33Across, Inc. and its corporate group affiliates (collectively, “33Across”) provides online publishers and marketers (our “Clients”) with a suite of products and technologies (“Products”, or “Technology”) that provide insights into how content is consumed and shared on their web sites, monetize this content, and drive incremental traffic.
When we refer to Personally Identified Information (“PII”) in this policy, we mean any information used or intended to be used to directly identify a particular individual, including name, address, telephone number, email address, financial account number, and government-issued identifier. We do not collect PII through Client websites via our Technology.
33Across collects only Device-Identified Information (“DII”) from the web pages where our Clients deploy our Products. When we refer to DII in this policy, we mean information that is linked to a browser, device, group of devices, but is not used or intended to be used to directly identify a particular individual. DII includes, but is not limited to, mobile device ID, hashed email address, the Internet Protocol (IP) address and metadata that your device uses to connect to the internet, browser type (for example Chrome, Safari or Mozilla), operating system (for example Windows or MacOS) and the URL of Client website pages or sections visited, as long as that data is not linked to PII.
Keep in mind that in certain contexts and jurisdictions, some information that we in this policy regard as DII, such as IP addresses, may nevertheless be regarded as “personal information” – for example, under privacy legislation in California and elsewhere. We do not, however, collect DII for visitors to Client websites whose IP address suggests that they are from European Economic Area (EEA) countries.
We collect PII exclusively on the 33Across Websites: our main company site (33across.com) and our publisher portal (platform.33across.com), when you choose to provide it to us. For example, you may choose to provide us PII about yourself by sending us an email, by completing an online form, or by registering for a login and password for the Products we offer. We use this information only to contact you to respond to your inquiry or manage your registered account.
Device Identified Information
33Across automatically receives and records certain DII from all visitors to our Websites, including your IP address, pages viewed, browser type, settings and language, the time/date of your visit to this Website, and the referring URL and your computer’s operating system. 33Across uses this DII to help diagnose problems with its server, analyze trends and administer the Website. However, keep in mind that some of this DII could be regarded as “personal information” under the privacy laws in California and elsewhere.
We use DII browser session cookies and persistent cookies in our Products and on our Website to provide, monitor, analyze, and improve our services. For more information about cookies please visit allaboutcookies.org.
We try and set cookies for first-time visitors to any of the sites that deploy our Technology or Products. If our cookie is already set on your browser, we know you are a returning visitor and log data using your existing cookie. You are always free to configure your browser to decline to receive cookies or clear your cookies, which will result in us treating you as a new visitor every time you encounter our Products on our Client websites. However, in order to stop data collection by 33Across, you have to explicitly opt out, as described in the next section of this document.
We do not combine information collected through cookies with PII you may have provided to us when you registered for our Products or submitted a form through our Website.
Some of our business partners (for example, Google Analytics) or Clients may set or use their own cookies on our Website or through the Products we provide. However, we have no access to or control over these cookies. Some of our business partners may engage in cross-device mapping. In other words, our business partners may link the cookie data we gather to device-identifiers concerning the same user. Our business partners may then share the cross-device mapping or other user data with us, for the purpose of personalized advertising.
Notification About Other Parties
The following disclosure is made pursuant to the California Online Privacy Protection Act: When you use our Website or websites of our Clients, other parties, such as Google, may collect DII about your online activities over time and across different websites or online services.
Our Cookie-less technology attaches a statistical DII to a user’s browser. This statistical DII is based primarily on the device’s IP address and metadata ordinarily present in the information sent between a user’s web browser and a web server. This metadata may include, for instance, the languages that the web browser accepts and prefers, the compression algorithm that the web browser accepts, and information about the browser type and version and operating system, vendor and version.
The statistical DII helps us to correlate an unnamed user to the URLs of Client website pages or sections that the unnamed user visited through their browser.
We refer to this as a “statistical DII” because it is not able to perform this correlation at 100% accuracy.
We also use two other different types of Cookie-less technologies. The first is a hashed (encoded) email address. Hashed encoding is a method that substitutes your actual email address with a long sequence of digits, and ensures that we cannot know what your email address actually is. Like other DIIs, the hashed email address is not used or intended to be used to directly identify you.
The second is mobile device advertising ID (MAID). This is a unique advertising-related identifier that is attached to your mobile device. Like other DIIs, the MAID is not used or intended to be used to directly identify you.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) gives data subjects who are in the EEA the right to review, rectify, or delete their personal information.
However, as of July 1, 2020 33Across’ Products and Technology no longer collect new personal data from data subjects in the European Economic Area. In addition, we have fully discarded all personal data we had from data subjects in the European Economic Area as of September 30, 2020.
California Rights and Choices
Click here to read our California Consumer Privacy Act (CCPA) notice.
Colorado, Connecticut, and Virginia Rights and Choices
Click here to exercise your right to access, correct, opt out, and delete personal information.
Nevada Rights and Choices
Click here to exercise your right to opt out of the sale of personal data to third parties.
The security of your information is important to us. We take security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include firewalls and encryption, internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems. We restrict data access to a subset of 33Across employees, contractors and agents who need to know that information in order to operate, develop or improve our Products and services. These individuals are bound by confidentiality and data security obligations and may be subject to discipline, including termination, if they fail to meet these obligations.
No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.
We retain contact information submitted by Clients as long as they are actively registered for our Products. Data about users who contact us via our Website is retained as long as their interaction with us is active. Data about inactive Publishers or Website users may be deleted as space requires or in the normal course of business. You can request that your data be removed from our records by contacting us at email@example.com.
We retain non-personally identifiable user activity data collected through our Products for 90 days. Statistical summaries and data aggregations across many users’ activities may be kept for longer periods.
The Website and Products are hosted in the United States. If you access the Website or Products from the European Union, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure that differ from United States laws, please be advised that through your continued use of the Website or Products, you are transferring your PII and DII to the United States and you consent to that transfer. Additionally, you understand that your PII and DII may be processed in the United States.
Protecting the privacy of children is very important to us. We do not knowingly collect any information from anyone under the age of 16 and no part of our Website or Products are designed specifically to attract people under the age of 16. If we are made aware that we have received any information from anyone under the age of 16, we will use reasonable efforts to remove that information from our records.
We do not rent or share your PII with non-affiliated third parties without your consent. We may, however, share your PII with trusted third-party contractors who provide services for us. These third-party contractors are prohibited from using the information we provide for purposes other than performing services for us.
We may share or sell DII collected on the Website or via our Technology with unaffiliated third parties. These also include third party marketing partners, with whom we share or sell DII for commercial purposes. For example, we may disclose to a marketing data broker that our online advertisements offering ‘sports car’ test drives receive more clicks than those offering ‘mini van’ test drives.
We may disclose your information to third parties when we reasonably believe we are obligated to do so by law, and in order to investigate, prevent, or take action regarding suspected or actual prohibited activities, including but not limited to, fraud and situations involving potential threats to the physical safety of any person.
Finally, in the event we are acquired by or merged with a third-party entity or undergo another change of control, we reserve the right to transfer information, including any PII and DII, to a successor entity. You understand that we may not be able to control how your information is used in the event of such a change of control.
Attn: Privacy Officer