EX.CO Privacy Policy

Policy last updated: December 30, 2019

Hi there!

Playbuzz Ltd. (“we“, “us“, “EX.CO“) prepared this Privacy Policy and Cookie Policy (which is incorporated herein by reference) to explain to you how and why we collect Personal Information (meaning, any information which identifies or may potentially identify you with reasonable means) about you when you are using our Platform.

The Privacy Policy and Cookie Policy are a part of the EX.CO Terms and Channels Terms, which are incorporated herein by references. The definitions, which appear in this document, shall have the meaning ascribed to them in our EX.CO Terms and Channels Terms.

We encourage you to review the following information carefully.

If you have a visual disability, you may be able to use a screen reader or other text-to-speech or text-to-Braille tool to review the contents of this Privacy Policy.


From whom do we collect Personal Information?

This Privacy Policy applies to EX.CO’s collection, use, and disclosure of the Personal Information of the following categories of individuals:

  • Website Visitors– individuals who visit our Website (https://www.EX.CO) and who may volunteer certain contact data (such as their email address) to receive communications from EX.CO.
  • Customers– those who register on their own or on behalf of an entity or organization to use any product(s) or service(s) within EX.CO’s Platform, including administrators of an EX.CO Account. For the purposes of this Privacy Policy, “Services” shall refer to all product(s), service(s) or offering(s) made available by EX.CO.
  • End Users– individuals who visit our Customers’ websites and whose information we process (on behalf of our Customers) in order to provide the Services to our Customers pursuant to our agreements with them (“End Users”). All personal data about End Users will be solely collected on behalf of our Customers. EX.CO may use the data collected for analytics and customization of ads only in an aggregated and anonymized form. EX.CO will not collect or process any Sensitive Data of End Users.

What kinds of information do we collect?

Depending on which features of the Platform you use, we collect different kinds of information (including Personal Information) about or from you. This Personal Information is necessary for the performance of our contractual obligations towards you and providing you with our Services, to protect our legitimate interests, as well as for compliance with regulatory obligations to which we are subject. If this information will not be provided, you may not be able to use our Platform (such as opening an EX.CO Account), or certain features of our Platform. In certain instances, we will obtain your consent to the collection of your Personal Information, as appropriate (in which case, you can revoke your consent at any time by approaching us).

 

From Website Visitors

  • Name, email address, and other contact information– we ask for and – at your option – collect your contact data (such as name and email address) from you when you submit web forms on our Website, including opportunities to sign up for and agree to receive email communications from us. We also may ask you to submit such Personal Information if you choose to use interactive features of the Website, including participation in surveys, requesting customer support, or otherwise communicating with us. We will send such communications in accordance with applicable law.
  • Log Files– just as when you visit and interact with most websites and services delivered via the Internet, when you visit our Platform, we may gather certain information and store it in log files. This information may include but is not limited to Internet Protocol (IP) addresses, system configuration information, URLs of referring pages, and locale and language preferences.
  • Cookies and Other Tracking Technologies– we may use cookies and other information gathering technologies for a variety of purposes, such as providing us with information about how you interact with our Platform and assisting us in our marketing efforts. Note that if you disable cookies entirely, EX.CO’s Platform may not function properly. We may also use cookies and similar technologies to provide you advertising on third-party sites based upon your browsing activities and interests.

 

From Customers

  • Customer Account Information– when you register for an EX.CO Account, we collect your email address, name and other contact data. We may also ask you to enter your website domain in order to provide our Services. We refer to this information as “Customer Information” for the purposes of this Privacy Policy. Customer Information is required to identify you as a Customer and permit you to access your EX.CO Account(s). By voluntarily providing us with such Customer Information, you represent that you are the owner of such Personal Information or otherwise have the requisite consent to provide it to us. If you register to our Platform through a social network platform (for example Google), you will provide us access to any information you made available on that platform (depending on your privacy settings) and any additional information that you specifically consent to provide us with.
  • Payment Information– when you sign up for one of our paid Services, you must provide billing information. The information you will need to submit depends on which billing method you choose. For example, if you pay with a credit card, we (or third party service providers) will collect your card information and billing address, although we do not store full credit card numbers or personal account numbers.
  • Technical information – this includes certain technical Personal Information that is recorded when you use our Platform and/or our Services. This information may include but is not limited to IP addresses, unique and persistent device identifiers, WiFi information, operating system and device information, system configuration information, and other information about traffic to and from Customers’ websites.

 

From End Users

  • Contact Information– we collect information from lead generation forms, filled by End Users, on behalf of our Customers. The data collected may vary and may include Personal Information. We will not collect any sensitive data on End users.
  • Technical Information– we collect End Users’ information when they use our Customers’ websites, web applications, and APIs. This information may include but is not limited to IP addresses, unique and persistent device identifiers, WiFi information, operating system and device information, system configuration information, and other information about traffic to and from Customers’ websites (collectively, “Log Data”). We collect and use Log Data to operate in performance of our obligations under our Customer agreements.

Data collected from End Users will be used solely on behalf of our Customers, who serve as Data Controllers (or as Businesses, as defined under the CCPA, where the End Users reside in California). EX.CO may process the data collected on its own behalf only on and aggregated and anonymized basis for research, analytics, improvement of our Platform and customization of ads.

If we combine Personal Information with anonymous information about you, the combined information will be treated as Personal Information for as long as it remains combined.

 

Tracking technologies

When you visit or access our Platform (including when you interact or engage with our Embedded Items), we use (and authorize third parties to use) web beacons, cookies, pixel tags, scripts, tags and other technologies (“Tracking Technologies“).

These Tracking Technologies allow us and third parties to automatically collect information about you (including your Personal Information, such as your IP address or other unique identifiers, your device’s location or hashed email address) and your online behavior, as well as your device, in order to enhance your navigation on our Platform, improve our Platform’s performance and customize your experience on our Platform, as well as for behavioral advertising and fraud prevention purposes. We also use this information to collect statistics about the usage of our Platform, perform analytics and administer services to our Users, Customers and partners. To learn more please visit our Cookie Policy.

 

How do we use the information we collect?

  • Managing Customer registration– if you have registered for an EX.CO Account, we process your Personal Information by managing your user account for the purpose of performing our obligations under our contract with you according to the applicable terms of service.
  • Billing purposes– if you registered for an EX.CO Account, we (or third party service providers) will process your billing information, as provided by you, in order to charge our Services. We will occasionally send you communications of a transactional nature including billing related matters like receipts.
  • Administration and internal records– we may use data collected from our Customers for administration and internal record keeping purposes, including but not limited to accounting purposes, maintaining Customer databases, billing etc.
  • Provision of our Services – we work hard to provide you with the best user experience on our Platform. In order to do so, we use all information that we have (including Personal Information) to create a personalized experience for our users and to improve our Platform.
  • Communications and updates – we may use your Personal Information to communicate with you, for example, we may use your email address to respond to your queries or feedback, inform you about our new features, or send you reminders to complete activities that you’ve started on our Platform or remind you of your password (if you’ve forgotten it). We may also use your Personal Information to let you know about our policies or important notifications and updates about our Platform.
  • Analytics, surveys and research – we are always trying to think of new and exciting features for our Users or Customers. From time to time, we conduct surveys or test features in our Platform, and analyze the information we have to develop, evaluate and improve these features.
  • Marketing – we may use your Personal Information to alert you about upcoming features or provide you notifications concerning certain features on our Platform. We may also send you promotional materials concerning our partners’ products, which we believe may interest you. You may choose not to receive our promotional or marketing emails at any time, by clicking on the unsubscribe link in the emails that you receive from us. Please note that even if you unsubscribe from our newsletter, we may continue to send you service-related updates or notifications.
  • Protecting our interests – we use your Personal Information when we believe it’s necessary in order to take precautions against liabilities, investigations and to defend ourselves against any third party claims or allegations, protect ourselves from fraud, protect the security or integrity of our Services and protect the rights and property of EX.CO, its Users, Customers and/or partners.
  • Enforcing of policies – we use your Personal Information in order to enforce our policies, including but not limited to our EX.CO TermsChannels Terms, and/or any other obligations under an agreement between you and EX.CO.
  • Compliance with legal and regulatory requirements – we also use your Personal Information to investigate and prevent violations, and as may be required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process.
  • Displaying personalized advertisements and content – we process your Personal Data to conduct marketing research, advertise to you, provide personalized information about us and to provide other personalized content based upon your activities and interests to the extent it is necessary for our legitimate interest in advertising our Platform or, where necessary, to the extent you have provided your prior consent.

With whom do we share the information that we collect?

  • Internal concerned parties – we may share your information with companies in our group, as well as our employees, in order to provide you with our Services.
  • Service providers – we may share your Personal Information with our service providers, such as payment processors, storage providers (such as AWS), marketing affiliates (who assist us with carrying our marketing campaigns, such as email campaigns), our fraud detection tools, and our analytics providers who help us provide you with our service.
  • Legal and regulatory entities – we may disclose information in case we believe, in good faith, that such disclosure is necessary in order to enforce our policies (including our EX.CO Terms and Channels Terms) take precautions against liabilities, investigate and defend ourselves against any third party claims or allegations, protect the security or integrity of the Platform and protect the rights and property of EX.CO, its Users, Customers and/or partners. We may also disclose your Personal Information where requested by legal or regulatory authorities having control or jurisdiction over us, you or our partners.
  • Mergers and acquisitions – we may share or transfer your Personal Information if we enter into a business transaction such as a merger, acquisition, reorganization, bankruptcy, or sale of some or all of our assets. Any party that acquires our assets as part of such a transaction may continue to use your information in accordance with the terms of this Privacy Policy.
  • Professional advisers– in individual instances, we may share Personal Information with professional advisers acting as processors or controllers including lawyers, bankers, auditors, insurers and accounting services, and to the extent we are legally obliged to share or have a legitimate interest in sharing your Personal Data.

EU Residents

 

International Data Transfer

Please note that our businesses, as well as our trusted partners and service providers, are located around the world. Any information that we collect (including your Personal Information) is stored and processed in various jurisdictions around the world (including in the United States), for the purposes detailed in this Privacy Policy. Please note that some data recipients may be located outside the EEA. In such cases we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection, or enter into legal agreements ensuring an adequate level of data protection.

Website Visitor/Customer Rights

If you reside in the EU (or in a jurisdiction that affords you with the below rights), you may request to:

  • Receive confirmation as to whether or not Personal Information concerning you is being processed, and access your stored Personal Information, together with certain supplementary information.
  • Receive Personal Information you directly volunteer to us in a structured, commonly used and machine-readable format.
  • Request rectification of your Personal Information that is in our control (you can also adjust the information on your EX.CO Account profile page).
  • Request erasure of your Personal Information.
  • Object to the processing of Personal Information by us.
  • Request to restrict processing of your Personal Information by us.
  • Lodge a complaint with a supervisory authority.

 

However, please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements. If you ever decide to exercise any of the above rights or to terminate your EX.CO Account, you may do so by emailing us at support@ex.co.

California Residents

This part of the Privacy Policy addresses the specific disclosure requirements under the California Consumer Privacy Act of 2018 (Cal. Civ. §§ 1798.100–1798.199) and the California Consumer Privacy Act Regulations by the Attorney General (collectively, “CCPA“).

Collecting Personal Information

In the preceding twelve (12) months, we have collected the following categories of Personal Information:

 

Category of Personal Information CollectedPersonal Information CollectedSources of Personal InformationBusiness Purpose for Collection
A.    IdentifiersFull name, email address, postal address, social media identifier, IP address, account nameDirectly from consumers upon subscription.

Directly or indirectly from activity on our Website by cookies or other tracking technologies.

From third parties that interact with us, including social networks and other publicly available sources.

To provide you with our Websites.

To improve our Websites.

To detect and prevent fraud or illegal activities.

To respond to your requests and inquiries, and communicate with you.

Direct marketing purposes – we may use the contact details you provided us to send you promotional offers.

To perform research, technical diagnostics, analytics or statistical purposes.

Information is also sold to business partners for commercial purposes (e.g. to advertisers)

To charge our Customers for the Services provided by us.

B.    Personal Information Categories listed in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e))Name, image, address.
C.    Internet or Other Electronic Network Activity InformationThe referring page that linked you to our Websites, browsing history, interaction with our WebsitesDirectly from consumer’s device by using cookies or other tracking technologies.

 

D.   Geolocation DataCountry, State and cityDirectly from consumer’s device by using IP address, or as directly submitted by the consumer, or as made available on publicly available sources.
E.    Professional or employment-related informationCompany name, roles of relevant Customer employeesDirectly from correspondence with users.

From Customer’s website, social media page or other publicly available resources.

F.    Commercial InformationRecords of products or Services purchased by usFrom our databases of historical transactions.

 

Personal Information under the CCPA does not include:

  • Publicly available information from government records.
  • De-identified or aggregated consumer information.
  • Information exempted from the California Consumer Privacy Act (CCPA), such as:
    • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA);
    • Personal Information covered by certain privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We disclose your Personal Information to third parties for a business purpose. When we disclose Personal Information for a business purpose, we enter into a contract that describes the purpose and requires both parties to keep that Personal Information confidential and not use it for any purpose except in the performance of the contract.

In the preceding twelve (12) months, we have disclosed the above-mentioned categories of Personal Information with the following categories of recipients for a business purpose:

  • Our business partners;
  • Our affiliates;
  • Service Providers (as defined under the CCPA).

Selling Personal Information

We may sell (according to the CCPA definition of a “sale”) your Personal Information to third parties and businesses for commercial purposes.

If we were to sell your Personal Information, you have the right to opt-out of the sale – see below for more information on how to exercise your rights under the CCPA.

In the preceding twelve (12) months, we have not sold your Personal Information.

Consumer Rights under the CCPA

Access to Personal Information

If you are a Website Visitor or a Customer who is not communicating with us as an employee, owner, contractor, director or officer of a company, partnership, sole partnership, non-profit or government agency you may request that we disclose to you the categories and specific pieces of Personal Information that we have collected about you, the categories of sources from which your Personal Information is collected, the business or commercial purpose for collecting your Personal Information, the categories of Personal Information that we disclosed for a business purpose, any categories of Personal Information about you that we sold, the categories of third-parties with whom we have shared your Personal Information, and the business or commercial purpose for selling your Personal Information, if applicable.

Deletion Requests

If you are a Website Visitor or a Customer, you have the right to request that we delete any Personal Information collected from you and retained, unless retaining the information is necessary for us or for our service providers to:

  • Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers, subcontractors, and consultants to delete) your Personal Information, unless an exception applies.

Right to Opt-Out of the Sale of Personal Information

In the preceding twelve (12) months, we have not sold your Personal Information.

In the event that we sell your Personal Information, you have the right to submit a request to opt-out of the sale of your Personal Information. You may change your decision at any time and permit us to sell your Personal Information.

After you opt-out, we may continue to share some Personal Information with our partners (who will function as our service providers in such instance) to help us perform business-related functions such as, but not limited to, providing the Service, ensuring that the Service is working correctly and securely, providing aggregate statistics and analytics and/or preventing fraud. If you access our Platform from other devices or browsers, visit the links below from those devices or browsers to ensure your choice applies to the Personal Information collected when you use those devices or browsers.

Additionally, although clicking the “Do Not Sell My Personal Information” link will opt you out of the sale of your Personal Information for advertising purposes, it will not opt you out of the use of previously collected and sold Personal Information (except for Personal Information sold within 90 days prior to your exercising your right to opt-out) or all interest-based advertising. If you would like more information about how to opt-out of interest-based advertising in desktop and mobile browsers on a particular device, please visit http://optout.aboutads.info/#/ and http://optout.networkadvertising.org/#. You may also download the AppChoices app at http://www.aboutads.info/appchoices to opt-out in connection with mobile apps, or use the platform controls on your mobile device to opt-out.

Exercising Your Rights

You can exercise your rights (such as access and deletion) via our Platform, where you can use tools to view, rectify, download, deactivate and delete your data.

In addition, to request access to your Personal Information or request deletion of your Personal Information, you can also submit a verifiable consumer request to our email address: ccpa@ex.co.

Only you or a person authorized to act on your behalf may make a consumer request related to your Personal Information.

The request must:

  • Provide sufficient information to allow us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
  • Describe your request with sufficient details to allow us to properly understand, evaluate, and respond to it.
  • We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

You may only request a copy of your data twice within a 12-month period.

If you have any general questions about the Personal Information that we collect about you how we use it, please contact us at ccpa@ex.co.

Response Timing and Format

Our goal is to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing within the first 45 days period. We will deliver our written response, by mail or electronically, at your option. Any disclosures we provide will cover only the 12-month period preceding the request. If reasonably possible, we will provide your Personal Information in a format that is readily useable and should allow you to transmit the information without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

In case of rejection, the response we provide will explain the reasons for which we cannot comply with your request.

Please note that these CCPA rights are not absolute and requests are subject to any applicable legal requirements, including legal and ethical reporting or document retention obligations.

Designating Agents

You can designate an authorized agent to make a request under the CCPA on your behalf if:

  • The authorized agent is a natural person or a business entity registered with the Secretary of State of California; and
  • You sign a written declaration that you authorize the authorized agent to act on your behalf.

If you use an authorized agent to submit a request to exercise your right to know or your right to request deletion, please mail a certified copy of your written declaration authorizing the authorized agent to act on your behalf using the contact information below.

If you provide an authorized agent with power of attorney pursuant to Probate Code §§ 4000–4465, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.

Do Not Track Signals

Because there is not yet a consensus on how companies should respond to web browser-based or other “Do Not Track” (“DNT“) mechanisms, we currently do not respond to web browser DNT signals that provide a method to opt out of the collection of information about online activities over time and across third-party websites or online services. We may revisit our policy on responding to these signals, in which case we will post a revised privacy policy on this site.

 

Children privacy

We do not knowingly collect or solicit Personal Information from anyone under the minimum age for providing consent in the jurisdiction they reside in (“Age of Consent“) or knowingly allow such persons to register as Customers. By accessing or using our Platform, you certify to us that you are at the Age of Consent. In the event that we learn that we have collected Personal Information from a child under the Age of Consent without verification of parental consent, we will delete that information upon discovery. If you believe that we might have any information from or about a child under the Age of Consent, then please contact us at support@ex.co.

 

Information collected by third parties

Some of our third party partners may obtain Personal Information from you if you voluntarily submit such information. We are not responsible for any information collected by such third parties, or their privacy practices. Therefore, you should always review their privacy practices carefully before providing Personal Information to such third parties.

When you make purchases through our Platform, we process your payments through a third-party payment processor. In these instances, the third party application may collect certain Personal and Financial Information from you to process a payment on behalf of EX.CO, including your name, email address, address, credit card number and other billing information in which case the use and storage of your personal and financial information is governed by the third party application’s terms and condition and privacy policy.

 

Retention

We will retain your Personal Information for as long as necessary to provide our Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods shall be determined taking into account the type of information that is collected and the purpose for which it is collected for, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time.

 

Protecting your information

We have implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of your Personal Information.

Your EX.CO Account information is protected by a password for your privacy and security. You need to help us prevent unauthorized access to your EX.CO Account by protecting your password appropriately and limiting access to your account by signing off after you have finished accessing your EX.CO Account. You will be solely responsible for keeping your password confidential and for all use of your password and your EX.CO Account, including any unauthorized use.

While we seek to protect your information to ensure that it is kept confidential, we cannot guarantee the security of any information. You should be aware that there is always some risk involved in transmitting information over the internet and that there is also some risk that others could find a way to thwart our security systems. As a result, while we strive to protect your Personal Information, we cannot ensure or warrant the security and privacy of your Personal Information or other content you transmit using the Platform, and you do so at your own risk. Thus, we encourage you to exercise discretion regarding the Personal Information you choose to disclose.

 

Changes to our Privacy Policy

We reserve the right to change this Privacy Policy at any time, so please re-visit this page frequently. We will provide notice of substantial changes of this Privacy Policy on the Platform or we will send you an e-mail regarding such changes to the e-mail address that you volunteered. Such substantial changes will take effect seven (7) days after such notice was provided on any of the above-mentioned methods. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date, and your continued use of the Platform after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes.

 

Have any questions or comments? Contact us!

If you have any comments or questions about our Privacy Policy, you can always contact our Data Protection Officer, either at dpo@ex.co  or by postal mail:

Playbuzz Ltd.

Attn: Data Protection Officer

5 Aluf Kalman Magen St.

Building A, 1st Floor

Tel Aviv, 6107077

Israel

If you reside in the EU you may also approach our representative at the UK:

Playbuzz UK Limited

Formal Address: 37 Broadhurst Gardens

London, NW6 3QT, UK