Privacy Policy

2. Services: Your Personal Information When You Are Our Customers’ End User or Authorized Account User

2.0 What FreeWheel Does

Our technology helps companies that publish video content online (through apps, websites and streaming services, including connected TV and “over the top” providers, Publishers and Publisher Content) permit advertising videos to be displayed to their end users (users).

We are also providers of a software platform, customers of which are Publishers wishing to sell their ad space, and Media Buyers (advertisers or their intermediaries wishing to buy or bid for the right have their ads shown in that Publisher’s video ad space). For one specific service we offer to Publishers, known as Managed Service, we may, as a controller, process personal information when purchasing ad space in our own right and when selling on to Media Buyers. Publishers and Media Buyers may also ask us to take audience data into our platform to better target their ad space or ad respectively. We may also provide these Publishers and Media Buyers with related services such as verifying that ads were actually delivered to the user’s device, and other reports such as users’ interaction with the ads.

The digital advertising ecosystem is complex, which means multiple platforms and entities come into contact with online personal information. This Privacy Policy describes the role FreeWheel has in the process, and how we collect, use, maintain, protect and share this personal information. This Privacy Policy does not apply to the privacy practices of other entities involved in the digital advertising ecosytem.

To set up and administer our customer accounts, we handle details of the customer’s authorised account user, generally limited to their name, work contact details, and login in details to provide their authorized access to our advertiser solution platform.

2.1 The Personal Information We Collect

Information We Generate

When you first visit a Publisher’s app, site or streaming service, FreeWheel’s software assigns a unique random identifier to your browser or device (Freewheel ID) which allows our technology to automatically recognise your device or browser next time it is used to access Publisher Content of any Publisher integrated with our technology. This allows our Publishers and partners to “sync” their own unique identifiers against the Freewheel ID so they can use their own data on our platform that they may have associated with your device.

Information We Collect Automatically

When a user views Publisher Content which the Publisher has integrated with our software platform, we, and the partners and vendors we work with, use Cookies and related technologies to collect information about the user and the device they are using when there is advertising space available in relation to the Publisher Content. See 2.10 How We Use Cookies As Part Of Our Services below for more information about Cookies.

This information can include device model, whether the device is using the Apple or Android operating system and its version number, the type and version of the web browser or Publisher app being used to access the Publisher Content (e.g., Chrome or Safari), IP address, referral URL, approximate device location (on a town or city level), mobile device IDs assigned by Apple, Android or other manufacturers of phones and operating systems (such as the IDFA for Apple devices and AAID or GAID for Android devices), the Publisher’s unique identifier (often a “VCID” used in video streaming) for that user or device. Our technology also looks for our Freewheel ID each time a user accesses Publisher Content.

Information Provided By Publishers And Third Parties

Through our Services, we process information about an individual’s interests and preferences, typically relating to demographic details such as age range and gender, product interest, and where legally permitted and with consent where applicable, precise geo-location. This interest and preference information is used to estimate what advertising the individual might be interested in by first placing the individual in one of a number of audience segments (Segments; together with interests and preferences Segment Data). Examples of Segments might be “women aged 18-30 interested in fashion”, “persons aged 25-35 interested in buying a car” and so on. Our Services involve Segment Data when connecting Publishers wishing to sell ad space with Media Buyers (either selected by Publishers or by us depending on the Services), so that ads are delivered in a more relevant and targeted way. Where we provide Services to a Publisher to deliver advertising to their ad space, they may upload their own data relating to their users to facilitate the targeting of advertisements to audiences most likely to be interested in the products or services advertised.

Data Management Platforms (DMP) are technology solutions that pull together data from multiple sources including publicly or commercially available data to identify Segments to be used in targeted advertising. Through use of our Services, a Publisher may direct DMPs within its network (either selected by Publishers or by us depending on the Services) to upload Segment Data to our platform. Media Buyers may also use Segment Data when deciding where to place their advertisements, to help them decide whether they want to purchase (or bid for) a Publisher’s ad space. This is enabled by a process known as “syncing”. We sync by sharing unique identifiers including the Freewheel ID with Media Buyers and any DMPs chosen from the Publisher’s network. The user-related information described above is collectively Platform Data.

Before the Publisher and Media Buyer’s respective data enters the platform to engage in a purchase or bid to purchase ad space event, our Services may facilitate the exchanging of Segment characteristics between the Publisher and Media Buyer; each entity only knows what Segments the other has, and not also the corresponding IP addresses or device IDs.

None of the information we collect or share through the Service in relation to users allows Media Buyers to directly identify an individual. We do not share names, email addresses, or residential addresses as part of providing the Services, and we do not expect any health/ medical, or other sensitive or special categories of personal information to be uploaded to our platform within Segment Data.

2.2 How We Use and Share Your Information

We Use Platform Data As Follows:

• To provide the Services. We use Platform Data to provide the Services to our customers, including enabling Publishers to manage, control and monitor the availability, forecasting, planning, sale and performance of their sale of advertising space, and to facilitate the bidding for and purchase of that advertising space by Media Buyers and us, including by sharing Platform Data with them for that purpose;
• As part of the Services we may share Platform Data, including Segment Data, with multiple Media Buyers according to their requirements as to whether they want to link the Segment Data with each of a number of possible unique identifiers such as IP address, cookie ID and device ID, to help them decide whether to bid to show an ad to a user and, if so, how much they will bid. That decision can take milliseconds through an automated software-based process called “real-time bidding” where multiple Media Buyers will bid to show their ad, and the highest bidder wins the auction and the right to have their ad shown to the user. The Services support real-time bidding, and bidding within much smaller bidding pools, as well as other ways to buy online advertising space;
• To synchronize our Services with other digital advertising platforms outlined in 2.1 The Personal Information We Collect above, which involves sharing unique identifiers including the Freewheel ID with Media Buyers and any DMPs chosen from the Publisher’s network. This allows Media Buyers and other platforms in the ecosystem to gain a better understanding of the demographic and product interests of the user in order to display relevant advertising to them or decide whether to bid to show ads to that user; to report on and make forecasts of advertising performance to Publishers;
• For internal reporting, troubleshooting and support;
• To display ads in a sequence, display ads based on users’ interests, and cap the frequency with which ads are shown to a particular user, according to advertising parameters set by Publishers;
• To satisfy opt out requests;
• To detect fraudulent traffic (where there is no actual user, but a computer pretending to be a user tries to generate ad revenue), and generally to prevent fraudulent and suspicious activities; we share Platform Data with anti-fraud vendors for this purpose;
• To improve our Services and the technology that delivers them, internal research and development, i.e. to analyse the use of our services; to design new, and improve existing, features and functionality of our services; and to develop and train the computer algorithms which form part of our services.

We May Also Share Personal Information As Follows:

• With third parties who directly support us in the running of our business (for example data centre providers and professional advisers). Each third party is contractually obligated or otherwise subject to confidentiality obligations to provide services to us in a manner consistent with this Privacy Policy. Any such third parties are not authorised by us to use your personal information in any other way and will be required by us to implement measures to protect your personal information;
• If we are required by law including to meet national security or law enforcement requirements, comply with a subpoena or other legal process, or respond to a government request, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, and to investigate fraud; and
• If at any time in the future we (or our assets) are purchased by another company.

2.3 How Long We Keep Your Information

We will retain Platform Data for as long as necessary to fulfil the purposes described above, for as reasonably necessary for legitimate business reasons or otherwise for as long as permitted under applicable data protection law.

When assessing retention periods, we use the following criteria: (1) the business purposes for which the information is used, and the length of time for which the information is required to achieve those purposes; (2) whether we are required to retain the information in order to comply with legal obligations or contractual commitments, or retention is otherwise necessary to protect our or others rights; (3) the privacy impact on the consumer of ongoing retention, including the consumer’s likely expectations in light of the sensitivity of the information; and (4) the manner in which information is maintained in our systems and how best to manage the data in light of the volume and complexity of those systems. Individual pieces of personal information such as those listed below may exist in different systems that are used for different business or legal purposes. A different maximum retention period may apply to each use case of the information. For instance, we may retain certain personal data such as an email address for anti-fraud and legal compliance purposes for a longer period.

For more information about the retention of cookie data, please see section 2.10 How We Use Cookies As Part Of Our Services below for information on Cookie duration.

2.4 FreeWheel’s Role Under EU and UK Data Protection Law

For users in the European Economic Area (EEA) and the UK, we act as controller and processor in the delivery of our Services, depending on the nature of the Platform Data and the processing that is taking place. Where we determine the means and purposes of the processing we act as controller and have legal responsibility under data protection legislation for the processing.

We Are A Controller:

• Of the FreeWheel ID (the unique user identifier we assign to enable us to recognise the users across all our Publisher customers, such as for frequency capping);
• When we use personal information for anti-fraud purposes;
• When we use personal information for our own internal reporting and analytics purposes;
• When we use personal information to improve FreeWheel’s Services and products;
• When we provide Services where we select Media Buyers and/or DMPs, such as Managed Service or Data Suite; and
• For logon credentials of FreeWheel customers’ authorised users who log onto and use its technology platforms in order to access the Services.

Legal Bases:

We rely on legitimate interests to process Platform Data for anti-fraud purposes, internal reporting and analytics, existing product improvement, and authorised user logon.

We rely on consent for other processing of personal information, including relating to your job application and audience targeting functions.

Where we act as controller, you have a right to request that we:

• Provide you information about how we use your personal information;
• Give you access to, and a copy of your personal information we hold in our systems;
• Stop contacting you with promotional messages;
• Correct or update inaccurate or incomplete personal information we have about you;
• Delete all or some of the personal information we have about you (e.g., if it is no longer needed to provide Services to you);
• Stop using, and ensure that all third parties stop using, some or all of your personal information (e.g., if we no longer have a legal basis to process it); and
• Note any violations of the Privacy Policy.

For EU and UK users in cases where we act solely as controller, you can send us an email at legalnotices@freewheel.tv or write to us at: FreeWheel Media, Inc., 12th Floor, 1407 Broadway, New York, NY 10018, Attn: Legal Counsel. For EU and UK purposes, our data protection officer (DPO) can be contacted at dpo@freewheel.com. We will respond to your request within a reasonable timeframe. Please note that we may in some circumstances require that you validate your identity prior to processing your request. If we are unable to process your request, we will provide you with our reasons. If you are located in the EU or the UK, you have the right to lodge a complaint with your local data protection authority about our use of your personal information.

FreeWheel participates in the IAB Europe Transparency and Consent Framework (identification number 285) and complies with its Specifications and Policies.

Please contact us if you have any questions, comments or concerns about this Privacy Policy. To assist us in dealing with your request, please provide your full name and details of your query. However, please note that because Platform Data doesn’t include the corresponding user’s name or email address, we do not usually have a means to relate a particular request to the device or Cookie IDs we hold.

Where we act as processor, you should address your request to the Publisher(s) in question.

2.5 FreeWheel’s Role Under LATAM Data Protection Laws

For users in LATAM, including Brazil and Mexico, we act as controller and processor in the delivery of our Services, depending on the nature of the Platform Data and the processing that is taking place. Where we determine the means and purposes of the processing we act as controller and have legal responsibility under data protection legislation for the processing.

We Are A Controller:

• Of the FreeWheel ID (the unique user identifier we assign to enable us to recognise the users across all our Publisher customers, such as for frequency capping);
• When we use personal information for anti-fraud purposes;
• When we use personal information for our own internal reporting and analytics purposes;
• When we use personal information to improve FreeWheel’s Services and products;
• When we provide Services where we select Media Buyers and/or DMPs, such as Managed Service or Data Suite; and
• For logon credentials of FreeWheel customers’ authorised users who log onto and use its technology platforms in order to access the Services.

Legal Bases:

Brazil

For users in Brazil, in respect of each data processing activity we process your personal data in accordance with the legal basis set forth in the Brazilian General Data Protection Law (LGPD) which include the following:

• We rely on legitimate interests to process Platform Data for anti-fraud purposes, internal reporting and analytics, existing product improvement, and authorised user logon.
• We rely on consent for other processing of personal information, including audience targeting functions.
• We may process your personal data to ensure we perform our legal and regulatory obligations, such as storing access records, including IP addresses, date, and time of access, for a minimum period of 6 months, according to article 15 of the Brazilian Civil Rights Framework for the Internet.
• We may process your personal data to exercise or defend our legal rights against potential, threatened or actual judicial, administrative, or arbitration proceedings.

Mexico

For users in Mexico:

• we process your personal data on the basis of consent.
• please note that the use of user information as set out in (e) in section 2.2 How We Use and Share Your Information above is considered a voluntary purpose under Mexican law.
• to the extent that we act as a data controller and the data is considered personal data, we will undertake the transfers referred to in (a)-(c) in section 2.2 How We Use and Share Your Information above on the basis of your consent.

Your Rights and Our Contact Information

Where we act as controller, you have a right to request that we:

• Provide you information about how we use your personal information;
• Give you access to, and a copy of your personal information we hold in our systems;
• Oppose to the processing of your personal data for any other voluntary purposes or under other legitimate grounds, which includes stop contacting you with promotional messages;
• Correct or update inaccurate or incomplete personal information we have about you;
• Delete all or some of the personal information we have about you (e.g., if it is no longer needed to provide Services to you);
• Limit the use and disclosure of your personal data;
• Where applicable, revoke the consent you provided for the processing of your personal information.

You can contact the Data Protection Officer as set out below:

Brazil:
dpo_brazil@freewheel.com

Mexico:
dpo_mexico@freewheel.com

2.6 FreeWheel’s Role Under MENA Data Protection Laws

For users in MENA, including the UAE, we act as controller and processor in the delivery of our Services, depending on the nature of the Platform Data and the processing that is taking place. Where we determine the means and purposes of the processing we act as controller and have legal responsibility under data protection legislation for the processing.

We Are A Controller:

• Of the FreeWheel ID (the unique user identifier we assign to enable us to recognise the users across all our Publisher customers, such as for frequency capping);
• When we use personal information for anti-fraud purposes;
• When we use personal information for our own internal reporting and analytics purposes;
• When we use personal information to improve FreeWheel’s Services and products;
• When we provide Services where we select Media Buyers and/or DMPs, such as Managed Service or Data Suite; and
• For logon credentials of FreeWheel customers’ authorised users who log onto and use its technology platforms in order to access the Services.

Legal bases:

For users in UAE, in respect of each data processing activity we process your personal data in accordance with the legal basis set forth in the Federal Decree By Law No.45 of 2021 (UAE DP Law) which include the following:

• We rely on contract with Publishers to collect the requisite consent(s) to process Platform Data for anti-fraud purposes, internal reporting and analytics, existing product improvement, and authorised user logon including audience targeting functions.We may process your personal data to ensure we perform our legal and regulatory obligations, such as storing access records, including IP addresses, date, and time of access.
• We may process your personal data to exercise or defend our legal rights against potential, threatened or actual judicial, administrative, or arbitration proceedings.
   
  We may process your personal data on the basis that processing is necessary to perform a contract to which the data subject is a party, or to take measures at the request of the data subject with the aim of concluding, amending or terminating a contract.

Your Rights and Our Contact Information

Where we act as controller, you have a right to request that we:

• Give you access to, and a copy of your personal information we hold in our systems, and provide you with information about how we use your personal information;
• Rectify, correct or update inaccurate or incomplete personal information we have about you;
• If we fail to adhere to applicable data protection laws in the UAE, you also have a right to file a complaint with the UAE’s Office of Data Protection, which is the competent data protection authority in the UAE, once it becomes operational; and
• Delete all or some of the personal information we have about you (e.g., if it is no longer needed to provide Services to you);

The following rights only apply in certain circumstances, please contact us with any request you may have relating to processing of your personal data.

• Erasure – sometimes called the ‘right to be forgotten’, in certain circumstances, you have the right to have your personal data erased without undue delay;
• Restriction – you have the right to have our processing of your personal data restricted;
• Data portability – you have the right to receive the personal data concerning you that you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance; and
• Objection – you have the right to object to the processing of your personal data and stop it. In certain circumstances, you also have the right to object to decisions resulting from automated processing, including profiling, particularly if such a decision has a legal impact on or adversely affects you.

You can contact the Data Protection Officer as set out below:

dpo_mena@freewheel.com

2.7 FreeWheel’s Role Under Singapore Data Protection Laws

For users in Singapore, we act as controller and processor (or equivalent concept under applicable data protection laws) in the delivery of our Services, depending on the nature of the Platform Data and the processing that is taking place. Where we determine the means and purposes of the processing we act as controller and have legal responsibility under applicable data protection laws for the processing.

We Are A Controller:

• Of the FreeWheel ID (the unique user identifier we assign to enable us to recognise the users across all our Publisher customers, such as for frequency capping);
• When we use personal information for anti-fraud purposes;
• When we use personal information for our own internal reporting and analytics purposes;
• When we use personal information to improve FreeWheel’s Services and products;
• When we provide Services where we select Media Buyers and/or DMPs, such as Managed Service or Data Suite; and
• For logon credentials of FreeWheel customers’ authorised users who log onto and use its technology platforms in order to access the Services.

Your Rights and Our Contact Information

Where we act as controller (or equivalent concept under applicable data protection laws), you have the right to request we do the following, to the extent the right is applicable to you (which we will confirm on request):

• Give you access to, and a copy of your personal information we hold in our systems, and provide you with information about how we use your personal information; and
• Rectify or correct inaccurate or incomplete personal information we have about you.

You can contact the Data Protection Officer as set out below:

dpo_singapore@freewheel.com

2.8 United States Residents of California

The California Consumer Protection Act (CCPA) provides California residents with specific rights regarding their personal information. This subsection describes our personal information collection and disclosure practices, and explains how California residents can exercise their rights. These rights apply to all residents of California, regardless of whether you are a consumer or business contact. As a California resident, you have a right not to receive discriminatory treatment, including the right not to be retaliated against, for the exercise of your privacy rights.

To review the number of requests we have received over time and how we have complied with those requests, please view our Individual Rights Annual Report – January 1, 2023 – December 31, 2023.

Notice of California Consumer Data Collection and Sharing Practices

This Privacy Policy includes descriptions of our data collection practices, including the personal information we collect, the sources of that information, the purposes for which we collect information, and whether we sell or share that information to external parties. We may use any of or all the information for any of the purposes described in this Privacy Policy, unless limitations are listed. Some of the categories include very different types of information within the same category and certain personal information may fall into multiple categories. How we use and how long we keep the information within each category will vary and not all types of information within the same category will be used for all of the purposes listed.

California law also requires us to provide information regarding the criteria we use to determine the length of time for which we retain personal information. We use the following criteria: (1) the business purposes for which the information is used, and the length of time for which the information is required to achieve those purposes; (2) whether we are required to retain the information in order to comply with legal obligations or contractual commitments, or retention is otherwise necessary to protect our or others rights; (3) the privacy impact on the consumer of ongoing retention, including the consumer’s likely expectations in light of the sensitivity of the information; and (4) the manner in which information is maintained in our systems and how best to manage the data in light of the volume and complexity of those systems. Individual pieces of personal information such as those listed below may exist in different systems that are used for different business or legal purposes. A different maximum retention period may apply to each use case of the information. For more information about the retention of cookie data, please see click here.

The CCPA requires us to disclose the personal information we have collected about consumers in the past 12 months in the following categories:

• Identifiers: We collect IP addresses and unique identifiers (such as account identifiers, cookie identifiers, and device IDs).
• Sources: From our systems when you interact with our Services, and from third parties.
• Purposes: To provide our Services, and to make improvements to our existing Services and create new products, services, and features.
• Commercial Information: We collect purchasing tendencies or histories from third parties and connect that data to the categories of personal information listed here.
• Sources: From our systems when you interact with our Services and from third parties.
• Purposes: To provide our Services, and to make improvements to our existing Services and create new products, services, and features.
• Internet or Other Electronic Network Activity Information: We collect information about your internet service provider, as well as information regarding your interactions with websites and advertisements.
• Sources: From our systems when you interact with our Services and from third parties.
• Purposes: To provide our Services, and to make improvements to our existing Services and create new products, services, and features.
• Geolocation Data: We collect geolocation data.
• Sources: From our systems when you interact with our Services and from third parties.
• Purposes: To provide our Services, and to make improvements to our existing Services and create new products, services, and features.
• Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences or characteristics: We analyze your actual or likely preferences through a series of computer algorithms.
• Sources: From our systems when you interact with our Services and from third parties.
• Purposes: To provide our Services, and to make improvements to our existing Services and create new products, services, and features.
• Sensitive Personal Information: We process data related to race, ethnic origin, and precise geolocation.
• Sources: From third parties.
• Purposes: To provide our Services, and to make improvements to our existing Services and create new products, services, and features.

We share the above-listed information with service providers and contractors, which are external parties that we engage for business purposes and are restricted from using personal information for any purpose that is not related to our engagement. The categories of service providers and contractors with whom we share information and the service they provide are described in the Privacy Policy.

We may also disclose information to other external parties who are not listed here when required by law or to protect FreeWheel or other persons, as described in this Privacy Policy.

Access to Specific Information and Data Portability

You have the right to request that we disclose certain information to you about our collection and use of your personal information. Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• The specific pieces of personal information we collected about you.
• Our business or commercial purpose for selling or disclosing that personal information, if applicable.
• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: (1) sales, identifying the personal information categories that each category of recipient purchased; and (2) disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Correction

If we hold personal information that is not accurate, California residents have the right to request that we correct this information.

Deletion

You have the right to request that we delete personal information that we collected from you, subject to certain exceptions. We will delete (and direct our service providers and contractors to delete) your personal information from our records upon receiving your verifiable consumer request, unless an exception applies.

Do Not Sell or Share My Personal Information

On certain occasions, we sell or share information to third parties. The categories of these third parties are identified above in 2.2 How We Use And Share Your Information. An external party may be considered a third party either because the purpose of the disclosure is not an enumerated business purpose under California law, or because our contract does not restrict them from using personal information for other purposes. To “sell” personal information means to disclose it to an external party for monetary or other benefit. To “share” personal information means to disclose to a third party for cross-contextual behavioral advertising. We sell or share the following information:

• Identifiers: We provide unique personal identifiers, online identifiers, internet protocol address, or other similar identifiers to our Media Buyers.
• Internet or other Electronic Network Activity Information: We provide information regarding your interaction with an internet website, application, or advertisement with our affiliates, Media Buyers, data analytics providers, and audience measurement companies.

You have the right to opt out of this sale of your personal information. See 2.10 How We Use Cookies As Part Of Our Services below for more information. We do not have actual knowledge that we sell any personal information of individuals under the age of 16.

Exercising Your Access, Data Portability, Correction, Deletion, and Do Not Sell or Share My Personal Information Rights

To exercise your access, data portability, correction, deletion, and do not sell or share my personal information rights described above, please submit a request to us by either calling us at (888) 930-6228 or sending an email to: FW_California_Consumers_CCPA
_Data_Requests@freewheel.com.

You are not required to create an account with us in order to make a request. You may also make a request on behalf of your minor child. When making your request, please confirm the nature of your relationship with us and provide an appropriate form of identification to enable us to locate your personal information. If you use an authorized agent to submit an access or deletion request, the authorized agent must provide proof that you gave the agent signed permission to submit the request and their proof of identity.We may also require you to verify your identity directly with us. We will only use personal information provided in a request to verify the requestor’s identity or authority to make the request.

We are not required to provide personal information to you more than twice within a 12-month period.

Please note that, in relation to Platform Data, it is usually the case that we cannot respond to your request or provide you with your personal information because we cannot reasonably verify your identity or authority to make the request: because this data only contains identifiers which are not linked by us to your name, email or residential address or other information which allows us to verify your identity. Therefore, in relation to Platform Data, your request should be submitted directly to our customers. If we deny your request, you have the right to appeal our decision. To request an appeal, you must follow the instructions set forth in the denial.

Right to Limit Use or Disclosure of Sensitive Personal Information

California residents have the right to request that we limit our use and disclosure of certain sensitive personal information to certain limited purposes authorized by California law. To request that we apply this limitation to your sensitive personal information, please submit a request to us by either calling us at (888) 930-6228 or sending an email to FW_California_Consumers_CCPA
_Data_Requests@freewheel.com.

2.9 Important Information For United States Residents in Virginia

Virginia law provides Virginia residents with the right to access, delete, and correct certain personal information we collect about them, as well as to the restrict the use of that personal information for targeted advertising, restrict the “sale” of that personal information, and control our use of personal information that is considered sensitive. Virginia residents also have a right not to receive discriminatory treatment for the exercise of their privacy rights.

You or an authorized agent may submit a request to exercise your access, deletion, and correction rights by calling us at (888) 930-6228 or sending an email to FW_California_Consumers_CCPA
_Data_Requests@freewheel.com. To opt-out of targeted advertising and the sale of personal information, or to set preferences regarding our use of sensitive personal information, please submit a request to us by either calling us at (888) 930-6228 or sending an email to FW_California_Consumers_CCPA
_Data_Requests@freewheel.com. In addition, to manage the automatic sharing of information from our Sites for targeted advertising, you can update your cookie settings by setting your preferences on https://www.freewheel.com/cookie-settings. If we deny your request, you have the right to appeal our decision. To request an appeal, you must follow the instructions set forth in the denial.

2.10 How We Use Cookies As Part of Our Services

Like many companies, we use cookies (small files placed on your computer or device) and other common tracking technologies on the Services, including HTTP cookies, HTML5 and Flash local storage/flash cookies, web beacons/GIFs, embedded scripts, ETags/cache browsers, and software development kits (referred to together from this point forward as “Cookies,” unless otherwise stated). A Cookie will usually contain the name of the website from which the Cookie has come from, the “lifetime” of the Cookie (i.e. how long the Cookie will remain on your device), and a value, which is usually a randomly generated unique number.

In this subsection we provide more information about these Cookies.

Our Services enable our Publisher customers to use information captured through our use of Cookies to enhance the targeting of ads served through the Platform. The Cookie lifespan/duration referred to below may be less than stated where necessary to meet regulatory guidance in specific country locations. Subject to applicable laws, the duration of these Cookies may also be extended when you further interact with Publisher Content.

Cookies We Use When Providing Our Services And Their Duration

2.11 Opting Out of Targeted Advertising

If you opt out of targeted advertising, you will still see advertising, but it may be less relevant.

Online Behavioural Advertising:

We have elected to participate in the Digital Advertising Alliance (DAA) and the EDAA so you can elect not to receive targeted advertising from FreeWheel customers and other companies. You should check these links to understand which companies are engaged in targeted advertising and opt out if you wish to.

Desktop:

Click here to opt out of FreeWheel’s Services Cookies. If you choose to opt out of our Cookies, you will be opted-out for all of the customers that use our Services, which means ads delivered to your browser on behalf of our customers using our ad-serving technology will be re-served based only on the device information that is automatically transmitted in the Internet environment (i.e., no name, email or other details are involved that would directly identify the end-user). The information that is automatically transmitted includes your browser type, Internet service provider, information about the general content of the Site or page displayed on your browser, and other information provided by the Site or customer such as data reflecting you have opted out of our Cookies being dropped on your device. Please note if you use the above link to opt out of our Cookies, we use a Cookie to store this opt out preference which means if you erase or otherwise alter your browser’s cookie file (including upgrading certain browsers), or use a new or different computer, you may need to opt out again to restore your opt-out preference.

Mobile Devices:

To opt out of certain targeted advertising on your mobile device via your device’s identification number, follow the instructions below:

• For Android: (1) Open the Google Settings app on your device; and (2) select Ads.
• For iOS: devices with iOS 6 and above use Apple’s Advertising Identifier. To learn more about limiting ad tracking that uses this identifier, visit the Settings menu on your device.
• Location Tracking: Standard functionality of FreeWheel’s ad serving services to Publishers enables those Publishers to associate a zip code from the IP address FreeWheel collects when you view an ad FreeWheel has served. FreeWheel may, on behalf of a Publisher, use this location information to improve the relevance of ads you see. When FreeWheel facilitates the bidding of Publisher inventory as referred to above, we do not collect or utilize such location information.

The Services also enable FreeWheel to obtain precise information about your location from ads FreeWheel serves to your mobile device. In order to opt out of advertising that is targeted to your mobile device based on your location, either opt out of targeted advertising on your mobile device as described above, or turn off Location (note this may impact other functionality).

3. Site Visitors and Services: Additional Common Information

The following concepts also apply to the processing of personal information referred to in Sections 1 and 2:

3.0 International Transfer of Information

Our primary data centres are located in Europe (UK, France and Netherlands), Canada, Singapore, China and the USA. We comply with all applicable laws to protect the security of data during international transfer, for instance by using EC standard contractual clauses and appropriate supplementary measures when a transfer is made to a third party country that is not considered adequate by the EU Commission or the UK.

We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We commit to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) to address any privacy-related complaints from you. If you do not receive timely acknowledgment of your privacy-related complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you.

We may transfer your personal information to a different country which does not have an adequate level of data protection in accordance with the applicable laws. In these cases, we will implement appropriate safeguards to protect your personal information to ensure that the data transfer comply with the applicable laws and that there are appropriate security arrangements in place.

3.1 Security

We take appropriate technical and organizational measures to keep your personal information secure and where we share your data with third parties, we require them to do the same. The information is collected and stored in a manner that is appropriate for the nature of the data we collect and the need to fulfil your request. Access to your personal information is restricted to prevent unauthorised access, loss, modification or misuse and is only permitted among our staff on a need-to-know basis. If you have any questions about the security of your personal information, you can contact us at legalnotices@freewheel.tv.

3.2 Updates

This Privacy Policy is effective as of the date set out above. We encourage you to check this Privacy Policy from time to time. If we change it, we will notify you by posting the updated version of it here. If, however, we intend to use personal information in a manner different from that stated at the time of collection we will post a notice on our Sites for thirty (30) days in advance of such use and, where applicable, we will give you the opportunity to opt out.

3.3 Children

This Site and our Services are not intended to be used by children under the age of 16.

3.4 Third Party Sites

If you access the Sites via a third-party website, we encourage you to read their privacy policy and any terms and conditions to understand how they apply to any personal information you might permit them to share with us. Where our Sites or this Privacy Policy contain hyperlinks to third party websites, you leave our Site when you click through those third- party hyperlinks. We do not control those third-party websites or any of the content they contain, and we encourage you to read their privacy policies. We do not accept responsibility or liability in relation to your use of any third-party site that you access from our Sites, or which you use to access ours. You use such third-party sites at your own risk.

3.5 Contacts

For the purposes of European data protection law, a data “controller” is responsible for determining why your data is collected and how it is processed. You have certain rights regarding your personal information FreeWheel Media, Inc. processes as data controller. FreeWheel Media, Inc.’s address is 12th Floor, 1407 Broadway, New York, NY 10018. Our company in the European Union (EU) is Comcast International France SAS with offices in France, and our company in the United Kingdom (UK) is Comcast International Holdings UK Limited. You can write to us if you have any questions, comments or concerns about this Privacy Policy. To assist us in dealing with your request, please provide your full name and details of your query. To exercise rights where we are a controller, please email legalnotices@freewheel.tv. For EU and UK purposes, our data protection officer (DPO) can be contacted at dpo@freewheel.com.

3.6 TCF Attestation

FreeWheel participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. FreeWheel’s identification number within the framework is 285.