SteelHouse Privacy Notice
Effective Date: January 1, 2020
For the purposes of users of the site located in the EU, we are the controller of any information we may collect when you visit our Site. Lee Stevens, with the contact email address firstname.lastname@example.org, is our representative in the EU for the purposes of the GDPR. Our data protection officer can be contacted at email@example.com.
Please read this policy carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process your personal data.
Section 1: Our Corporate Website
We may collect a variety of information when you visit our Site. We collect certain personal information when you contact us, request services, or otherwise provide it to us. This personal information will be any of your name, email address, phone number, and any other such information you provide to us.
We may also collect certain technical information when you visit the Site. This type of information is your country, city, browser type, operating system, service provider, the areas you visit on the Site, time and date of your visit, and Google Analytics client ID. We may collect this technical information through cookies, web beacons, or other similar technologies. We may combine personal and technical information together.
How We Use Information
As it is in our legitimate interests to be responsive to you and to ensure and improve the proper functioning of our Site, we may use any of the information we collect for the following purposes:
- To respond to your inquiries and requests;
- To provide you with any services you request;
- For internal purposes, such as recordkeeping, and to operate our business;
- To operate and improve the Site;
- To perform analytics and research;
- To comply with law and to maintain the security of the Site; and
- As otherwise disclosed at the time of collection or use.
We may share the information we collect with the following third parties:
- Service providers or agents that perform services on our behalf including: Facebook, Salesforce, Linkedin, and Google Analytics;
- As part of a corporate sale, merger, or acquisition, or other transfer of all or part of our assets including as part of a bankruptcy proceeding;
- Pursuant to a subpoena, court order, governmental inquiry, or other legal process or as otherwise required by law, or when we believe it is necessary to protect our rights or the rights of third parties; and
- With your consent or as otherwise disclosed at the time of data collection or sharing.
We may share information with third parties that has been anonymized and aggregated. We require all advertisers or publishers to disclose any third party data collection and use and provide an opt-out: http://optout.networkadvertising.org/
As a member of the Network Advertising Initiative (“NAI”), we adhere to the NAI Code of Conduct. Click here if you would like further information regarding the DAA principles and here if you would like information about the NAI Code of Conduct.
Social Media Tools and Links to Other Websites
The Site may include social media tools or “plug-ins”, such as social networking and blogging tools offered by third parties. These social media companies may collect information about you and may use and share such information in accordance with your social media account settings, including by sharing such information with the general public. Your interactions with third-party social media companies and the use of their features are governed by the privacy policies of the social media companies that provide those features. We encourage you to carefully read the privacy policies of any social media accounts you create and use.
Your Choices: Analytics
We use Google Analytics to improve the performance of the Site and our Services and for analytics and marketing purposes. For more information about how Google Analytics collects and uses data when you visit our Site or use our Services, visit https://www.google.com/policies/privacy/partners/, and to opt out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout/.
How long do we store your personal data?
If you contact us we will add your information to our data base so we can communicate with you. You can request deletion of your information by following the process set out in Section 3 below.
Section 2: Marketing Services
Where we use any of your information that includes personal data in order to provide the Services of serving to you advertisements that may interest you, we are acting as joint controllers with our customers and the companies assisting us to serve the advertisements, including the publisher (i.e. the owner of the applications and websites on which advertisements are displayed).
In our contracts with these partners, they are allocated the responsibility under the GDPR for providing the required notices, obtaining any necessary consents and facilitating the exercise of your data subject rights. We work with the IAB UK to ensure that the data we collect from our affiliates and ad technology partners (as further described in The Information We Collect) is processed with your consent. SteelHouse is a registered vendor under the Transparency and Consent Framework provided by IAB Europe. To learn more about this framework, please visit the IAB Europe page.
The Information We Collect
Through the provision of our Services we collect various types of information from our customers, affiliates and ad technology partners, including from:
- Our Customers, who may provide advertising IDs, IP addresses and hashed email addresses.
- Our Affiliates, who may provide information about your device, such as device identifier, model, network provider, browser type, language, IP Address, Information about mobile application usage, how you interact with applications you use and advertising you see, precise location information (only with your consent), device type, information about the app, such as the version, information about your mobile advertising identifiers such as your advertising ID and other information about you, including interests, age, gender.
- Mobile Measurement Partners (MMPs), which measure how you interact with an advertisement and may provide us with impressions, clicks, timezone, city, language, conversion duration, connection type, application version, and level of interaction and your advertising ID.
- Publishers (i.e. the owners of the applications and websites you use), Ad exchanges, Ad Networks, Supply Side Platforms, Direct Marketing Platforms and other ad technology companies, who assist with providing targeted advertisements, including information about your device, such as device identifier, model, network provider, browser type, language, IP Address, Information about mobile application usage, how you interact with applications you use and advertising you see, precise location information (only with your consent), device type, information about the app, such as the version, information about your mobile advertising identifiers such as your advertising ID and other information about you, including interests, age, gender.
How We Use the Information We Collect
We use the information we collect through the Services on the basis of our legitimate interest in running and improving our ad technology business to select and deliver targeted advertisements to a user’s browser or mobile apps and other uses such as:
- Analytics and research;
- Providing and improving the Services, including to build segment profiles for marketing purposes;
- To prevent fraud and enforce our terms of service;
- For our own marketing and advertising purposes; and
- Reporting, attribution and frequency capping.
In order to be able to serve advertisements to you that you may wish to see, we may combine data and link your activities across devices and websites.
We may share the information we collect through the Services with the following categories of third parties for the following purposes:
- Service providers that perform services on our behalf, including analytics and research;
- to our customers to provide the Services to our clients, including customizing advertising and reporting on the performance of that advertising;
- With our affiliates in order to provide and enhance the Services and the affiliates services;
- in response to a legal process, such as a subpoena or court order, or as otherwise required by law, or to protect our rights or the rights of a third party;
- to investigate, prevent, or take action regarding alleged or actual illegal activities, violations of the applicable terms, or as otherwise required by law;
- publishers (i.e. the owners of the applications and websites you use), Ad exchanges, Ad Networks, Supply Side Platforms, Direct Marketing Platforms and other ad technology companies, who assist with providing targeted advertisements for the purpose of serving you with contextual and/or targeted ads that are relevant to you and may interest you;
- To help them understand how Users are engaging with ads, what kind of Users are most engaging with certain types of ads on their Property, and what kind of ads are published on their Property;
- With other third parties to receive additional data on you from sources other than the publisher’s application or website in order to help analyze and enrich the information collected on you, as well as serve you with more relevant and targeted ads;
- Any other purposes disclosed to you at the time we collect your information or with your consent; and
- As part of a corporate sale, merger, acquisition, or other business transaction, including as part of a bankruptcy proceeding.
For a full list of the third parties which we work with, please click here.
Where do we store your personal data?
As we are United States company, any information provided to us, will be stored, processed, and transferred within, or to, the United States. Please be aware that the US and jurisdictions other than the one in which you are located will not have the same data protection laws as your own jurisdiction.
Your personal data is also processed by staff or service providers operating outside the EEA in the United States, who work for us.
Where we receive your information from publishers, advertisers or other adtechnology partners, and they are located in the EEA, we enter the Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2010/87/EU (Controller-to-Processor Model Clauses).
As part of our Services we collect information across non-affiliated websites over time. We collect this information to make inferences about your interests in order to provide advertising relevant to you based on those interests. This practice is known as interest-based advertising.
You can use your device settings, such as “Limit Ad Tracking,” to exercise choice regarding our collection and use of information for interest-based advertising from websites and mobile applications on your device. You can also limit our collection of precise location data through your device settings. For more information on your choices, including to opt out of receiving interest-based ads from many third parties, please go to: http://optout.aboutads.info/. For more information about opting out on mobile devices, please go to: https://www.networkadvertising.org/mobile-choice.
Many browsers (including Internet Explorer, Firefox, and Safari) allow you to set a Do Not Track (DNT) signal on your browser so that third parties (particularly advertisers) know you do not want to be tracked. We follow DNT settings. You can usually access your browser’s DNT option in your browser’s preferences.
Note that if you exercise choice regarding interest-based advertising you will still see advertising in websites and mobile apps, but those ads may be less relevant to your interests. Data may still be collected from your device with your consent for purposes other than interest-based advertising after you make your choices. If you use different devices, or reset your device identifier, you may need to make your choices again.
California law permits California residents to request certain information regarding our disclosure of personally identifiable information to third parties for their direct marketing purposes. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year. To make such a request, please contact us at firstname.lastname@example.org.
Retention of data
Targeting data is stored 30 days from the last website visit. Reporting data is stored for the duration of the contract. Reporting data maybe be deleted at the advertiser’s request.
Section 3: Other General Privacy Practices for the Services and Site
We implement reasonable security measures to help protect the security of information we collect through the Site.
In certain circumstances you have rights in relation to the personal data we hold about you. We set out below an outline of, and how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights. To exercise any of your rights, please email email@example.com. Please note that for each of the rights below we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.
- Access: You have the right to know whether we process personal data about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.
- Portability: in certain circumstances, you have the right to receive or ask us to provide your personal data to a third party in a structured, commonly used and machine-readable format, although we will not provide you with certain personal data if to do so would interfere with another’s individual’s rights (e.g. where providing the personal data we hold about you would reveal information about another person) or where another exemption applies (we can only do so where it is technically feasible; we are not responsible for the security of the personal data or its processing once received by the third party).
- Correction: You have the right to require us to correct any personal data held about you that is inaccurate and have incomplete data completed.
- Erasure: You may request that we erase the personal data we hold about you in certain circumstances e.g. where you believe it is no longer necessary for us to hold the personal data or object to our processing.
- Restriction of Processing to Storage Only: You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in certain circumstances.
- Objection or restriction of processing: You have a right to require us to stop processing the personal data we hold about you in certain circumstances (and require us to delete it or continue to store it). Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process or retain such data or if we need to retain it in relation with any legal claims.
Withdrawal of Consent
- Where you have provided your consent to us processing your personal data, you can withdraw your consent at any time by https://steelhouse.com/opt-out/
California Residents – California Consumer Privacy Act (“CCPA”)
The California Consumer Privacy Act (“CCPA”) provides California residents with the right to request certain information regarding our collection of personal information from California consumers. If you are a California consumer, you have a right to request the following:
- The categories of personal information we may have collected about you;
- The categories of sources from which the personal information may have been collected;
- The business or commercial purpose for collecting or selling personal information;
- The categories of third parties with whom we share personal information; and/or
- The specific pieces of personal information we may have collected about you.
If you would like to request that Steel House not “sell” your personal information as that term is defined under CCPA, you may contact our Data Protection Officer with your “do not sell my personal information” request as follows:
Phone: (888) 978-3354
You may also request that Steel House delete your personal information by contacting us at the email or phone number provided above. Please understand that Steel House is required by CCPA to first verify any request received prior to complying with any CCPA request.
In some instances, Steel House is not required by CCPA to delete personal information. In such instance, Steel House will notify you if your personal information was unable to be deleted for one of the permitted exceptions under CCPA.
If you would like to opt out of receiving Steel House advertisements, please click below and click “opt-out” to exercise your “Do Not Sell My Personal Information” right under CCPA.
Objection to Marketing
- At any time you have the right to object to our processing of data about you in order to send you promotions, special offers and marketing, including where we build profiles for such purposes and we will stop processing the data for that purpose.
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at firstname.lastname@example.org and we will endeavour to deal with your request. This is without prejudice to your right to launch a claim the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
Changes to This Notice