EU and UK General Data Protection Regulation (GDPR) Privacy Policy Addendum

Last updated October 26, 2022

If you are located in the European Economic Area (EEA) or in the United Kingdom (UK), the EU General Data Protection Regulation (GDPR) and the UK GDPR, respectively, provide you with additional rights regarding our collection and use of your personal data. This Addendum describes those additional rights and is intended to supplement Onemata’s Privacy Policy. If you are not located in the EEA or in the UK, this Addendum does not apply to you.

Data Controller

 

Onemata acts as data controller by collecting and processing personal data you provide us. We also act as a data controller when we process your personal data received or obtained through third-parties. For our contact information, please refer to the Contact Us section.

 

What Personal Data Do We Collect?

 

We collect different types of personal data depending on the source of the information, which are third parties, information collected automatically, and information you give us directly.

 

Personal Data from Third Parties: Most of the information about you we collect is obtained from trusted third-party data partners, and the personal data we collect from them includes:

  • Information about your mobile device, which includes:

    • Its mobile advertising identifier (MAID) also known as a IDFA for Apple products or a GAID or AAID for Google/Android products

    • Its coarse and/or precise geolocation, comprised of latitude, longitude, time stamp of when its location was observed, country of where its location was observed, speed of movement when its location was observed, and the horizontal and vertical accuracy of the latitude/longitude coordinates

    • Available or connected wifi SSID and/or BSSID names

    • Internet protocol (IP) address

    • Operating system (OS)

    • User agent (i.e. browser identification)

  • Encrypted hashed email address

  • Cookie identifiers and web activity

 

Personal Data Collected Automatically: We also automatically collect and store certain types of data about your use of Onemata’s website. Like most websites, we use “cookies” and other unique identifiers, and we obtain certain types of information when your web browser or device accesses Onemata’s website, onemata.com. Examples of this type of data include:

  • The date and time of your visit to onemata.com

  • The IP address used to connect your computer or device to the internet

  • The type of browser and operating system used to visit onemata.com (if provided by the browser)

  • The uniform resource locator (URL) of the website referring you to onemata.com (if provided by the browser)

  • The webpages seen during the visit to the onemata.com domain

 

For more information on cookies, and how we collect and use them, click here.

 

Personal Data You Give Us: You can voluntarily provide us your contact information through onemata.com and information regarding you, your business and your/its needs. Your choice to submit personal data is completely voluntary, and to indicate your consent you will be required to opt-in to our collection of such data before it is first provided to us through the website. Examples of the personal data we would collect when you choose to provide it include:

  • First and Last Name

  • Email address

  • Phone number

  • Employer

  • Any free-text information you provide in the comment box

 

For more information on how we collect and use this voluntarily provided information, click here.

How Do We Source Your Personal Data?

 

We collect most of our personal data about you from a network of trusted third-party data originators and compilers. These third parties include publishers (such as mobile applications, or “apps”, and desktop and mobile websites), software development kit (SDK) networks, data brokers and marketing services companies.

We also collect personal data through publicly available sources, such as search engines or websites.

Information About Persons Under 16 Years of Age

 

We do not knowingly collect personal information from minors under 16 years of age in the EEA or UK unless we have received legal consent to do so. If we learn that personal information from such EEA or UK residents has been collected, we will take reasonable steps to remove their information from our database (or to obtain legally required consent).

 

How Do We Use Your Personal Data?

 

Onemata compiles the personal data collected from our network of trusted data partners and from publicly available third-party sources to provide a variety of data products and services to our customers. These products and services assist our customers provide more targeted, efficient and relevant marketing and communications, and/or enable them to perform research and attribution and create analytics for various purposes, such as to better understand their consumers. More specifically, our products and services are intended for general audience segmentation for ad targeting (i.e. building segments of an audience based on preferences), device presence/movement analysis (i.e. determining movement in a particular area), competitive location information (i.e. analyzing high-density areas or repeat occurrences between physical locations), market research (i.e. tracking consumer trends based on device presence/movement concentration), and more.

 

Onemata also uses personal data to develop derivative products or variations of data-derived products or software solutions. For example, we may utilize an IP recognition data set to enhance a web chat to identify website visitors before they enter any information, link hashed email addresses to mobile advertising identifiers (MAIDs), develop derivative search engines and application programming interface (API) products.

 

Onemata also uses personal data for internal purposes, including quality checking (i.e. validating our collected data sets), for our own B2B (business-to-business) sales and marketing purposes, and to operate, maintain and improve the products and services we offer. We may also use and share personal data for legal, auditing and accounting purposes, such as in good faith compliance with a request from law enforcement or a governmental agency; to evaluate or enhance the security or quality of our information; or to detect, prevent and investigate security incidents and illegal, deceptive or fraudulent activity. Additionally, in the event of any potential merger or acquisition, any personal data we hold will likely be transferred to the successor entity and shared with others in preparation or anticipation of such an event such as legal due diligence.

 

Onemata does not use automated decision making or profiling which produce legal effects or significantly affect you in any of the processing detailed above.

 

How Does Onemata Collect and Use Personal Information From its Website?

 

As part of our normal business practice, we use onemata.com to facilitate communication with the general public and our potential and existing customers. As part of that process it is often necessary, but completely voluntary, to collect your personal data. For example, if you are a potential customer seeking information about our products or services, you can provide us your contact information through onemata.com and information regarding your business and its needs. By entering your personal data and opting in on onemata.com, you are providing your consent for us to use your data for the purposes described below, and, if you are a current customer of ours, for purposes of enabling us to fulfill our contractual obligations to you. If you choose to submit any personal data to us through onemata.com by completing forms containing personal data and pressing the “send,” “get started,” “submit,” or similar buttons, such data may be used and shared by us as described below.

 

We use and share the personal data we collect from you within our organization, which includes representatives, agents, and third-party service providers to respond to your immediate request, to verify your authority to enter certain sections of onemata.com, to offer you other products or services that we believe may be of interest to you, and for future contact and communication with you. We may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered. We may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your personal data (such as your email, name, and telephone number) is not transferred to the external business partner. Onemata also uses personal data for internal purposes as described above.

 

We occasionally hire other companies to provide limited services on our behalf, such as handling the processing and delivery of mailings, providing customer support, processing payment transactions, or performing statistical analysis of our services. We will only provide those companies the minimum necessary personal data they need to deliver the service. They are required to maintain the confidentiality of your information and are prohibited from using that data for any other purpose. Except as described above, we do not sell, lease or disclose our customer lists to third parties.

 

Users of our website are under no statutory or contractual requirement or other obligation to provide personal data to us via our website.

 

What is our Lawful Basis for Using Your Personal Data?

 

We collect and process your personal data only where we have lawful bases for doing so under applicable EU and UK laws. The legal bases depend on the purpose of the processing, as outlined below:

 
Purposes of Processing
Legal Bases
In connection with an acquisition, merger, or sale of or business, or associated due diligence activities
● We have legitimate interests (which are not overridden by your data protection rights and interests)
To market and promote our products and services
● You have provided your consent to us to do so ● We have legitimate interests (which are not overridden by your data protection rights and interests)
For internal research and development
● We have legitimate interests (which are not overridden by your data protection rights and interests)
To protect our legal rights and interests
● We have legitimate interests (which are not overridden by your data protection rights and interests)
To process a request to exercise a right to your personal data and to verify your identity in order to comply with such a request
● You have provided your consent to us to do so ● To protect your vital interests
To comply with a good faith request from law enforcement or a regulatory body
● For compliance with a legal obligation
To monitor, prevent, detect or investigate fraudulent or illegal activity
● To protect your vital interests ● We have legitimate interests (which are not overridden by your data protection rights and interests)
To use your cookies as described in our Cookie Policy
● You have provided your consent to us to do so
To respond to an inquiry you submit on our website
● You have provided your consent to us to do so
To provide data products and services to our customers for various analytical, research and advertising/marketing use cases
● You have provided your consent to a third-party to collect and sell your personal data to entities such as us for the purposes described

Who Your Personal Data May Be Shared With

 

As described above, during Onemata’s normal business operations we may share your personal data with customers or third-party service providers. These entities fall into the following categories:

  • Advertising networks (e.g., demand-side platforms, agency trading platforms)

  • Agencies and advertisers

  • Data brokers

  • Data analytics providers

  • Marketing research providers

  • Information services and publishers

 

How Long Do We Keep Your Personal Data?

 

Onemata keeps your personal data only for as long as we need it for our legitimate business purposes or to provide you with the services you have requested.

 

We may also be obligated to retain your information for legal reasons such as when asserting our rights or assisting you with the exercise of your rights.

 

International Data Transfers

 

Onemata sometimes transfers personal data outside the EEA and UK for purposes described in our Privacy Policy and this Addendum. The countries to which your information may be transferred may not have an adequacy decision issued by the European Commission or UK Secretary of State and may not provide for the same level of data protection as the EEA or UK. In that case, we will require that the recipient of your personal data provide an adequate level of protection in the manner described in Art. 46 of the EU GDPR or UK GDPR, or we will ask you for your prior consent to such international data transfers.

 

Your Rights Over Your Personal Data

 

You have rights (with some exceptions and restrictions) to:

  • Request access your personal data which we maintain, and if you choose, receive a copy of such data

  • Request correction or updating of any of your personal information which we maintain that is inaccurate or request that incomplete personal information is completed

  • Request we erase your personal information which we maintain

  • Request restriction of processing the personal information about you which we maintain

  • Request your personal data which you have provided directly to us to be provided to you or another data controller in a structured, commonly use and machine-readable format

  • Object to receiving marketing and any associated profiling

  • Object to processing of your personal information that we perform using the legitimate interest lawful basis

 

For any processing of your personal data we perform based solely on your consent, you have the right to withdraw that consent at any time.

 

You make exercise any of the above rights regarding your personal data collected and processed by Onemata by completing our Request Form. Onemata will honor your rights to the extent required by the EU or UK GDPR. Please be sure to complete the form in its entirety so we are able to identify you in our records. The data you provide us in the form will only be used to locate your personal data in our records and carry out your request, as necessary. Upon receipt of a request, we will verify your identity and your EEA or UK residence, as appropriate, for security purposes and as required under Union or UK law. For instance, if you request categories or specific pieces of personal data we have collected or shared about you, you may need to provide a piece of identification that confirms you are the person you claim to be.

 

We will review all requests and comply as necessary under applicable law. If we are unable to complete your request, we will provide you additional information about the reasons that we could not comply with your request.

 

You also have the right to complain to your local data protection authority about our collection or use of your personal data. A listing of European National Data Protection Authorities is available here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

 

Privacy Policies of Other Websites

 

The Onemata website contains links to other websites. Our Privacy Policy and this Addendum apply only to our website. If you click on a link to an external website, we encourage you to read their Privacy Policy.

 

Contact Us

 

You may contact us or our Data Protection Officer by using the contact information below:

 

By email: privacy@onemata.com

By telephone: (833) 663-6282

By mail:   Onemata Corporation

                  2420 W 26th Ave

                  Denver, Colorado 80211

                  Attention: Data Protection Officer