Updated: May 2020
We, at Kenshoo Ltd. and its affiliates, put great efforts in making sure that we secure your personally identifiable information and use it properly.
This policy explains our privacy practices for processing our customers’ (“Customer”) and our customers’ end-users’ (“User”) personally identifiable information. Whether you are a User of our cloud-based digital advertising and marketing optimization technology, available on the Kenshoo platform or application and related services, a visitor to our website or if you engage with us through other registration or contact channels (the “Service“), we process personally identifiable information related to you pursuant to the terms of this policy.
The summary of this policy will give you a quick and clear view of our practices. Please take the time to read our full policy.
Overview of Our Service – We allow our Customers to manage, optimize and analyze their digital marketing activities. As such, we do not have a direct relationship with Users.
The Personally Identifiable Information That You Provide Us – We receive and store any information you enter on our website or give us in any other way. If you register with the Service we will need your name, your company name, email address and password, for registration and notice purposes; and we will receive any personally identifiable information that you provide when contacting us.
The Personally Identifiable Information That We Collect – We automatically log ‘traffic/session’ information including IP addresses and user agent. We collect session durations and additional activity information.
What Do We Do with Personally Identifiable Information? – We maintain the Service, make it better and continue developing it, and protect us and the Service from misuse and law violations.
Sharing Personally Identifiable Information with Others – We use service providers to facilitate our Service. We will transfer information when we change our corporate structure, and we will share the information with our affiliate entities.
Analytics and Marketing Automation – Aggregated data is not identifiable. We use it for legitimate business purposes and for standard analytical and marketing automation tools.
Information Security – We implement systems, applications and procedures to secure your personally identifiable information, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information.
Data retention – We retain data to provide the service and for legitimate and lawful purposes, as further explained in the data retention section of the policy. Read more.
Your Choice – You may opt-out of our mailing lists and terminate your use of the Service. Our Service does not respond to Do Not Track (DNT) signals.
Accessing Your Personally Identifiable Information – At any time you can request access to your personally identifiable information.
Specific Provisions for California Residents– If you are a California resident, you are entitled to specific privacy rights.
Your EU Data Subject Rights – If we process your personal data when you are in the EU, further terms apply to our processing in relation to your rights as a data subject under EU data protection laws.
Transfer of Data Outside your Territory – We use cloud based services to store and process data in the European Union and in the United States and will store them at additional sites, at our discretion. These service providers provide us adequate security and confidentiality commitments.
EU-US Privacy Shield – We are self-certified to the EU-US Privacy Shield Framework, in connection with processing personally identifiable information from EU member states. The Federal Trade Commission (FTC) has jurisdiction over our compliance. Read more.
Dispute Resolution – Contact us at: email@example.com or write us for every request and complaint. We will make good-faith efforts to resolve any existing or potential dispute with you. As an EU data subject, you may refer unresolved complaints to our designated recourse mechanism and invoke arbitration in certain cases. Further details are available at: https://www.privacyshield.gov/participant?id=a2zt0000000011jAAA&status=Active.
Contact Us – Please contact us at: firstname.lastname@example.org for further information.
We allow Customers to manage, optimize and analyze their digital marketing activities across multiple advertising channels and devices. As such, we do not have a direct relationship with Users who engage with our Customers or are exposed to Customer’s advertisements that are managed using our Service. We process information related to Users as part of the provision of our Service to our Customers as detailed below
We receive and store any information you enter when using our Service or give us in any other way.
You provide most of your information through forms you fill out on our website to contact us.
When you contact us, or when we contact you, we will receive and process any personally identifiable information that you provide us.
Note that you are not required by law to provide us with any information about you.
As part of our Service, we offer our Customers anonymous tracking of Users who engage Customer’s ads and/or website (“Engagement”). Consequently, we collect the following information:
In order to obtain this information, we use Tracking Pixels and Cookies.
A Tracking Pixel is a piece of code embedded on a web page of Customer’s website that collects information about Users’ engagement on that web page. The Tracking Pixel can be provided either by the advertising channels, affiliate networks or by us. The Tracking Pixel may include a command to create Cookies. For further information about Cookies please see our Cookies and Tracking Technologies Policy.
A Cookie is a small text file that can be stored on a User’s browser (on any type of device). Our Cookies contains a random unique identifier that enables anonymous tracking activity from a browser that is associated with products and services of a Customer.
Subject to Customer’s approval, we will collect information of Customers or of third-party partners, and combine it with our other data in our possession. Such information is un-identifiable, and we do not know, nor will we attempt to know the identity of Users. For example, Customers may generate and send us anonymous Users’ IDs in order to associate cross-device activity of same User.
We use the personally identifiable information we collect and receive to provide the Service, to enable the Service’s tools and features, to study and analyze the functionality of the Service and Customers’ and Users’ activities, to provide support, to measure Service activity, conduct surveys and send questionnaires; provide various reports and enhance our Services to our Customers to maintain the Service, to make it better and to continue developing the Service.
Additionally, we facilitate advertisements based on past interactions of Users with Customer’s advertisements and websites (retargeting services).
We use automated processes, including automated decision making to provide our Service and enhance our customers online marketing capabilities and campaigns.
We process personally identifiable information related to prospective customers who engaged us through our website or to candidates applying for a position on our website. This information will only be used for the purpose of evaluating, contacting and serving the prospective customers and/or job candidates.
We obey the law and expect you to do the same. If necessary, we will use personally identifiable information related to you to enforce our terms, policies and legal agreements, to comply with court orders and warrants, and assist law enforcement agencies, to collect debts, prevent fraud, misappropriation, infringements, identity thefts and any other misuse of the Service, and to take any action in any legal dispute and proceeding.
We commit to process personally identifiable information solely for the purposes described in this policy.
We do not sell, rent or lease your personally identifiable information. We will share personally identifiable information related to you with service providers and other third parties, if necessary to fulfill the purposes for collecting the information. Any such third party will commit to protect your privacy as required under the applicable law and this policy.
We will also share your personally identifiable information with our affiliates. These mean companies within the Kenshoo group and include subsidiaries, sister-companies and parent companies, with the express provision that their use of your personally identifiable information will comply with this policy.
We will disclose or use Users’ or our website’s visitors’ data to defend or enforce our legal rights and in accordance with any applicable law. We will disclose personally identifiable information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Additionally, a merger, acquisition or any other structural change will require us to transfer your personally identifiable information to another entity, as part of the structural change, provided that the receiving entity will comply with this policy.
We will be liable for onward transfers to third parties in violation of the Privacy Shield Principles. For further information, please below the EU-US Privacy Shield chapter of this policy.
We will share your personally identifiable information only subject to the terms of this policy, or subject to your prior consent.
We use third parties’ analytics tools to better understand who is using the Services, how people are using the Services and how to improve the effectiveness of the Services and its content. We also use third party marketing automation tools to help us with our marketing efforts.
We use the standard analytics tools of Google Analytics we will use additional or other analytics tools, from time to time, to learn about how you and other users use the Service, in support of our Service-related activities and operations.
We use anonymous, statistical or aggregated information and will share it with our partners for legitimate business purposes. It has no effect on your privacy, because there is no reasonable way to extract data from the aggregated information that we or others can associate specifically to you.
We and our hosting services implement systems, applications and procedures to secure data we collect and process, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information.
These measures provide sound industry standard security. However, although we make efforts to protect your privacy, we cannot guarantee that the Service will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
We retain different types of personally identifiable information for different periods, depending on the purposes for processing the information, our legitimate business purposes as well as pursuant to legal requirements under the applicable law.
We will maintain your contact details, to help us stay in contact with you. At any time before, you can contact our privacy team at: email@example.com and request to delete your contact details. Note that we may keep your details without using them unless necessary, and for the necessary period of time, for legal requirements and proceedings.
We will keep aggregated non-identifiable information without limitation, and to the extent reasonable we will delete or de-identify potentially identifiable information, when we no longer need to process the information.
At any time, you can unsubscribe from our mailing lists by sending an opt-out request to firstname.lastname@example.org.
At any time, you can stop using our website or terminated your use of our Service. Termination of your Service account is subject to the terms of your subscription agreement with us.
At any time, you can exercise your following opt-out options:
You can exercise your choice by contacting us at: email@example.com.
We request and collect minimal personally identifiable information that we need for the purposes that we describe in this policy. Following the termination or expiration of the Service, we will stop collecting any personally identifiable information from or about you.
However, we will store and continue using or making available your personally identifiable information according with our data retention section in this policy.
Web browsers offer a “Do Not Track” (“DNT”) signal. A DNT signal is a HTTP header field indicating your preference for tracking your activities on a service or through cross-site user tracking. Our Service does not respond to DNT signals.
Cookie opt-out – You may elect to opt-out of enabling Cookies in the browser’s settings tools, usually by choosing between several options offered by the browser. For further information about Cookies please see our Cookies and Tracking Technologies Policy.
At any time, you can contact us at: firstname.lastname@example.org and request to access the personally identifiable information that we keep about you. We will ask you to provide us certain credentials to make sure that you are who you claim to be and to the extent required under the applicable law, will make good-faith efforts to locate your personally identifiable information that you request to access.
If you are eligible for the right of access under the applicable law, you can obtain confirmation from us of whether we are processing personally identifiable information about you, and receive a copy of that data, so that you could –
We will use judgement and due care to redact from the data which we will make available to you, personally identifiable information related to others.
This section applies solely to users of our Service who reside in the State of California.
The personal information that we collect
In the preceding twelve (12) months we have collected the following categories of personal information:
Our business purposes for collecting your personal information
We collect your personal information for various business purposes, such as to provide you with the Service and make it better, all as described above under the section titled What Do We Do With Personally Identifiable Information.
The categories of sources from which your personal information is collected
We obtain the categories of personal information listed above from various sources, including directly from Users and our website’s visitors, from your Service activities and from third party service providers, as further described above under the section titled The Personally Identifiable Information That We Collect.
The categories of third parties with whom we share your personal information
We may share your personal information with various third parties such as our service providers and our affiliates, as further described above under the section titled Sharing Personally Identifiable Information with Others.
The categories of personal information disclosed to said third parties:
In the preceding twelve (12) months we have disclosed the following categories of personal information for business purposes:
In the preceding twelve (12) months, we have not sold personal information.
Your Rights as a California Resident
You are entitled to the following specific rights under the California Consumer Privacy Act (‘CCPA’) in relation to your personal information:
Access to Specific Information and Data Portability Rights
You have the right to request that we will disclose certain information to you about our collection and use of your personal information over the past 12 months. After verifying your request, we will disclose to you:
You have the right to request that we delete your personal information. Upon confirmation of your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception under applicable law applies.
Exercising Your Rights
To exercise the access, data portability, and deletion rights described above, please submit your request to us by sending an email to: email@example.com.
Only you or a person authorized to act on your behalf, may make a request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
A request for access can be made by you only twice within a 12-months period.
We cannot respond to your request or provide you with the requested personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use the personal information provided in your request to verify your identity or authority to make the request.
We will do our best to respond to your request within 45 days of its receipt. If we require more time (up to additional 45 days), we will inform you of the reason and extension period in writing. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures that we provide will only cover the 12-month period preceding receipt of your request.
The response we provide will also explain the reasons for our inability to comply with your request, if applicable.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for such decision and provide you with a cost estimate before processing further your request.
Under EU data protection laws, Kenshoo, will be considered a data processer as such term is defined therein, with respect to its Services, except for Kenshoo’s website. As for the Kenshoo’s site, Kenshoo is a data controller, as such term is defined in the EU data protection, and the following will apply only in such case. Where we process personal data related to you as a data controller, the processing is based on the following lawful grounds:
A summary and further details about your rights under EU data protection laws, is available on the EU Commission’s website at: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en.
Note that when you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and will further ask you questions to understand the nature and scope of your request.
If we need to delete your personal data following your request, it will take some time until we completely delete residual copies of your personal data from our active servers and from our backup systems.
If you have any concerns about the way we process your personal data, you are welcome to contact our privacy team at: firstname.lastname@example.org, or write to us to: Kenshoo Ltd., 30 Ha’barzel St., Tel-Aviv, Israel 6971010. We will look into your inquiry and make good-faith efforts to respond promptly.
We store and process information in various sites throughout the globe, including on sites operated and maintained by cloud-based service providers.
From time to time, we will make operational decisions which will have an impact on the sites in which we maintain personally identifiable information. We make sure that our data hosting service providers, provide us with adequate confidentiality and security commitments
If you are a resident in a jurisdiction where transfer of your personally identifiable information to another jurisdiction requires your consent, then you provide us your express and unambiguous consent to such transfer. You can contact our privacy team at: email@example.com for further information about data transfer.
We are self-certified with the US Department of Commerce – EU-US Privacy Shield Framework, in connection with the collection, use, and retention of personal information from EU member states. We are committed to adhere to the Privacy Shield principles, including notice, choice, accountability for onward transfer, security, data integrity, purpose limitation, access, recourse, enforcement and liability.
We are further committed to refer unresolved Privacy Shield complaints to TRUSTe, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The services of TRUSTe are provided at no cost to you.
Kenshoo commits to cooperate with UK’s independent data protection authority (ICO) and comply with the advice given by the ICO about human resources data transferred from the EU of a human resources nature.
We do periodical assessments of our data processing and privacy practices, to make sure that we comply with this policy, to update the policy when we believe that we need to, and to verify that we display the policy properly and in an accessible manner. If you have any concerns about the way we process personally identifiable information related to you, you are welcome to contact our privacy team at: firstname.lastname@example.org, or write to us. Our address is published on our website at: www.kenshoo.com and, if applicable, is indicated in your subscription agreement with us.
We will look into your query and make good-faith efforts to resolve any existing or potential dispute with you.
Additionally, if you are an EU data subject, you can invoke binding arbitration in certain cases, as Annex I of the EU-U.S. Privacy Shield Agreement describes. For further information, please visit the Privacy Shield website at: www.privacyshield.gov, or contact our privacy team.
From time to time, we will update this policy. If the updates have minor if any consequences, they will take effect 7 days after posted on our Service and/or published the revised policy in the website. Substantial changes will be effective 30 days after the publication of the revised policy.
Until the new policy takes effect, if it materially reduces the protection of your privacy right under the then-existing policy you can choose not to accept it and terminate your use of the Service. Continuing to use the Service after the new policy takes effect means that you agree to the new policy. Note that if we need to adapt the policy to legal requirements, the new policy will become effective immediately or as required by law.
Please contact our Privacy Compliance at: email@example.com for further information.