Last modified Jan 1, 2024

Lytics, Inc. (“Lytics”) is committed to respecting your privacy, protecting your personal information, and being transparent about its treatment of your personal information.

This Privacy Policy covers the information practices of Lytics, Inc. as they relate to personal information collected through www.lytics.com, docs.lytics.com, app.lytics.com, and trust.lytics.com (each a “Site”). Our Sites are hosted in the United States. If you submit your personal information on our Sites, it will be transferred to the United States. As further discussed in the Cross-Border Data Transfers section below, we participate in and adhere to the Data Privacy frameworks.

California residents using this Site should be sure to read the information below under Additional Information for California residents.

Site users from the European Union should be sure to read the information provided below under Additional Information for European Union Users.

By visiting this website, you are accepting and consenting to the practices described in this policy.

Please note that this Privacy Policy does not apply to the personal information we collect and process on behalf of our clients through or in connection with the services we provide to them.

Data Controller and DPO

With regard to personal information submitted to our Sites, the data controller is Lytics, Inc., 811 SW 6th Ave, Suite 1000, Portland, OR 97204, USA . Lytics’ data protection officer may be contacted using the contact information provided below.

What does Lytics do?

Lytics provides customer data, analytics, and marketing intelligence solutions (collectively referred to as the “Service”) to our customer (“Clients”) via a software as a service platform. The Service is designed to help our Clients’ marketing communications and campaigns be more useful and relevant to their respective consumers by showing them content and messages that best address their specific interests and needs.

To do this, when people interact with our Clients websites, applications or campaigns (collectively “Client Services”) and related third-party applications, we may collect some of their personal data on behalf of our clients (“Client User Data”). Our platform uses that data, as well as other data described below, to help Clients deliver marketing communications that are more relevant. Client User Data may include information about the identity of Client Users (such as name, postal address, email address, IP address and phone number), as well as information about the content that users interact with, including web pages they visit and features they use and the actions that they take while using the Client Services.

To be clear this Privacy Policy does not apply to Client User Data or to Client Services, and we are not responsible for our Clients’ handling of Client User Data. Our Clients have their own policies regarding the collection, use and disclosure of your personal information. To learn about how a particular Client handles your personal information, we encourage you to read the Client’s privacy statement. Our use of Client User Data provided by our Clients in connection with our Services is subject to the written agreement between Lytics and Client.

Personal Information We Collect

In the course of operating the Sites, we may collect the following types of information (collectively, the “Information”).

Information you give us

Personal information you may provide through the Sites or otherwise communicate with us:

• Identity information, such as your first name, last name, user name or similar identifier, title, date of birth and gender;
• Contact information, such as your postal address, email address and telephone number;
• Profile information, such as your username and password, interests, preferences, feedback and survey responses;
• Feedback and correspondence, such as information you provide in survey responses, when you participate in market research, report a problem, receive customer support or otherwise correspond with us;
• Transaction information, such as your credit card or other payment and billing details;
• Usage information, such as information about how you use the Service and interact with us; and
• Marketing information, such as your preferences for receiving marketing communications and details about how you engage with them.

Information we collect

Apps, browsers and devices

Our servers may automatically record certain information about how you use our Sites (we refer to this information as “Activity Data“), including both Clients and casual visitors.

Activity Data may include information such as a user’s Internet Protocol (IP) address, device and browser type, operating system, the pages or features of our Site to which a user browsed and the time spent on those pages or features, the frequency with which the Site is used by a user, search terms, the links on our Site that a user clicked on or used, and other statistics. We use this information to administer the Service and we analyze (and may engage third parties to analyze) this information to improve and enhance the Service by expanding its features and functionality and tailoring it to our users’ needs and preferences.

Lytics and our partners use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. Users can control the use of cookies at the individual browser level and when choosing whether or not to consent to Lytics’ use of cookies. For more information about how Lytics uses cookies and similar technologies to recognize you when you visit our Websites (lytics.com, docs.lytics.com, app.lytics.com, www.trust.lytics.com), please see Lytics Cookie Policy.

Sensitive personal information

Subject to the following paragraph, we ask that you not send or disclose to us any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or union membership) on or through the Service or otherwise.

If you send or disclose any sensitive personal information to us (such as when you submit user generated content to the Site), you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not provide it.

Information we get from others

We may obtain additional information about you from third party sources to enrich your experience on the Sites and provide you with more relevant information related to our service offerings.

Changes to your personal information

It is important that the personal information we hold about you is accurate and current. Please let us know if your personal information changes during your relationship with us by updating your registration profile or emailing us at privacy@lytics.com.

How We Use Your Personal Information

To provide the Service

If you have a Lytics account, we use your personal information:

• To operate, maintain, administer and improve the Service;
• To manage and communicate with you regarding your Service account, if you have one, including by sending you Service announcements, technical notices, updates, security alerts, and support and administrative messages;
• To process payments you make through the Service;
• To better understand your needs and interests, and personalize your experience with the Service; and
• To respond to your Service-related requests, questions and feedback.

To communicate with you

If you request information from us, register for the Service or participate in our surveys, promotions or events, we may send you Lytics-related marketing communications if permitted by law, but will provide you with the ability to opt out.

To comply with law

We use your personal information, as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.

With your consent

We may use or share your personal information with your consent, such as when you consent to let us post your testimonials or endorsements on our Site, you instruct us to take a specific action with respect to your personal information or you opt into third party marketing communications.

To create anonymous data for analytics

We may create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by excluding information that makes the data personally identifiable to you, and use that anonymous data for our lawful business purposes.

For compliance, fraud prevention and safety

We use your personal information as we believe necessary or appropriate to (a) enforce the terms and conditions that govern the Service; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

How We Share your Personal Information

We do not share or sell the personal information that you provide us with other organizations without your express consent, except as described in this Privacy Policy. We disclose personal information to third parties under the following circumstances:

• We may disclose your personal information to our subsidiaries and corporate affiliates for purposes consistent with this Privacy Policy.
• Service Providers. We may employ third party companies and individuals to administer and provide the Service on our behalf (such as bill and credit card payment processing, customer support, hosting, email delivery and database management services). These third parties are permitted to use your personal information only to perform these tasks in a manner consistent with this Privacy Policy and are obligated not to disclose or use it for any other purpose.
• Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
• Compliance with Laws and Law Enforcement; Protection and Safety. Lytics may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern the Service; (d) protect our rights, privacy, safety or property, and/or that of you or others; and (e) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
• Business Transfers. Lytics may sell, transfer or otherwise share some or all of its business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Privacy Policy.

How We Use Targeted Advertising

Lytics serves targeted advertising, where third parties may serve cookies on your computer or mobile device to serve advertising through our Websites. These companies may use information about your visits to this and other websites in order to provide relevant advertisements about goods and services that you may be interested in. They may also employ technology that is used to measure the effectiveness of advertisements. This can be accomplished by using cookies or web beacons to collect information about your visits to this and other sites in order to provide relevant advertisements about goods and services of potential interest to you. The information collected through this process does not enable us or them to identify your name, contact details or other personally identifying details unless you choose to provide these. For more details on our use of cookies, please see Lytics Cookie Policy.

How We Use Decision-Making Technology

Lytics will send you customized emails, newsletters, or other information based on the personal data you provide and your preferences, habits, and website behaviors, which Lytics analyzes using algorithms and other IT tools, like automated decision-making and profiling. We use third-party vendors to help us monitor and improve our emails and newsletters and to gather statistics about open rates and clicks, using industry standard technologies. We analyze the information you provide and your relevant interests to decide what communications to send you and to learn how Lytics can help you do your work better and more effectively.

Your Choices

Access, Update, Correct or Delete Your Information All Lytics account holders may review, update, correct or delete the personal information in their registration profile by logging into their account. Lytics account holders may also contact us at privacy@lytics.com to accomplish the foregoing or if you have additional requests or questions.

Access to Data Controlled by our Clients

Lytics has no direct relationship with the individuals whose personal information is contained within the Client User Data processed by our Service. An individual who seeks access, or who seeks to correct, amend, or delete personal information provided by our Clients should direct their request to the Client. You may also contact us by email at privacy@lytics.com if you have additional questions or concerns.

Marketing communications

You may opt out of marketing-related emails by logging in and changing your account settings or by clicking on a link at the bottom of each such email. You may continue to receive Service-related and other non-marketing emails.

Reference/Testimonials

If you gave us consent to post a testimonial to our site, but wish to update or delete it, please contact us.

Tracking and Targeted Advertising

We may allow service providers and other third parties to use cookies and other tracking technologies to track your browsing activity over time and across our Site and third party websites. We may also partner with a third-party ad network to either display advertising on our Site, to manage our advertising on other sites, or to provide you targeted advertisements based upon your interests on our Site or on third party sites. You may opt out of having your personal information used for targeted ads by clicking here (or if you are in the European Union, here), but you may still receive generic ads. Other companies’ use of their tracking technologies is subject to their own privacy policies. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to do not track or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

In some of our communications, we use tracking means, such as a “click-through URL” linked to content on the Site. We track this data to help us measure the effectiveness of our customer communications. For more information about how Lytics uses cookies and similar technologies to recognize you when you visit our Websites (www.lytics.com, www.learn.lytics.com, app.lytics.com, www.trust.lytics.com), please see the Lytics Cookie Policy.

Choosing not to share your personal information

Where we need to collect your personal information by law, or to be able to provide the Service to you and you do not provide that information when requested (or you later ask to delete it), we may not be able to provide you with the Service and may need to close your account. We will tell you what information you must provide to receive the Service by designating it as required in the Service or through other appropriate means.

Security

The security of your personal information is important to us. We take a number of organizational, technical and physical measures designed to protect the personal information we collect, both during transmission and once we receive it. However, no security safeguards are 100% secure and we cannot guarantee the security of your information.

International Transfer

Lytics is headquartered in the United States and has affiliates and service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction. European Union users should read the important information provided further below under Cross Border Transfer Section about transfer of personal information outside of the European Economic Area.

Other Sites and Services

The Service may contain links to other websites and services. These links are not an endorsement, authorization or representation that we are affiliated with that third party. We do not exercise control over third-party websites or services, and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.

Social Media Widgets

Our Site may include social media features, such as the Facebook “like” button and widgets, such as the “share this” button. These features may collect your personal information and track your use of the Site. These social media features are either hosted by a third party or hosted directly on our Site. Your interactions with these features are governed by the privacy policy of the company providing such functionality.

User Generated Content

We may make available on our Site, or link to, features that allow you to share information online (e.g., on message boards, in chat areas, in file uploads, through events, etc.). Please be aware that whenever you voluntarily disclose personal information online, that information becomes public and can be collected and used by others. We have no control over, and take no responsibility for, the use; storage or dissemination of such publicly disclosed personal information. By posting personal information online in public forums, you may receive unsolicited messages from other parties.

Children

Lytics does not knowingly acquire or receive personal information from children under 13. If we later learn that any user of our Service is under the age of 13, we will take appropriate steps to remove that user’s information from our account database and will restrict that individual from future access to the Service.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. We encourage you to periodically review this page for the latest information on our privacy practices. If we make material changes to this Privacy Policy you will be notified via email (if you have an account where we have your contact information) or another manner through the Service that we believe reasonably likely to reach you (which may include posting a new privacy policy on our Site – or a specific announcement on this page or on our blog).

Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the new changes on the Service (or as otherwise indicated at the time of posting). In all cases, your continued use of the Service after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

How to Contact Us

Thank you for reading our Policy. If you have any questions about this Policy, please contact our Data Protection Officer by emailing privacy@lytics.com or by writing to us at the following address: Lytics, Inc. 811 SW 6th Ave Suite 1000 Portland, OR 97204, USA Attention: Data Protection Officer.

Additional Information for California Residents

This Privacy Notice for California Residents supplements the information contained in Lytics Privacy Policy and applies solely to all Site users who reside in the State of California. We adopted this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this notice.

1. Information We Collect

Our website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information“). In particular, our website has collected data within the following categories of personal information from its consumers within the last twelve (12) months:

Category	Examples	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.	YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, physical characteristics or description, address, telephone number, education, employment, and employment history.Some personal information included in this category may overlap with other categories.	YES
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	NO
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	YES
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	NO
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	YES
G. Geolocation data	Physical location or movements.	NO
H. Sensory data.	Audio information.	YES
I. Professional or employment-related information.	Current or past job history.	YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf.	NO
K. Inferences drawn from other personal information.	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	YES

Personal information does not include:

• Publicly available information from government records.
• De-identified or aggregated consumer information.
• Information excluded from the CCPA’s scope, like certain health or medical information and other categories of information protected by different laws.

We obtain the categories of personal information listed above from the following categories of sources:

• Directly from you. For example, from forms you complete.
• Indirectly from you. For example, from observing your actions on our website.

2. Use of Personal Information

We may use or disclose the personal information we collect for one or more of the business purposes described in our Privacy Policy under the heading How We Use Your Personal Information.

3. Sharing Personal Information

We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. We share your personal information with the following category of third parties: Service providers.

4. Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Please note that during 2020 under a “business to business” exception, access, portability, and deletion rights will not apply to personal information reflecting a written or verbal communication or a transaction between Lytics and you, if you are a natural person who is acting as an employee, owner, director, officer, or contractor of a company, partnership, sole proprietorship, nonprofit, or government agency and whose communications or transaction with Lytics occur solely within the context of the your business conducting due diligence regarding, or providing or receiving a product or service to or from Lytics.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:

• The categories of personal information we’ve collected about you.
• The categories of sources for the personal information we’ve collected about you. Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• The specific pieces of personal information we’ve collected about you (also called a data portability request).
• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: – sales, identifying the personal information categories that each category of recipient purchased; and – disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

• Complete the transaction for which we collected the personal information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
• Debug products to identify and repair errors that impair existing intended functionality.
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
• Comply with a legal obligation.
• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by sending us an email at privacy@lytics.com or a letter at our mailing address provided elsewhere in our Privacy Policy. Please include your email address in the letter if you choose to contact us by letter.

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we’ve collected personal information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.

We will deliver our written response electronically.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Personal Information Sales

We will not sell your personal information to any party as the word sell or sale is used in the context of the CCPA.

5. Non-Discrimination

We will not discriminate against you (or your employer) for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

6. Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not share or sell information to third parties for their direct marketing purposes.

Additional Information for European Union Users

Personal information

References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Controller and Data Protection Officer

Lytics, Inc. is the controller of your personal information for purposes of European data protection legislation. Our Data Protection Officer can be reached at privacy@lytics.com. See the “Questions” section above for additional contact details.

Legal bases for processing

We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described in the table below. If you have questions about the legal basis of how we process your personal information, contact us at privacy@lytics.com.

Processing purpose

Processing Purpose	Legal Basis
To provide the Service	Processing is necessary to perform the contract governing our provision of the Service or to take steps that you request prior to signing up for the Service
To maintain and improve the Service	Processing is necessary to ensure that our Service is working as intended and to make improvements to the Service
Provide personalized services, including content and ads	Processing is necessary to customize our services for you, including providing recommendations and personalized content
Develop new services	Processing is necessary to help us develop new services
To communicate with you To measure performance with anonymous data for analytics For compliance, fraud prevention and safety	These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
To comply with law	Processing is necessary to comply with our legal obligations
With your consent	Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated in the Service or by contacting us at privacy@lytics.com

Use for new purposes

We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Retention

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including contact, identity, financial and transaction information) for six years after they cease being customers for tax purposes.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.

Your rights

European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:

• Opt-out. Stop sending you direct marketing communications. You may continue to receive Service-related and other non-marketing emails.
• Provide you with information about our processing of your personal information and give you access to your personal information.
• Update or correct inaccuracies in your personal information.
• Delete your personal information.
• Transfer a machine-readable copy of your personal information to you or a third party of your choice.
• Restrict the processing of your personal information.
• Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You can submit these requests by email to privacy@lytics.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at privacy@lytics.com or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

Cross-Border Data Transfers & EU-U.S. Data Privacy Framework, the UK Extension to EU-U.S. DPF and the Swiss U.S. Data Privacy Framework

Lytics complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Lytics has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Lytics has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

With respect to personal data received or transferred pursuant to the Swiss-U.S. DPF Principles, Lytics is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

In certain situations, Lytics may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Lytics’ accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transferred to a third party is described in the Data Privacy Framework Principles.  In particular, Lytics remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Lytics proves that it is not responsible for the event giving rise to the damage.

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Lytics commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact privacy@lytics.com.

Lytics has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

EU Standard Contractual Clauses
Lytics uses European Union Standard Contractual Clauses and other data protection safeguards, including implementation of the Lytics Information Security Management System. Lytics’ “Technical and Organizational Security Measures” and safeguards are detailed in our Terms of Service, as well as on our Lytics Trust Center website.

Definitions

For purposes of this Policy, the following definitions shall apply:

“Personal information” means any information or set of information that identifies or could be used by or on behalf of Lytics to identify an individual. Personal information does not include information that is anonymized or publicly available information that has not been combined with non-public personal information.

“Sensitive personal information” means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, views or activities, that concerns health or sex life, information about social security benefits, or information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings. In addition, Lytics will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.

Notice

Lytics is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Should a EU or Swiss individual be unable to resolve a complaint through the Council of Better Business Bureau’s complaint process, they may contact the FTC at the following address:

Federal Trade Commission Attn: Consumer Response Center 600 Pennsylvania Avenue NW Washington, DC 20580 www.ftc.gov