EX.CO Technologies Ltd. (“we“, “us“, “Company“) prepared this Privacy Policy to explain to its Customers, Website Visitors and End Users (as defined below, and collectively, "you") how and why it collects Personal Data when you are using the online advertising platform ("Platform") and websites, including www.ex.co and www.playbuzz.com or any other site owned by us and which refers to this policy (collectively "Websites"; and together with the Platform - the "Services"). This Privacy Policy together with the cookie policies referred to below, and any other document referred to herein, constitutes an integral part of EX.CO's Terms and Playbuzz's Terms , all of which are incorporated herein by reference.

Our Websites may link to third-party sites which are not governed by this Privacy Policy, please be aware that we are not responsible for the privacy practices or the content of other sites. We encourage you to read the privacy statements provided by other sites as well.

If you do not agree to this policy, please discontinue, and avoid using our Services. You have the right to cease using the Services at any time, pursuant to this Privacy Policy and our Terms. You are not legally required to provide us with any Personal Data, but without it we may not be able to provide you with the best experience or full functionality of our Services.

FROM WHOM DO WE COLLECT PERSONAL DATA?

This Privacy Policy applies to Company’s collection, use, and disclosure of the Personal Data of the following categories of individuals:

Website Visitors: individuals who visit our Websites and who may volunteer certain contact data (such as their email address) to receive communications from Company.

Customers: those who register on their own or on behalf of an entity or organization to use any product(s) or service(s) within Company’s Platform, including administrators of a Company Account.

End Users: individuals who visit our Customers’ websites and whose Personal Data we process (on behalf of our Customers) in order to provide the Services to our Customers pursuant to our agreements with them.  

TYPES OF DATA COLLECTED AND PURPOSES

Depending on your interaction with us, we may collect two types of data from you:

“Non-Personal Data”   meaning aggregated, non-personal non-identifiable data, which may be made available or gathered via your access to and use of the Platform. We are not aware of the identity of the user from which the Non-Personal Data is collected. Such Non-Personal Data may include aggregated usage information and technical information transmitted by your device, such us browser version, operating system type and version, mobile network information, device settings, and software data.

“Personal Data”  (as defined under the GDPR) or “Personal Information” (as defined under the CCPA) meaning  individually identifiable data, namely data that identifies an individual or may, with reasonable effort, be used to identify an individual.

For the avoidance of doubt, any Non-Personal Data connected or linked to any Personal Data shall be deemed as Personal Data as long as such connection or linkage exists.

We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning a person's health, government identifiers, precise geolocation or data concerning a person’s sex life or sexual orientation (“Special Categories of Personal Data”).

The table below details the types of Personal Data we collect, the methods and purpose of such collection, and our lawful basis for processing such Personal Data (where the GDPR applies):

DATA TYPE

METHODS AND PURPOSE

LAWFUL BASIS

Contact Information

We ask for and collect our Customers, contact data (such as name and email address) as well as our Website Visitors and End Users' contact details  when they submit web forms on our Website (“ Contact Information ”).

We process Contact Information to provide you with opportunities and to allow you to receive email communications from us.  

 

We may also ask you to submit such Personal Data if you choose to use interactive features of the Services, including participation in surveys, requesting customer support, or otherwise communicating with us. We will send such communications in accordance with applicable law.

 

 

We process Contact Information subject to your consent. Further processing may be subject to our legitimate interest, for example for internal documentation and improvement of service purposes. We may also process Contact Information for the purpose of performing our contract with the data subject whose data is processed.

Log Files

Just as when you visit and interact with most websites and services delivered via the Internet, we may gather certain information from our Customers, Website Visitors and End Users and store it in log files. This information may include but is not limited to Internet Protocol (IP) addresses, system configuration information, URLs of referring pages, and locale and language preferences.

 

This also includes certain technical Personal Data that is recorded when you use our Services. This information may include but is not limited to WiFi information, operating system and device information, system configuration information, and other information about traffic to and from our or our Customers’ websites.

 ( "Log Files")

 

 

We process Log Files to understand how visitors use Company Websites, as well as to measure the effectiveness of our features and content. We further use this data to track conversions from ads and understand the effectiveness of our promotional campaigns, and remarket to people who have taken some action on the website.

 

 

In addition, data related to our  Websites helps us to better understand our business, analyze our operations, maintain, improve, design, and develop the Services and new products, conduct statistical analysis purposes, to test and improve our offers, and decide how to improve the Services based on the results obtained from this processing.

 

In addition, we Log Files data for operation, website functionality, security and fraud prevention purposes, debugging purposes and to resolve technical problems.

 

Data collected from End Users will also be used as part of and for the purpose of  providing our Services to Customers, who serve as the initial Data Controllers (or Businesses, as defined under the CCPA, where the End Users reside in US Privacy Laws). Company

 

 

Where we collect Log Files for analytic, operation and security purposes, we process your data based on (a) your consent, where such data is obtained through the use of tracking technologies (as described below), or (b) our legitimate interest. Our legitimate interest is providing you with our Services, providing monetization services to our Customers, and the performance of analytics, security and fraud detection, and campaign reporting.

 

Cookies and Other Tracking Technologies

We may use cookies and other information gathering technologies to collect information from Website Visitors.  

We process such data through our or third-party cookies and tracking technologies for analytic.

 

Where we collect such data for analytic purposes, we process the data based on your consent which we will obtain through our cookie notice and consent management.  You may withdraw consent at any time by using the cookie preference settings.

 

Customer Account Information

When you register for an account, we collect your email address, name and other contact data. We may also ask you to enter your website domain in order to provide our Services. By voluntarily providing us with such data, you represent that you are the owner of such Personal Data or otherwise have the requisite consent to provide it to us. If you register to our Platform through a social network platform (for example Google), you will provide us access to any information you made available on that platform (depending on your privacy settings) and any additional information that you specifically consent to provide us with. ( "Customer Information")

Customer Information is required to identify you as a customer and permit you to access your account(s).  

We process Customer Information (a) Subject to your consent, and (b) for the performance of our contract with you.

Payment Information

When Customers sign up for one of our paid Services, they must provide billing information. We do not store full credit card numbers or personal account numbers. The required information depends on the billing method chosen. For example, if you pay with a credit card, our third party payment service providers will collect your card information and billing address.

Payment information is collected by our payment service providers in order to process payments for purchases, fulfill requests for refunds, returns, or exchanges, and process the redemption of discounts.

The legal bases for processing this data are (a) the performance of our contractual obligation, (b) consent, and (c) our legitimate interests. Our legitimate interests in this case are processing of information which is necessary for the provision of our Services.

Legal Matters

We may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of the Services, to enforce our legal terms and conditions, to protect the security or integrity of our databases, and to take precautions against legal liability.

Such processing is based on our legitimate interests, which in this case are protecting our Services and data, exercising our legal rights, and complying with our legal obligations. 

Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure or destruction. The transfer of Personal Data to third party countries as further detailed in the International Data Transfers Section is based on the same lawful basis as stipulated in the table above.

We may collect different categories of Personal Data and Non-Personal Data from you, depending on the nature of your interaction with the Services, as detailed above.


COOKIES AND SIMILAR TECHNOLOGIES:

We use “cookies” (or similar tracking technologies) when you access or interact with our Services. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing it. You can find more information about cookies at  http://www.allaboutcookies.org . Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, or for statistical and advertising purposes. To learn more, please visit EX.CO's Cookie Policy and Playbuzz's Cookie Policy.

CATEGORIES OF RECIPIENTS WE DISCLOSE PERSONAL DATA TO:

CATEGORY OF RECIPIENT

DATA THAT WILL BE DISCLOSED

PURPOSE OF DISCLOSURE

Internal concerned parties

All types of Personal Data .

We may disclose your Personal Data to companies within our group, as well as our employees, in order to provide you with and improve our Services

Service providers  

All types of Personal Data.

We may disclose your Personal Data to our service providers, such as payment processors, storage providers (such as AWS), marketing affiliates (who assist us with carrying our marketing campaigns, such as email campaigns), our fraud detection tools, and our analytics providers who help us provide you with our Service.

Legal and regulatory entities

All types of Personal Data, subject to requests by authorities.

We may disclose Personal Data in case we believe, in good faith, that such disclosure is necessary in order to enforce our policies (including our  Company Terms  and  Channels Terms ), take precautions against liabilities, investigate and defend ourselves against any third party claims or allegations, protect the security and integrity of the Services and protect the rights and property of Company. We may also disclose your Personal Data where requested by legal or regulatory authorities having control or jurisdiction over us or you.

Mergers and acquisitions

All types of Personal Data

We may disclose or transfer your Personal Data if we enter into a business transaction such as a merger, acquisition, reorganization, bankruptcy, or sale of some or all of our assets. Any party that acquires our assets as part of such a transaction will continue to use your data in accordance with the terms of this Privacy Policy.

Professional advisers

All types of Personal Data

In individual instances, we may disclose Personal Data to professional advisers acting as processors or controllers including lawyers, bankers, auditors, insurers, and accounting services, to the extent we are legally obliged to disclose or have a legitimate interest in disclosing your Personal Data.


We reserve the right to use, disclose or transfer (for business purposes or otherwise) aggregated and processed Non-Personal Data to third parties, including, inter alia, affiliates, for various purposes including commercial use. This Personal Data may be collected, processed and analyzed by us and transferred in a combined, collectively and aggregated manner (i.e., your information is immediately aggregated with other users) to third parties.

When disclosing Personal Data to third parties, they are required to secure the Personal Data they receive and to use that Personal Data only in compliance with all applicable data protection regulations (such service providers may use other Non-Personal Data for their own benefit).

USER RIGHTS AND OPT-OUT OPTIONS:

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your Personal Data. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.

The following table describes all the rights you are entitled to. Please note that some rights are only available for residents of certain jurisdictions.

EU Residents Right

Virginia Consumer Data Protection Act

California Privacy Right

Details

Right to know or access Personal Data collected by us

The right to know what Personal Information the business has collected.

The right to know what Personal Data we collected, including the categories of Personal Data, the sources from which the Personal Data is collected, the business or commercial purpose for collecting, selling, or sharing Personal Data, the categories of third parties to whom we disclose Personal Data, and the specific pieces of Personal Data the we collected about you.

 

Deletion Rights

The right to delete Personal Data that we collected from you, subject to certain exceptions.

 

Correct Inaccurate Data

The right to correct inaccurate Personal Data that we maintain about you

N/A

Opt-Out of Sharing for Cross-Contextual Behavioral Advertising

You have the right to opt-out of the “sharing” of your personal Data for “cross-contextual behavioral advertising” (all as defined under the CCPA), often referred to as “interest-based advertising” or “targeted advertising”. 

N/A

Opt-out from selling

The right to opt-out of the "sale" or "sharing" (as defined under the CCPA) of Personal Information.

N/A

Limit the Use or Disclosure of Sensitive Personal Information (SPI)

You have the right to request to limit the collection of your, to that use which is necessary to maintain our Services;

N/A

Opt-out from profiling in furtherance of decisions that produce legal or similarly significant effects concerning the user

N/A

You have the right to request to opt-out from processing involving profiling, in furtherance of decisions that produce legal or similarly significant effects concerning the you.

Opt-Out of the Use of Automated Decision Making

 N/A

In certain circumstances, you have the right to opt-out of the use of automated decision making in relation to your Personal Data.

N/A

Non-Discrimination

The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicants, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights, denying a consumer goods or services, charging different prices or rates for goods or services, providing you a different level or quality of goods or services, etc. We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by your Personal Data.

 

Data Portability

You may request to receive a copy of your Personal Data, including specific pieces of Personal Data, including, where applicable, to obtain a copy of the Personal Data you provided to us in a portable format.

Restriction or Objection to Processing

N/A

You have the right to object the processing of your Personal Data, unless certain exceptions apply.

Withdrawal of Consent

N/A

If Personal Data is processes on the basis of your consent, you have the right to withdraw it at any time.

Exercising Your Rights

your rights may be exercised by contacting our DPO at dpo@ex.co. Certain rights can be easily executed independently:

DATA RETENTION:

We will retain your Personal Data for as long as necessary to provide our Services, comply with our legal obligations, resolve disputes, and enforce our policies. Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time , without providing you with prior notice if our intention to do so . However, retention periods shall be determined taking into account the type of information that is collected and the purpose for which it is collected for, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time.

SECURITY MEASURES:

We work hard to protect the Personal Data we process from unauthorized access, alteration, disclosure, or destruction. We have implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of your Personal Data.

Your Account Information is protected by a password for your privacy and security or by an SSO service such as Google of Facebook identity services. You need to help us prevent unauthorized access to your account by protecting your password appropriately and limiting access to your account by signing off after you have finished accessing your account. You will be solely responsible for keeping your password confidential and for all use of your password and your account, including any unauthorized use.

While we seek to protect your information to ensure that it is kept confidential, we cannot guarantee the security of any information. You should be aware that there is always some risk involved in transmitting information over the internet and that there is also some risk that others could find a way to thwart our security systems. As a result, while we strive to protect your Personal Data, we cannot ensure or warrant the security and privacy of your Personal Data or other content you transmit using the Platform, and you do so at your own risk. Thus, we encourage you to exercise discretion regarding the Personal Data you choose to disclose.

INTERNATIONAL DATA TRANSFERS:

We operate globally, and any information that we collect, disclose or share, including (but not limited to) your Personal Data, can be stored and processed in the European Economic Area, United Kingdom and United States, for the purposes detailed in this Policy. To the extent that the GDPR or UK GDPR are applicable, we will only transfer or share your Personal Data to data recipients:

INTERACTION WITH THIRD PARTY WEBSITES:

Our Services enable and host third party content, products or services that are not owned or controlled by us, including sponsored content and advertisement (each or jointly “Third Party Content”). Third Party Content hosted on our Services is provided directly by its owners or operators and governed by their own terms and privacy policies. Although we do require each Third Party Content to ensure full compliance and transparency, we are not responsible for the privacy practices or the content of such Third Party Content. Please be aware that Third Party Content and related services may collect Personal Data from you based on  your consent, including through use of cookies, as further detailed above.

ELIGIBILITY AND CHILDREN PRIVACY:

Our Services are not intended for use by individuals under the age of majority, as defined by the applicable law in such individual's jurisdiction of residence ("Minor"). Company does not knowingly process Minor's information and will discard any data we receive from a user that we find or reasonably suspect to be a Minor immediately upon discovery. Please contact us at:  dpo@ex.co if you have reason to believe that a Minor has shared any data with us.

CCPA-RELATED INFORMATION:

This information applies to Personal Information of users who reside in the State of California (“ Consumers” as defined under the California Consumer Privacy Act of 2018 ("CCPA"), as amended by the California Privacy Rights Act of 2020 ( "CPRA") and will be referred herein as “you”).

Personal Information is defined under the CCPA as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device.

Personal Information does not include: Publicly available information that is lawfully made available in government records; information that a consumer has made available to the public; De-identified or aggregated consumer information, and information excluded from the CCPA’s or CPRA’s scope such as Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the California Confidentiality of Medical Information Act (CMIA); clinical trial data, and any Personal Information covered by certain sector-specific privacy laws, such as the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA), the California Financial Information Privacy Act (FIPA) and the Driver’s Privacy Protection Act of 1994.

Collection, disclosure and sharing of Personal Information

In the preceding twelve (12) months, we have collected the following Personal Information:

Category of Personal Information Collected

 

Personal Information Collected

 

Sources of Personal Information

 

Business Purpose for Collection

A.    Identifiers

Full name, email address, postal address, social media identifier, IP address, account name

Directly from consumers upon subscription.

Directly or indirectly from activity on our Websites by cookies or other tracking technologies.

From third parties that interact with us, including social networks and other publicly available sources.

 

To provide you with our Services.

To improve our Services.

To detect and prevent fraud or illegal activities.

To respond to your requests and inquiries, and communicate with you.

Direct marketing purposes – we may use the contact details you provided us to send you promotional offers.

To perform research, technical diagnostics, analytics or statistical purposes.

Information is also disclosed to business partners for commercial purposes (e.g. to advertisers)

To charge our Customers for the Services provided by us.

 

B.    Personal Information Categories listed in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e))

Name, image, address.

C.    Internet or Other Electronic Network Activity Information

The referring page that linked to Company Websites, browsing history, interaction with Company Websites

Directly from consumer’s device by using cookies or other tracking technologies.

D.   Geolocation Data


Country, State and city

 


Directly from consumer’s device by using IP address, or as directly submitted by the consumer, or as made available on publicly available sources.

 

E.    Professional or employment-related information

Company name, roles of relevant Customer employees

Directly from correspondence with users. From Customer’s website, social media page or other publicly available resources.

 

F.    Commercial Information

Records of products or Services purchased by us

From our databases of historical transactions.

We do not "Sell" Personal Information, as this term is defined under the CCPA.

In the preceding twelve (12) months we disclosed or shared your Personal Information.

Categories of Recipients

Disclosed/Shared?

Purpose

Business partners, such as Customers and advertisers

Shared

Company's operational purposes. The disclosure of such Personal Information will be as reasonably necessary and proportionate to achieve such operational purposes. This includes:

  • Auditing related to a current interaction with our Consumers.
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • Debugging to identify and repair errors that impair our Services.
  • Short-term, transient use, provided the personal information that is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction.
  • Performing services on behalf of another business or Service Provider.
  • Undertaking internal research for technological development and demonstration.
  • Undertaking activities to verify or maintain the quality or safety of our Services, and to improve, upgrade, or enhance our Services.

Affiliates

Disclosed

Service Providers (as defined under the CCPA)

Disclosed

 

Authorized Agents

“Authorized agents” may submit opt out requests on a consumer’s behalf. If you have elected to use an authorized agent, or if you are an authorized agent who would like to submit requests on behalf of a consumer, the following procedures will be required prior to acceptance of any requests by an authorized agent on behalf of a California consumer. Usually, we will accept requests from qualified third parties on behalf of other consumers, regardless of either the consumer or the authorized agent’s state of residence, provided that the third party successfully completes the following qualification procedures:

Notice Of Financial Incentive

We do not offer financial incentives to consumers for providing Personal Information.

Other California Obligations

ADDITIONAL DISCLOSURES FOR NEVADA RESIDENTS:

Nevada law requires certain businesses to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of Personal Information that the business has collected or will collect about the consumer. Nevada law defines "sale" as the exchange of Personal Information for monetary consideration by the business to a third party for the third party to license or sell the Personal Information to other third parties. If you are a Nevada consumer from whom Company has collected Personal Information and you wish to submit a request relating to our compliance with Nevada law, please contact us at  dpo@ex.co.

POLICY AMENDMENTS:

The updated date of this Policy will be reflected in the “Last Updated” heading, indicated at the header of the Policy. As required by the CCPA we will review this Privacy Policy every twelve (12) months and amend it as necessary. We recommend you review this Policy periodically to ensure that you understand our most updated privacy practices

CONTROLLING VERSION:

This Policy has been drafted in the English language, which is the original and controlling version of this Policy. All translations of this Policy into other languages shall be solely for convenience and shall not control the meaning or application of this Policy. In the event of any discrepancy between the meanings of any translated versions of the Policy and the English language version, the meaning of the English s

CONTACT INFORMATION:

If you have any question, inquiry or concern related to this Privacy Policy or the processing of your Personal Data, you may contact our Data Protection Officer, either at dpo@ex.co or by postal mail:

Playbuzz Ltd.

Attention: Data Protection Officer

5 Aluf Kalman Magen St.

Building A, 1st Floor,

Tel Aviv, 6107077,

Israel


UK Representative - Playbuzz UK Limited:

37 Broadhurst Gardens

London, NW6 3QT

United Kingdom