Privacy Policy

Data Collected Through Website
Uses of Collected Information
Sharing Collected Information
Information We Collect, Receive
How We Use the Information
Consumer Privacy, Ad Choices
Third Party Data Sharing
Cookies, Pixels, and Mobile SDKs
Security and Data Integrity
Changes to this Privacy Policy
Do Not Track
Not Targeting Children Under 13
California Residents
European Data Protection, Transfer
Contact Us

We Respect Your Privacy

We provide this privacy policy (the “Privacy Policy”) to make consumers and our own clients better aware of our practices regarding how we collect, use and share their information. AtData, (“AtData,” “we” or “us”) provides a number of data services, generally involving gathering and managing data and creating data models, in order to help businesses send relevant, data-driven marketing communications and prevent fraud. This includes services to improve direct mail, email, and digital and social media ad campaigns, by targeting them to consumers’ interests, activities and demographics.

Please note: this Privacy Policy refers to how we collect and use information to provide services to our clients, and also how we use information that we collect from visitors to this website. We address each of those in separate Sections of this Privacy Policy.

Data Collected Through Our Website

We collect information on our website, both when it is voluntarily provided by website visitors and in some cases when we use technologies (like cookies) to automatically collect information. We discuss that information, and how we use and share it below.

Information Collected

AtData collects Information from users of our website(s) (including any page on which this Privacy Policy is posted), including:

The domain name and IP addresses of users’ web browsers.
Aggregate information on what users access, utilize or visit.
Information, including PII, voluntarily provided by you, such as survey information, requests for information, mailing addresses and email addresses.
Credit card or payment information, and any personal information related to it, if we provide a way to pay for our services online.

How AtData uses the Information We Collect Through Our Website

We use the Information we collect through our website(s) to do the following:

Create and manage your unique user account.
Provide services to you.
Respond to and communicate with you (including regarding news and updates about our services).
Send you offers and ads for our products and services, when you browse the website(s) or other companies’ websites on the Internet.
Perform data analyses (including market research).
We may combine the Information with other information we obtain from third parties, publicly available sources, and any other product or service we provide to further improve the relevance and effectiveness of our products and advertisements.
We may use IP addresses to help diagnose problems with our servers and to administer our website(s). We also may use IP addresses and cookies to help identify visitors to our website(s) for the duration of a session and to gather demographic information about our visitors. We may use clickstream data to determine how much time visitors spend on each web page of our website(s), how visitors navigate through the website(s), and how we may tailor our website(s) to better meet the needs of our visitors.
We use cookies and similar technologies (i.e., similar to those we have described in this Privacy Policy), both for our internal and operational purposes and to market to you (such as to retarget ads to you when you visit other sites across the Internet).
We also use the Information for compliance with our legal obligations, policies and procedures, including the enforcement of our Terms and Conditions.

How AtData Shares the Information We Collect Through Our Website

We may sometimes share or otherwise disclose the Information we collect about you, as described in this Privacy Policy or otherwise disclosed to you when you provide us with the information, including as follows:

We may share the Information with service providers, such as credit card processors, who help us deliver the services you request or we provide.
We may share the Information with service providers we use to communicate with you and market to you, including through email, direct mail or display media.
We will disclose your PII (or other information) if we believe in good faith that we are required to do so by law, regulation or other government authority or to protect the rights, safety or property of ourselves or any person or entity. We may also cooperate with law enforcement agencies in any official investigation and we may disclose any Information to the requesting agency in doing so.
If we or all or substantially all of our assets, are purchased by another company (such as in a merger, consolidation, restructuring, the sale of stock and/or assets, or other corporate change or financing transaction), the Information in our possession will likely be transferred to the successor entity. We also may share the Information during the course of any due diligence process.

The Information We Collect and Receive

We receive information from various trusted companies and sources that collect and supply consumer data. We may also obtain data through public sources, like census data and other public files. And we may also collect certain information when you visit our website(s) or our marketing partners’ website(s).

This data includes what we refer to as Personally Identifiable Information (“PII”) and information tied to PII regarding persons’ demographics and interests, or purchase data. When we refer to PII we mean first and last name, postal address, mobile advertising ID, telephone number or email address.

We sometimes group data about consumers’ interests, demographics, or online and offline activities (including website visits) into aggregated “Audience Segments,” which may be connected to PII or to other unique identifiers (which we also explain below).

We also use unique, individual identifiers (“UIDs”) that we, or our marketing partners, create that are derived from PII but have been de-identified, through various means. These UIDs are often used in delivering online ads, for instance, and in deploying online “cookies.” We refer to these as “non-PII.” To learn more about “cookies” please go to Section 6 titled “Cookie Technology, Pixels and Mobile SDKs.”

We may receive these UIDs along with other “non–PII” (e.g., pages viewed, browser type, time and date of visits) that is based on website visits or email opens. This data may be used to improve the operation of these websites, improve visitors’ experience to the websites, to identify or remediate possible threats to the website’s security, and for other operational and management purposes, as well as for “retargeting” relevant offers to visitors based on web browsing activity.

AtData may also collect or receive information about consumers’ visits to websites and information regarding advertising exposure (“web log data”). Web log data may include browser type, IP address, type of ad served, and date of ad delivery. This information is used to optimize ad campaigns and measure their effectiveness. Web log data may also be used to provide ads about goods and services that are most likely to be of interest to individuals.

Like many marketing platforms and other companies, we may combine, link or aggregate the various data we collect or obtain in order to provide our services. For instance, we or a partner with whom we work may link a unique identifier based on a consumer’s visit to a website with other personal information about the consumer, to deliver cross-context advertising over the Internet, another device (such as a tablet or TV), or email or direct mail promotions. We refer below to all of the information we receive, collect, or create as the “Information” (whether used in combination or alone).

How We Use the Information

AtData uses the Information to provide its services, including those described on this website. That may include the following:

Tailoring direct mail and email campaigns, display, mobile and social media marketing to recipients more likely to be interested in those campaigns;
Measuring the effectiveness of any of the above campaigns, based on which ads are most likely to be opened or lead to purchases;
Enhancing our clients’ proprietary databases with more information about their customers (or prospective customers);
Creating aggregated Audience Segments (also referred to in Section 2) based on similar demographics and/or interests or preferences (e.g., theater-goers, sports fans, technology sector employees). These Audience Segments may consist of our marketing partners’ first party data, as well as our own proprietary data;
“Retargeting” consumers through direct mail, email, display, mobile and/or social media, such as by targeting ads to visitors of a client’s website. To do this, we or a marketing partners of ours may deploy and read unique identifiers (such as through online cookies) that enable the “retargeting” of consumers through other channels based on their web browsing experience, often by linking these identifiers to other personal information in order to direct tailored marketing experiences;
Matching one form of PII or UID to another form of PII or UID to better recognize and communicate with an individual across different marketing channels – sometimes called “identity resolution;”
Providing and supporting related data services, such as (but not limited to) information verification and data hygiene, record look-ups, anti-fraud, and other analytics and database tools.

Consumer Privacy and Your Ad Choices

You may learn more about companies that engage in various types of online targeted and retargeted advertising, some of whom we partner with, and also learn about how to opt out of receiving targeted emails from those companies, by visiting the DAA’s opt out page at http://www.aboutads.info/choices/. We also recommend visiting the opt-out pages offered by the Network Advertising Initiative. These “opt out” mechanisms rely on cookies, so if you browse the web from multiple browsers or devices, you will need to opt out from each browser and/or device to ensure that we withhold our Online Marketing Services on all of them. Similarly, if you use a new device, change browsers or delete all of your cookies, you need to repeat this opt-out function again.

Residents of the EU may have additional choices with respect to the Personal Data we process about them. Please see below Section 12 on European Data Protection and Data Transfer for more details.

You may click here to opt-out of AtData’s marketing services platform. When you opt out, we will cease sharing your Information with partners and clients for marketing purposes; however, opting out in this way will not immediately affect information that has already been passed to those partners or clients.

You also may request access to the personal information that we hold about you. If you wish to make such a request, please visit our Privacy Portal page here. When you make such a request, we will request that you reasonably verify your identity. You may also write to us at privacy@atdata.com to make such a request. Should you do so, please include the following personal information so that we can access any information we have about you: your name, home address, and email address(es). However, we recommend accessing the above online “Portal” rather than contacting us by email, in order to better ensure the completeness of your submission and our response.

How We Share Data with Third Parties

AtData may share the Information (including PII) with customers, marketing services and platforms, and service providers and vendors that we retain, in order to provide the services we have described above (or other services we may add). In addition to our customers, we may share the Information with the following:

Marketing Partners: We may share the Information, including PII and Audience Segments, with various marketing partners to help them and their own customers send more tailored targeted communications. We may also do so for analytical purposes, to measure campaign performance, or inform future campaigns, or to handle, analyze, or segregate the PII and other data that we handle for customers.
Corporate transfers: If AtData or its significant assets are acquired by or merged into another entity, the Information will be transferred to that entity. Some Information may also be shared in the course of due diligence for any such event.
Affiliates, parent companies and subsidiaries: AtData may share some or all of the Information with affiliated or subsidiary companies.
As Required by Law or to Protect Any Party: AtData may disclose Information if we believe in good faith that such disclosure is necessary to (a) comply with relevant laws or to respond to subpoenas, warrants, or law enforcement and government agency requests provided to us; or (b) to protect or otherwise defend the rights, property or safety of AtData or any other party.

Cookie Technology, Pixels and Mobile SDKs

As also described above, we and our business and marketing partners use cookies and similar technologies to provide marketing services, such as to target or re-target online ad campaigns, or to measure those campaigns. For instance, we or a partner may track a particular browser’s activities to determine if seeing an ad tends to make consumers’ more likely to visit a web page; or we and our marketing partners may target online or offline advertising to users who expressed interest in a product through online activities. Thus, we and others may set and access cookies, pixel tags and similar technologies on your device. We and others may, likewise, collect various types of information about your browser, device, or browsing activities through use of these cookies.

Cookies
Cookies are small data files that contain a string of characters, such as a unique browser identifier. Cookies are stored on your computer or other device and act as tags that identify your device. Our (or other companies’) servers send your device a cookie when you visit a website. We and other online marketing platforms may use cookies to, among other things, “remember” you when you visit a website or receive an email, determine visitor patterns and trends, collect information about your activities on our clients’ sites, or interact with the advertising you see. We use cookies to provide relevant content to you and replace non-relevant communications with ads that better match your interests.

Pixel Tags
A pixel tag (also known as a web beacon or clear GIF) is an invisible 1 x 1 pixel that is placed on certain web pages or email messages. When you access these web pages or open an email, pixel tags generate a generic notice of the visit, including the type of device being used, and permit us to set or read our cookies. Pixel tags are used in combination with cookies to track the activity on a site by a particular device. When you turn off cookies, pixel tags simply detect a given website visit or opening of an email message. For email messages, turning off the display of images will disable pixel tags.

Disabling Cookies
Most web browsers are set up to accept cookies. You may be able to set your browser to warn you before accepting certain cookies or to refuse certain cookies. However, if you disable the use of cookies in your web browser, some features of our services and other services may be difficult to use or become inoperable. In addition disabling cookies will not necessarily opt you out of interest-based marketing; we instead recommend the opt out methods described in Section 4 above.

Non-Cookie Technologies
In providing our services, we, our marketing partners, or our clients, may work with third-party companies that use techniques other than conventional HTTP cookies to recognize your computer or device and/or to collect and record information about your web surfing activity, including those integrated with our services. These technologies may not respond to browser settings that block conventional cookies, particular if you are using a Safari browser. You may opt out of some of these technologies by visiting the NAI’s opt out page at http://www.networkadvertising.org; however, if your browser is set to immediately delete or refuse opt-out cookies, or if you use a Safari browser, you may not receive the benefit of this opt-out, or your opt out cookies may be immediately deleted.

Links
This website may provide links to other websites that AtData thinks users will find interesting or useful. AtData is not responsible for the privacy practices of these other sites or companies.

Security and Data Integrity

AtData takes steps to help ensure that the Information we use is housed and transmitted securely. This may include various types of physical and electronic security, including firewall protections, encryption, hashing or truncation of data, and access controls to PII. While neither we nor any platform can guarantee 100 percent safety from hacks or illegal intrusion, we employ efforts to ensure that this does not occur.

Changes to this Privacy Policy

From time to time, we may update this policy. If you are interested in how we use Information to provide services, we recommend that you check back for any changes to this policy.

Do Not Track

Like most companies, we do not respond to “Do Not Track” signals sent by browsers: the industry has not reached a consensus as to how to fairly and uniformly implement and interpret such signals.

Our Website and Services Are Not Directed to Children Under 13

AtData is a business-to-business website and is not directed to children under the age of 13. Similarly, AtData’s services are not directed to nor intended for anyone under the age of 13. Whether for itself or for its clients, AtData will not knowingly collect or maintain personally identifiable information from or about anyone under 13.

Additional Disclosures for Residents of California

The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to individuals who reside in California. To learn more about California privacy rights and disclosures, view our Privacy Policy Addendum for California Residents.

European Data Protection and Data Transfer

European Law and the GDPR

As of May 25, 2018, a new data privacy law known as the EU General Data Protection Regulation (or the “GDPR”) will be in effect, through the EEA countries. The GDPR (and other European privacy laws) make a distinction between organisations that process Personal Data for their own purposes (known as “data controllers”) and organisations that process Personal Data on behalf of other organisations (known as “data processors”). The GDPR requires companies that are “Data Controllers” (which includes some of our clients) provide users with certain information about the processing of their “Personal Data.” “Personal Data” is a term used in Europe that means, generally, data that identifies or can identify a particular unique user or device – for instance, names, addresses, cookie identifiers, mobile device identifiers, precise location data and biometric data.

We sometimes process Personal Data relating to data subjects (i.e., persons) on behalf of these clients, and we therefore often enter into agreements to assist them in complying with their own obligations under the GDPR. However, if you have a question or complaint about how your Personal Data is handled, we encourage you to direct your inquiry to the relevant data controller, since data controllers are the ones with primary responsibility for your Personal Data.

On the other hand, we are data controllers of Personal Data that we collect from our own website, and from our own customers. As to that data, please note the following :

We rely on performance of our contracts, and our legitimate interests, as a legal basis for our processing of the data that we control. For instance, when we process and retain our customers’ Personal Data, or send information to companies that we believe are interested in our services, we rely on these legal bases;
We retain the data that we control for as long as is necessary or appropriate to fulfill the purpose for which the data was collected;
You may request access to, or deletion or correction of, the Personal Data that we hold about you by contacting us through the contact information listed in Section 13. If you request that we delete your Personal Data, we will remove you from our marketing lists, but will continue to maintain certain Personal Data where we have an important legal, accounting, billing or auditing reason to do so.

European Economic Area, Switzerland, and United Kingdom Visitors

This section applies to individuals from the European Economic Area, Switzerland, or the United Kingdom. For information about exercising rights under relevant laws, please refer to the “Your Rights” section below.

We may collect and process personal data about you where the laws of your jurisdiction permit it. We may rely on the following legal bases to process personal data about you:

Contract: It is necessary to process personal data about you to perform a contract with you or because you have requested we do something before creating a contract with you that requires we process personal data about you.
Legitimate Interest: There is a commercial or business interest that is important to us or others which we’ve balanced against your privacy rights. For example, we may process data collected through our Site for security purposes.
Consent: You have given your permission to use personal data about you. For example, you may provide your consent to certain marketing activities.
Legal Obligation: It is necessary to use personal data about you so that we can fulfil our legal and regulatory obligations, for example, to honor your legal rights or the rights of others.

Please be aware that the personal data we collect may be transferred to and maintained on servers or databases located outside your jurisdiction.

When transferring personal data to the U.S., AtData complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF“), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF“) as set forth by the U.S. Department of Commerce. AtData has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles“) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. AtData has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles“) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

For more information about AtData’s compliance with the DPF program, please visit our Data Privacy Framework Notice.

Your Rights

Residents of certain jurisdictions, including the EEA, UK, California, Connecticut, Colorado, Nevada, Utah, and Virginia have rights with respect to the personal data collected by AtData. You may be able exercise the following rights, subject to certain exceptions and limitations.

Right to confirm whether we are processing personal data about you.
Right to know the categories and specific pieces of personal data that we collect, use, or sell about you; the categories of sources from which we collected personal data about you; our purposes for collecting or selling personal data about you; the categories of personal data about you that we have sold or disclosed for a business purpose; and the categories of third parties with which we have shared personal data.
Depending on your jurisdiction, the right to receive a portable and readily usable copy of the personal data we have collected about you, to the extent feasible.
Right to correct inaccuracies in the personal data we have collected about you.
Right to request deletion of personal data we have collected about you.
Right to opt-out of (i) the sharing of personal data for targeted advertising or cross-context behavioral advertising; (ii) the sale of personal data; or (iii) profiling for decisions that have significant effects. Please note that if you opt out of certain practices, we may be unable to provide you with some services. Additionally, we do not knowingly sell or share personal data of individuals under 16.
Depending on your jurisdiction, you may have the right to restrict or object to processing of personal data in certain circumstances.
Right to withdraw consent you previously provided to processing personal data.
Right to nondiscrimination for the exercise of the above privacy rights.

You may exercise your rights by:

Submitting your request using our Privacy rights form;
Visiting our opt-out page to opt-out of the sale or sharing of personal data;
Mailing AtData, Attn: Privacy Officer, 770 Legacy Place, 2nd Floor, Dedham, MA 02026; or
Calling 332-245-4415.

If you are not satisfied with our response to your request, we hope you will reach out to us first at privacy@atdata.com. For residents of the EEA or the UK, if you are still unhappy, you have the right to complain to your Data Protection Authority. Additionally, for Colorado, Connecticut, and Virginia residents, if you have submitted a request that we have not reasonably fulfilled, you may contact us to appeal our decision by sending an email with the subject line “Appeal” to privacy@atdata.com.

Verification Process and Required Information. We may need to request additional information from you to verify your identity or understand the scope of your request. We will require you to provide, at a minimum, your full name and email address.

Authorized Agents. Depending on your jurisdiction, you may also designate an agent to make requests to exercise your rights. We will take steps both to verify the identity of the person seeking to exercise their rights as listed above, and to verify that your agent has been authorized to make a request on your behalf by providing us with a signed written authorization or a copy of a power of attorney.

Contact Us

If you have questions related to this policy, or regarding AtData’s products or services, please contact us at:

Privacy Officer
AtData
770 Legacy Pl
Dedham, MA 02026
privacy@AtData.com