution provision data and ASO).

As such, we provide a separate Privacy Policy for Marketing Activities and Redbox Mobile Services.

Marketing Activities Privacy Policy

Introduction

This Marketing Activities Privacy Policy applies to:

  1. use of the Redbox Mobile Websites (redboxmobile.com, redboxplatform.com and their subdomains);
  2. our marketing activities including, registrations as part of webinars, conference events, emails etc.; and
  3. any other product or activity that links to, or otherwise references, this privacy policy (collectively, the "Marketing Platforms").

This Marketing Activities Privacy Policy does not apply to information collected through use by customers of the Redbox Mobile service, which is described under our Redbox Mobile Services Privacy Policy.

Information We Collect

When using or interacting with our Marketing Platforms, we may collect or receive the following types of information (collectively, "Information").

Personal Information
such as name, email, contact details or any other personal content that you provide to us whether through a form or field on our website or any other communication (e.g. email, phone, post etc.).
Technical Information
such as browser type, operating system, device type, IP address and other similar technical information typically received from a browser or device when visiting or interacting with our Marketing Platforms. This may include the referring URL that led you to our website.
Usage Information
such as the pages you visited on our website, where you clicked, searches performed on our website and other similar information related to how you have used our website. It may also include information related to whether you receive, opened or clicked on any links in an email sent to you.

We understand that certain Technical information or Usage Information may, either alone or when combined with other data, be deemed personal data under various laws and jurisdictions and we are committed to treating such data in compliance with applicable laws.

The Methods We Use to Collect and Receive Information

Depending on the type of Information, we may collect or receive Information in the following ways:

When you voluntarily share Information with us. For example, when you register to one of our events, request that we contact you through our online forms, submit your CV, or when you request to receive certain content that we may make available (e.g. research and white papers).

Through use of cookies and other similar technologies (e.g. HTML5 Local Storage, LSO, web beacons, JavaScript, etc.). These technologies help us to analyse how our Marketing Platforms are used and to tailor content that is relevant to you. It also helps us to deliver more relevant advertisements to you on our own or third party sites.

Information obtained from third party sources. This includes Information received through the various business support tools and services that we use (e.g. marketing platforms, analytics services etc.) and public sources such as social media sites. We may combine the Information received through these sources with other Information we have in order to ensure our records are up to date and so that we are able to provide you with relevant content.

You have choices in how we collect and use Information. See the "Your Choices" section below for more information.

The Purpose of Information Collection

We use Information for the following purposes:

To process your inquiries and to respond to your requests. For example, when you contact us to learn more about our products or services or when you request to receive certain materials from us (e.g. white papers, research papers, product and services information). Additionally, if you submit your CV us, we use it to evaluate your candidacy (including by assessing your qualifications and skills).

To send you information related to our services and products that we believe may interest you, such as newsletters or product and service updates. Such communications will be sent to you when you have chosen to receive such communication or when we have a legitimate interest to market our products and services. In any event, you will always be able to opt-out of receiving such communications. Opting out may be done either directly in the communication received or through the ways described in the instructions in the "Your Choices" section below.

To understand how you have used our Marketing Platforms and to customize them in accordance with your interests and past actions and choices. We do this based on our legitimate interest to operate our Marketing Platforms, diagnose any problems with the Marketing Platforms and to improve the Marketing Platforms and your experience when navigating through them.

In our legitimate interest to prevent fraud or harm to us or to any third party, and ensure the security of our network and services.

Where it is necessary for Redbox Mobile to comply with its legal obligations and to exercise and enforce its legal rights.

Who We Share Information With

In order to conduct our business and operate our Marketing Platforms, we may share Information with various third parties, such as:

Our subsidiary companies and global branches.

Third parties that help us operate our Marketing Platforms (e.g. hosting company, recruitment platforms and agencies, payment processors, business management and email distribution service providers and other similar service providers).

When required by law, such as to comply with court orders, search warrants, regulatory orders, subpoenas, and other lawful requests by public authorities, including to meet national security or law enforcement requirements;

Legal authorities, consultants, advisors or service providers when required to investigate, respond to, or prevent, fraud; or when required to ensure the security of our network and services and protect the safety of Redbox Mobile or the public.

As part of any merger or acquisition of Redbox Mobile , Information may be transferred to the merging or acquiring company, as well as to any advisors representing a party during discussions of such merger or acquisition.

Redbox Mobile resellers, agents, partners or service providers acting on our behalf in connection with the offering of Redbox Mobile's products or services.

Without derogating from the foregoing, Redbox Mobile may publish general aggregate and unidentifiable information (e.g. statistical information) relating to use of its Marketing Platforms.

Cross Border Transfers

The GDPR primarily applies to controllers and processors located in the European Economic Area ("the EEA") with some exceptions.

Individuals risk losing the protection of the GDPR if their personal data is transferred outside of the EEA. On that basis, the GDPR restricts transfers of personal data outside the EEA, or the protection of the GDPR, unless the rights of the individuals in respect of their personal data is protected in another way, or one of a limited number of exceptions applies.

A transfer of personal data outside the protection of the GDPR (which we refer to as a 'restricted transfer'), most often involves a transfer from inside the EEA to a country outside the EEA.

Redbox Mobile does not currently need to transfer Customer Data to countries outside of the EEA.

Information Storage and Retention

We will only retain your Personal Information for as long as necessary to pursue the purpose of the collection. We may also retain your Personal Information for such time needed to pursue our legitimate business interests, in connection with any legal claims and compliance with legal obligations. When we use your information for direct marketing purposes, we will retain your data until you opt-out from receiving the marketing materials; provided that we will need to retain certain information to maintain a record of your request.

Your Choices

We provide you with various choices on how we may use Information in connection with:

  1. our marketing activities; and
  2. our use of cookies and similar technologies to serve your interest-based advertisements and to analyse usage of our Marketing Platforms.

You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails, accessing the email preferences in your account settings page, or you can contact us at privacy@redboxmobile.com

We use cookies to store information about visitors' preferences, record user-specific information on which pages the user access or visit, customise Web page content based on visitors' browser type or other information that the visitor sends via their browser. Cookies are also used by Google for analytics purposes. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of the Redbox Platform.

In addition, the laws of some jurisdictions may provide you with various rights in connection with our processing of certain Information. Such rights may include:

  • The right to withdraw any previously provided consent;
  • The right to access certain information about you that we process;
  • The right to have us correct or update any Personal Information;
  • The right to have certain Information erased;
  • The right to have us temporarily block our processing of certain Information;
  • The right to have Information exported into common machine-readable format;
  • The right to object to our processing of Information in cases of direct marketing, or when we rely on legitimate interests as our lawful basis to process your information; and
  • The right to lodge a complaint with the appropriate data protection authority.

Please note these rights may be limited in certain circumstances as provided by applicable law. For any additional information regarding such rights or to exercise any such rights please contact Redbox Mobile at: privacy@redboxmobile.com

Social Media and Third Party Services

Our website may offer a blog with 'comments' section and various social media features, such as a 'share' button or links to third party websites and services, including Twitter, LinkedIn, Google+ and Facebook. When using any such features, certain information may be collected by such third parties, including your IP address or which page you are visiting on our website, and such third parties may set a cookie to enable the feature to function properly. Any data collected by such third parties is governed by such third party's privacy policy. You are encouraged to carefully review such third party privacy policies.

Contacting Us

For any questions relating to this Marketing Activities Privacy Policy or to contact our data protection officer please send us a mail to: privacy@redboxmobile.com

You may also send us or our Data Protection Officer regular mail:

Redbox Mobile
Attn: Data Protection Officer
Orwell House, 50 High Street, Hungerford, Berkshire, RG17 0NF

Redbox Mobile Services Privacy Policy

Introduction

Redbox Mobile provides paid search and mobile app optimisation services ("Services") that enable advertisers and developers (collectively, "Customer(s)") to:

  1. Measure and analyse the effectiveness of their mobile app marketing campaigns.
  2. Optimise paid search services based on certain events and actions within their Application or websites, such as in-app purchases made by End Users (as defined below).
  3. The Services also help our Customers identify and protect against fraudulent behaviour related to their marketing campaigns.

This Redbox Mobile Services Privacy Policy describes Redbox Mobile's privacy practices in relation to the information collected from Customers and End Users and received by Redbox Mobile when Customers use our Services. This Services Privacy Policy does not apply to information collected through use of Redbox Mobile's publicly accessible website or marketing activities, which is described under our Marketing Activities Privacy Policy.

Furthermore, Redbox Mobile and its Customers have entered into an agreement that governs the provision of Services by Redbox Mobile and their use by Customers ("Agreement(s)"). Such Agreements may contain additional obligations on the parties with respect to the handling of information. Nothing in this Redbox Mobile Services Privacy Policy negates such additional obligations.

For the purpose of this Redbox Mobile Services Privacy Policy, any reference to "End User(s)" means end users who have interacted with, or viewed, Customer's advertising and marketing materials, or use or have used Customer's Applications, websites, products and services.

End User Data Received and Processed by Redbox Mobile

When a Customer uses the Services, the following End User information may be received and processed by Redbox Mobile (collectively, "End User Data").

Technical Information
this refers to technical information related to an End User's mobile device or computer, such as: browser type, device type and model, CPU, system language, memory, OS version, Wi-Fi status, time stamp and zone, device motion parameters and carrier.
Technical Identifiers
this refers to various unique identifiers that generally only identify a computer, device, browser or Application. For example, IP address (which may also provide general location information), User agent, IDFA (identifier for advertisers), Android ID (in Android devices); Google Advertiser ID, Customer issued user ID and other similar unique identifiers.
Engagement Information
this refers to information relating to the Customer's ad campaigns and End User actions, such as: clicks on Customer ads, ad impressions viewed, audiences or segments to which an ad campaign is attributed, the type of ads and the webpage or Application from which such ads were displayed, the webpages on Customer's website visited by an End User, the URL from the referring website, downloads and installations of Applications, and other interactions, events and actions Customers choose to measure and analyse within their Application or website (e.g. add to cart, in-app purchases made, clicks, engagement time etc.).

While End User Data does not generally contain any information that directly identifies an individual, such as names, addresses, credit cards or other similarly regulated financial information, health information, or any other type of sensitive personal information ("PII"), we acknowledge that under certain jurisdictions the End User Data we do receive when a Customer uses the Services may be deemed personal data and therefore, where applicable, will be treated as such. Within the scope of the engagement between Customers and Redbox Mobile, Customers are contractually prohibited from collecting PII, unless otherwise agreed by Redbox Mobile. However, Customers have sole control over their properties (including their websites and Application) and configuration of the Services and thus Customers have the technical ability to configure the Services to collect PII. This includes, for example, a Customer using an End User's email address as a Customer issued user ID Technical Identifier. If a Customer has configured the Services to collect PII then we may receive and process such data.

Registration Information Received and Processed by Redbox Mobile

When a Customer registers to use the Services, we may collect certain information related to such Customer ("Registration Information" and together with the End User Data, "Customer Data"), including Customer name and Customer details, billing information and names and contact details of Customer employees and representatives who are using the Services (e.g. email, phone number and address). When a Customer uses the Services, Redbox Mobile may also collect certain log data, such as IP address from which a Customer is connecting to the Services, information related to the device being used to connect to the Services (e.g. browser type, device type, OS version) and the features and functions of the Services used by the Customer ("Log Data").

How Data is Collected

Customer Data may be collected through various methods, including:

  1. When provided voluntarily (e.g. Customer's Registration Information).
  2. When the Customer integrates Redbox Mobile's API's, redirect links, JavaScript tags, cookies or similar data collection technologies into their Applications, websites and/or ads ("Collection Technologies"). For explanations on cookies and similar technologies, please see our Cookie Policy.
  3. From the various advertising networks and third parties that are used by the Customer in connection with the measurement and analysis of Customer's marketing campaigns and that have partnered with Redbox Mobile ("Partners").

How Data is Used by Redbox Mobile

When Redbox Mobile receives End User Data from a Customer, it uses such End User Data as follows:

to provide such Customer with the Services they have subscribed for. Such services may include, without limitation, ad serving, analytics and ad fraud protection services. Please visit redboxmobile.com for more information regarding the Services.

End User Data does not contain PII such as End User names, physical addresses, phone numbers or other similar personal data that can directly identify an individual.

With regards to Registration Information and Log Data, we use such information to authenticate login to the Services, to communicate with Customer and to process any payments in connection with the Services. Additionally, we may use: (i) Registration Information to inform Customer of any updates to the Services, including new features and functionalities; and (ii) Log Data to understand how Customers are using the Services so that we may efficiently audit, maintain and improve the Services provided to Customers.

Redbox Mobile may use information derived from the aggregation of End User Data and/or Log Data with other data for research and analytics purposes and improvement and marketing of the Services ("Aggregated Data"). Aggregated Data shall be anonymous and in no way reveal the identity of the Customer or any End User.

Sharing Data

Redbox Mobile does not share or disclose Customer Data with any third party, except:

  • Upon our Customer's request - (e.g. to Partners);
  • To our subsidiaries and global branches as necessary to help us support and maintain the Services provided to Customers;
  • To our service providers who help to support our Services – such as data hosting providers and payment processors;
  • When legally required (e.g. court orders or other lawful requests by public authorities), including to meet national security or law enforcement requirements;
  • To respond to, or prevent, fraud or to protect the safety of Redbox Mobile, its' Customers, End Users or the public;
  • As part of any merger or acquisition of Redbox Mobile, in which case End User Data may be transferred to the surviving or acquiring entity.

Cross Border Transfers

The GDPR primarily applies to controllers and processors located in the European Economic Area ("the EEA") with some exceptions.

Individuals risk losing the protection of the GDPR if their personal data is transferred outside of the EEA. On that basis, the GDPR restricts transfers of personal data outside the EEA, or the protection of the GDPR, unless the rights of the individuals in respect of their personal data is protected in another way, or one of a limited number of exceptions applies.

A transfer of personal data outside the protection of the GDPR (which we refer to as a 'restricted transfer'), most often involves a transfer from inside the EEA to a country outside the EEA.

Redbox Mobile does not currently need to transfer Customer Data to countries other than the country from which the Data originated.

Protecting Data and Retention

Redbox Mobile implements appropriate technical and organizational measures designed to protect against unauthorized access, accidental loss, destruction or damage of Customer Data.

Redbox Mobile will not retain: (i) End User Data for more than twenty four months except where otherwise directed by Customers or required or allowed by law; and (ii) Registration Information, Log Data or Platform Data for more time than is needed to serve the legitimate business need for which it was collected.

Relationship, Lawful Basis and End User Choices

Under the laws of certain jurisdictions, when processing End User Data in connection with the provision of Services to a Customer, Redbox Mobile is deemed a 'data processor' while its Customers are deemed 'data controllers'.

Therefore, End Users should closely review the Privacy Policies of the Applications and websites they use in order to learn about the privacy practices of our Customers.

Where Redbox Mobile may be deemed a data controller under the laws of certain jurisdictions (e.g. in connection with its processing of Platform Data, Log Data or Registration Information), Redbox Mobile shall comply with all applicable laws related to its status as a data controller and shall only use the data as described in this Redbox Mobile Services Privacy. The lawful basis relied on by Redbox Mobile to process Data is its legitimate interest: (i) to provide its Customers using the Services with more accurate analysis and measurement of their marketing campaigns; and (ii) to detect and prevent fraud related to their ad campaigns.

With regards to Registration Information and Log Data, the lawful basis Redbox Mobile relies on is its need to perform its obligations under the Agreement between Redbox Mobile and the Customer and on its legitimate interests to maintain, analyse and improve the Services.

The laws of certain jurisdictions may provide End Users with various rights in connection with the processing of End User Data, including:

  • The right to withdraw any previously provided consent;
  • The right to access certain information about you that we process;
  • The right to have us correct or update any Personal Information;
  • The right to have certain Information erased;
  • The right to have us temporarily block our processing of certain Information;
  • The right to have Information exported into common machine-readable format;
  • The right to object to our processing of Information in cases of direct marketing, or when we rely on legitimate interests as our lawful basis to process your information; and
  • The right to lodge a complaint with the appropriate data protection authority.

Where Redbox Mobile is deemed a data processor, End Users should contact our Customers to pursue any such legal data subject rights. Redbox Mobile will cooperate with its Customers to support and comply with any such data subject rights requests. Where Redbox Mobile is deemed a data controller, End Users may exercise their rights by contacting Redbox Mobile at: privacy@redboxmobile.com

Please note these rights may be limited in certain circumstances as provided by applicable law. In any event, Redbox Mobile provides End Users with the ability to opt-out of being tracked by the Services by emailing a request to privacy@redboxmobile.com

Updates and Questions

We may update this Redbox Mobile Services Privacy Policy from time to time. Any material changes will be notified to the Customer either through the Services, email or as otherwise agreed by the parties in the Agreement.

For any questions relating to this Services Privacy Policy or to contact our data protection officer please send us a mail to: privacy@redboxmobile.com

You may also send us or our Data Protection Officer regular mail:

Redbox Mobile
Attn: Data Protection Officer
Orwell House, 50 High Street, Hungerford, Berkshire, RG17 0NF