RECIPE INTO REALITY, INC. DBA CHICORY
Product Privacy Policy
Last updated on June 21, 2023 (“Effective Date”)
Recipe Into Reality, Inc. DBA Chicory (“Company”, “we”, “our”, or “Chicory”) understands that privacy is important to you, and this Chicory Product Privacy Policy (“Product Privacy Policy”) shows our commitment to privacy. This Product Privacy Policy provides information about how we collect, use and disclose information through the suite of software products and services we provide (the “Chicory Product” or “Product”). If you’re looking for information about our corporate website and related activities (the “Site”), please click here:
Please note that our privacy practices are subject to the applicable laws of the regions in which we operate. Accordingly, some additional region-specific terms will only apply to consumers located in those geographic regions, or as required by applicable law.
TABLE OF CONTENTS:
Background Information
There are three main categories of users of the Chicory Product: (1) content publishers (“Publishers”) who are typically the owners or operators of a food/cuisine related website, websites, or other content portals with the Chicory Product enabled and made available therein and thereon (each a "Publisher Media Property"); (2) advertisers who are promoting food/cuisine related brands, products, services, locations and other items either on their own behalf or the behalf of others (We collectively refer to both Publishers and advertisers as “clients” and we collectively refer to any and all data, content, and materials derived from or provided by Publishers and advertisers, as may be supplemented by us via the Chicory Product, as “Platform Data”), and (3) parties that view, access, interact with and/or use Chicory Product including to engage with the Publisher Media Property (an "users" or “you”). Chicory analyzes websites and apps in order to gain contextual insights from Publisher Media Properties and consumer purchase intent in and around food and related products and then uses those insights to enhance the user’s experience when interacting with a Publisher Media Property. The Product also provides a number of other advertising and marketing related features and functions, as described below. Additionally, Chicory connects Publisher Media Properties and/or Publishers with ecommerce retailers through the Chicory Product (and the Chicory Product may allow user interaction with the Chicory Product by and through widgets and buttons installed directly on a Publisher Media Property).
Our goal is to be transparent about our business by describing our technology in simple terms so that users can understand our practices. To help you further understand the technologies discussed in this Product Privacy Policy, we’ve included a Glossary below.
We know that this is complicated, so if you have any questions about this information, please contact us here.
Please note that this Product Privacy Policy does not govern the collection, use, and disclosure of information by our clients through their Publisher Media Properties, which is governed by their own privacy policies and practices.
What is the chicory product?
The Chicory Product can be broken up into subparts, some of which are described in our Terms (“Product Features”) that may be employed by a Publisher individually or in combination with one another:
In order to function property, the Product engages in a variety of digital advertising techniques, a number of which are further discussed in our Glossary, including interest-based advertising (also known as “IBA,” “cross context behavioral advertising,” or “targeted advertising”), real-time bidding (or programmatic) advertising, contextual advertising (showing ads to you based on the content you are viewing), and location-based advertising. Other key terms related to certain key technologies used within programmatic advertising, like ID syncing, cookies, beacons, non-cookie technology, and ad servers, are also defined within the Glossary.
The Product is operated by Recipe Into Reality, Inc. DBA Chicory.
WHAT PERSONAL INFORMATION DO WE COLLECT AND USE?
The Chicory Product is designed to collect and use data as described herein. The Product allows us to collect and use Platform Data, and in many cases we do so on behalf of our clients. The Product ingests information provided by third-party sources to allow Company (on behalf of clients) to use such data to target ads. To do this, clients and data providers may use ID syncing to enable the use of this information through the Platform. Chicory does not collect, use, or allow its clients to transfer to or use on the Platform, data that, by itself, directly identifies an individual, such as name, address, phone number, email address, or government identifier. Unless otherwise noted in this Product Privacy Policy, we also prohibit certain categories of sensitive data from being collected, used, or transferred through the Chicory Product.
When you visit a Publisher Media Property that uses, or when you otherwise interact, with the Chicory Product, we may collect information about you and your device. While this information does not enable us to directly identify you or other users (we do not know your name or contact information), that information may be considered “personal data” or “personal information” under applicable privacy laws. When we refer to “personal information” and “personal data” throughout this Product Privacy Policy, we intend for those references to include all information encompassed by the relevant privacy laws, where those laws apply.
We collect identifiers that help recognize particular mobile devices, computers, or connected devices without identifying the device’s user, including IP addresses, cookie identifiers, device identifiers, or other identifiers, along with other information about devices. We also collect information about webpages or apps in which users view content, along with other data made available to us by Publishers. That data helps our partners deliver appropriate advertisements to consumers.
Specifically, the information we collect and/or receive may include:
Information about users and their behavior on Publisher Media Properties, or other properties on which our Product may function, or on which our or our clients’ ads, product-related links, or other content or technology may appear or be placed, including domain name, referring website addresses, date and time of visits, viewability data (e.g., information about ads served, viewed, or clicked on, including the type of ad, where the ad was served, and whether you visited the advertiser’s website or downloaded the advertiser’s app), keyword searches, visitor activities, exit pages, platform type, video titles, video player size, and imprecise location information;
Information about your browser, including browser type, version, language, and history;
Information about your internet service provider, including which you use;
Information collected when and where we serve ads;
Click and engagement data;
Aggregated or de-identified data from our clients that impacts the serving of advertisements, but we do not determine your actual identity from such aggregated or de-identified data. Such aggregated or de-identified data may include encrypted or hashed forms of personal information, such as an email address.
Imprecise geolocation information if a Publisher Media Property shares it with us. In some cases we may also derive imprecise geolocation information based on your IP address. Although we do not currently derive or collect precise geolocation information from an IP address or otherwise, we reserve the right to do so in the future.
Information from third parties that provide user demographic information or information about user preferences, patterns, click and video interactions, or behaviors or interest information.
Information from advertisers or advertising platforms that is used to match open advertising inventory owned by Publishers with the right advertisements.
We or our clients and partners may also collect and store inferences about user activity using our Platform.
How do we collect PERSONAL INFORMATION?
The Product uses cookies, pixels, beacons, tags, SDKs, and some non-cookie technologies to collect and store Platform Data about web browsers and devices across web sites and apps and over time.
Cookies help match open advertising inventory owned by publishers with the right advertisements. We may perform ID syncing between publisher cookies, Chicory cookies, third party data provider cookies, and/or advertiser cookies.
We may use other technologies, including non-cookie technology, to collect information to assist in ad delivery, provide reporting, or measure user interactions with ads.
We may work with third party platforms, including advertising platforms that collect information to allow us and our clients and partners to deliver targeted advertisements. For example, third party advertising companies use information about your visits to websites or applications across devices to provide you with ads that are likely associated with you. Those advertisers may use this data in combination with information we collect about users to deliver targeted ads across devices. Publishers may use that combination of data to offer audience segments, or groupings of audiences, on Publisher Media Properties as ad inventory for purchase.
For more details regarding Platform Data and some of the technologies used by the Product, please see our Glossary.
Information Our Clients, Partners, and Vendors Collect
Our clients, partners, vendors, and our client’s vendors who use our technology may use their own tags, pixels, cookies, or other technology or third party technology within ads and on websites. Chicory is not responsible for the use of such tracking technologies or for their privacy practices.
How do we use personal information?
Chicory uses the Platform Data to provide, operate, manage, maintain, and enhance the Product. The Product enables Chicory's clients to take advantage of the Product Features and other product functionality. Chicory staff also give "hands-on" help to clients and often provide a “managed service”, for example by configuring and sometimes executing advertising campaigns for clients to best meet their objectives. Chicory, on behalf of itself or its clients and/or partners, may also use information we collect for the following business and commercial purposes, some of which are “business purposes” under the California Consumer Privacy Laws (as defined below).
To enable ourselves, our clients and our partners to buy and sell ads, including through Interest-based advertising, also known as “IBA” or “cross-context behavioral advertising,” or to enable other advertising and marketing services (You can opt out of interest-based advertising through the Chicory Product by clicking here).
Limiting the number of times a user sees a particular ad
Showing ads in a particular sequence;
Customizing ads to a particular location;
Showing ads related to the content of the web page on which they are shown;
Determining how users respond to ads;
Reporting aggregated statistics regarding, for example, the effectiveness of online advertising campaigns;
Compiling, analyzing, and reporting other statistics about the transactions occurring through our Platform;
Conducting research and development for our own or our clients’ internal business purposes, such as analyzing campaign forecasts and conducting machine learning to help our clients improve their sales of ad space and delivery of ads to you;
The Product may use Platform Data in order to serve or measure advertising on related devices on behalf of our clients;
To create or enhance user data and create data products and audience segments;
To conduct internal research and auditing activities, including for technological development and demonstration, and as necessary to ensure the proper functioning of the Platform;
Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
Debugging to identify and repair errors that impair existing intended functionality;
For short-term transient use, including as a permitted business purpose under the California Consumer Privacy Laws, as defined below;
To perform services on behalf of our Clients or partners;
Undertaking activities to verify or maintain the quality or safety of the services or devices owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the services or devices owned, manufactured, manufactured for, or controlled by us;
Complying with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, or for other purposes, as permitted or required by law;
To enable cross-device mapping and/or ID syncing in order to serve or measure advertising on related devices on behalf of our clients and partners; and
As necessary or appropriate to protect the rights, property, and safety of our users, us, and other third parties.
Some uses of data may constitute the sale or sharing of personal information under the California Consumer Privacy laws, including:
Delivering targeted advertising to users and for certain measurement and analytics purposes;
Creating certain kinds of audience segments as advertising opportunities.
Sharing of Your Personal Information
Chicory may disclose information collected as follows:
Clients have access to certain Platform Data for their own use.
Chicory may provide Platform Data to partners and service providers for the purpose of operating, managing, maintaining, or enhancing Chicory’s Product and services, including providing ad targeting services, for the safety and security of the Product and the online industry, as required or permitted by law, or for other commercial or business purposes described in the section above.
We may share information, including Platform Data, with clients (including vendors acting on their or our behalf) and/or other partners to help clients make buying/selling decisions on Publisher’s Publisher Media Properties. Clients may use this information in combination with other information to provide users with targeted advertising.
We may share information in connection with an actual or proposed sale or transfer of all or a part of our business or assets, corporate merger, consolidation, or bankruptcy.
We may share information with law enforcement, regulatory authorities, courts with competent jurisdictions, emergency services, or other necessary third parties for legal, protection, security, and safety purposes, including: to comply with laws or regulations and respond to lawful requests or legal process; to protect Chicory’s rights and property or the rights or property of our agents, affiliates, clients, or partners; to enforce our agreements, policies, and terms of use; and/or to protect the safety of our employees, agents, customers, or third parties.
We may share information with vendors or service providers who provide services on our or our clients’ behalf and require access to such information to do so. Examples include: analyzing data, hosting or providing data, auditing, or providing technical support.
We may share information with our partners to enable those partners to provide services to us or our clients, or to use the data for their own purposes.
We may also share aggregated data.
HOW IS THE INFORMATION STORED AND HOW LONG IS IT KEPT?
Platform Data is stored using generally accepted security standards, and is retained as long as reasonably necessary for the business and commercial purposes noted above.
YOUR CHOICES
There are many ways to opt out of receiving targeted advertising that we may facilitate using our Product or other technology. Different devices use different technologies and identifiers, so users must separately opt out from each browser and device. Once you opt out of our targeted advertising, your personal information will no longer be processed for targeted advertising on that device or browser.
Website Display
If you do not want information about websites you visit to deliver targeted ads to you, you may opt out by clicking here.
We comply with opt-out requests by placing an "opt-out cookie" on your computer or device. Consequently, if you clear your Cookies on that computer or device, we will not be able to read our "opt-out cookie" and may resume collecting information from that computer or device for purposes of retargeting. Similarly, an opt-out request will not be effective on other browsers, computers, or devices you may use if you have not opted out while using that browser, computer, or device.
Please note Cookies are browser and device specific, so you must opt out on all of the browsers (e.g. Chrome, Safari) and devices (e.g. laptop, smartphones) you use.
Additionally, you can use the following mechanisms to opt out of targeted advertising:
Chicory is a member of the Digital Advertising Alliance (“DAA”) and adheres to the DAA Self-Regulatory Principles. Accordingly, you can opt out of targeted advertising by companies adhering to the DAA Self-Regulatory Principles, including Chicory, by visiting the DAA’s opt out page found at http://www.aboutads.info/choices/.
Note that you will still see ads on your devices and webpages after you opt out, but those ads may be less relevant to you. Website display opt outs operate by placing a cookie on your device that is unique to the browser and device used to opt out. Those cookies may not function properly if your browser is configured to reject certain cookies. If you change browsers or your device, or delete the cookies on your device, you will need to opt out again.
Mobile Apps and Location Data
Your mobile device may give you the ability to opt out of the use of information regarding the apps that you use for targeted advertising. You may opt out of the collection of location information by specific apps or from your entire device at any time by changing your preferences on your mobile device. Note that when location services have not been enabled in your apps, we may infer data about your location based on your IP address. For more information regarding your preferences and options, please see the link found here http://www.networkadvertising.org/mobile-choice and in the Cookies, Tracking, and Interest-Based Advertising section below.
Cookies, Tracking, and Interest-Based / Targeted Advertising
In addition to the opt-out tools noted above, if you would like to stop or restrict the placement of cookies or flush any cookies that may already be on your computer or device, please refer to and adjust your web browser preferences. Further information on cookies is available at www.allaboutcookies.org. By deleting our cookies or disabling future cookies, you may not be able to access certain areas or features of our Product or some of its functionality may be affected.
For clarity, cookie-based opt-outs must be performed on each device and browser that you wish to have opted out. For example, if you have opted out on your computer browser, that opt-out will not be effective on your mobile device. Additionally, if you opt out on one of your devices, that opt out may not be effective on all of your devices. You must separately opt out on each device.
Please note that cookie-based opt-outs are not effective on some mobile services. Users may opt out of certain advertisements on mobile applications or reset advertising identifiers via their device settings. To learn how to limit ad tracking or to reset the advertising identifier on your iOS and Android device, click on the following links:
iOS - https://support.apple.com/en-us/HT202074
Android - https://support.google.com/ads/answer/2662922?hl=en
You may also download and set your preferences on the DAA’s App Choices mobile application(s) available in Google Play or the Apple App stores.
Do Not Track
Some browsers have a “do not track” (also known as DNT) feature that lets you tell websites that you do not want to have your online activities tracked. Please note that, unless required by law, we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers. However, under the California Consumer Privacy Laws, as defined below, we rely on our Publishers to read and respect Global Privacy Control (“GPC”) signals for California consumers as an opt-out of the sale or sharing of personal information under the California Consumer Privacy Laws, as defined below, where the users’ web browsers support this signal and where the GPC signal remains present and readable.
your rights
These additional state privacy right disclosures provide additional information about our personal information processing practices relating to individual residents of the applicable states. Unless otherwise expressly stated, all defined terms in this Product Privacy Policy retain the same meaning in the disclosures below. The rights, to the extent those rights are applicable set forth below are granted only to the extent they apply and are enforceable in an applicable state.
Your California Privacy Rights
These provisions apply only to California consumers and supplement this Product Privacy Policy. The California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act of 2020 (“CPRA”), collectively referred to as “California Consumer Privacy Laws,” provide California consumers with specific rights regarding their personal information. This California Privacy Rights section describes your rights under the California Consumer Privacy Laws, explains how you may exercise your rights, and provides an overview on the types of personal information we collect.
California Consumer Privacy Laws provide you with the following rights:
Right to know. You have the right to know what categories and specific pieces of personal information we collect about you, the sources from which we collect personal information, our business or commercial purpose for the collection, use, and sharing of your personal information, and any categories of third parties to whom we sell or with whom we share your personal information.
Right to data portability. You have the right to request a copy of personal information we have collected and maintained about you in the past 12 months. California Consumer Privacy Laws allow you to request your information from us up to twice during a twelve (12) month period. We will provide our response in a readily usable format, which is usually electronic.
Right to delete. You have the right to request that we delete the personal information that we have collected from you and maintained, subject to certain exceptions. Please note that if you request deletion of your personal information, we may deny your request or may retain certain elements of your personal information if it is necessary for us or our service providers to:
Complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between our business and you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
Debug to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent.
To enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
Comply with a legal obligation.
Otherwise use the personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
Right to opt out of selling or sharing. At the time this Product Privacy Policy was last updated, we (1) SELL personal information; and (2) we SHARE personal information for the purpose of cross-context behavioral advertising.
You have the right to opt out of the sale or sharing of your personal information, along with the right to opt in to the sale of such information. If we sell or share any of your personal information, you may, at any time, tell us not to sell or share your personal information. You can make this opt-out request by clicking here.
We comply with opt-out requests by placing an "opt-out cookie" on your computer or device. Consequently, if you clear your Cookies on that computer or device, we will not be able to read our "opt-out cookie" and may resume collecting information from that computer or device for purposes of retargeting. Similarly, an opt-out request will not be effective on other browsers, computers, or devices you may use if you have not opted out while using that browser, computer, or device.
Please note Cookies are browser and device specific, so you must opt out on all of the browsers (e.g. Chrome, Safari) and devices (e.g. laptop, smartphones) you use.
Right to correct. You have the right to request the correction of any personal information we maintain about you.
Right to limit use or disclosure of sensitive personal information (“SPI”). Please note that we do not currently use or disclose sensitive personal information (“SPI”) for any purposes that require disclosure or opt out under the California Consumer Privacy Laws as we understand those laws. You have the right to limit the use or disclosure of your SPI if we are using your SPI beyond what is reasonable and proportionate to provide the requested goods or services.
Right to nondiscrimination. You have the right not to receive discriminatory treatment by us for the exercise of your CCPA privacy rights. Unless permitted by the CCPA, we will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
How to Contact Us About Your California Privacy Rights
You can submit a request to access, delete, limit, or correct your personal information, in addition to withdrawing consent and requesting to opt-out, using the methods below.
Calling us at +1-800-752-8901
Emailing us at privacy@chicory.co
Verification of Your Identity. After submitting a request, we will take steps to verify your identity in order for us to properly respond and/or confirm that it is not a fraudulent request. In order to verify your identity, we will request, at a minimum, that you provide your name, email address, phone number, address, and relationship to us, so that we can seek to match this information with the information existing in our systems. When providing us this information, you represent and affirm that all information provided is true and accurate. If we are unable to verify that the consumer submitting the request is the same individual about whom we have collected personal information, we may contact you for more information, or we may not be able to meet your request.
Only you, or an agent legally authorized to act on your behalf, may make a verifiable request related to your personal information. If you are making a request as the authorized agent of a California consumer, we will ask you also submit reliable proof that you have been authorized in writing by the consumer to act on such consumer’s behalf. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf.
Our Response Time to Your Request
We will make every effort to respond to your request within forty-five (45) days from when you contacted us. If you have a complex request, the California Consumer Privacy Laws allow us up to ninety (90) days to respond. We will still contact you within forty-five (45) days from when you contacted us to let you know we need more time to respond.
Our Information Collection Practices
Personal Information We Collect
The California Consumer Privacy Laws define personal information as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include:
Information that is lawfully made available from federal, state, or local government records;
De-identified or aggregated information; and
Information excluded from the California Consumer Privacy Laws such as health or medical information covered under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and financial information covered under the Fair Credit Reporting Act (“FCRA”) or Gramm-Leach Bliley Act (“GLBA”).
Information regarding our collection, use and disclosure of personal information are detailed in the general Product Privacy Policy that precedes this California Privacy Rights section. To help consumers make informed privacy decisions, the California Consumer Privacy Laws create and define categories of personal information, and our practices regarding personal information are organized below into the aforementioned categories. Please note that some types of personal information may apply to multiple categories.
Within the previous twelve (12) months, we have collected the following categories of personal information: identifiers, internet or other network activity information, user behavior such as internet browsing behavior, and geolocation data. To find details about the specific data points Chicory collects, please see the “WHAT PERSONAL INFORMATION DO WE COLLECT AND USE?” section above, and for details on how we use and disclose that information, please see the “HOW DO WE USE YOUR PERSONAL INFORMATION?” section above, which describes the business purposes for which that information is used.
Within the previous twelve (12) months, we have collected, disclosed, and, except where we act as a service provider, may sell or share the following categories of personal information for business or other commercial purposes to the following categories of recipients:
Category of Personal Information | Categories of Recipients | Sold or Shared? | |
---|---|---|---|
Identifiers, including device identifiers | Chicory clients, data analysis partners, advertising technology partners, which may include advertising networks, internet service providers, fraud prevention partners, cloud providers, publishers, service providers, third parties | Yes, in certain circumstances, such as where we act as a third party or business, and where the recipient is not a service provider | |
Internet/Network activity information | Chicory clients, data analysis partners, advertising technology partners, which may include advertising networks, internet service providers, fraud prevention partners, cloud providers, publishers, service providers, third parties |
Yes, in certain circumstances, such as where we act as a third party or business, and where the recipient is not a service provider | |
Geolocation data | Chicory clients, data analysis partners, advertising technology partners, which may include advertising networks, internet service providers, fraud prevention partners, cloud providers, publishers, service providers, third parties |
Yes, in certain circumstances, such as where we act as a third party or business, and where the recipient is not a service provider | |
User behavior information | Chicory clients, data analysis partners, advertising technology partners, which may include advertising networks, internet service providers, fraud prevention partners, cloud providers, publishers, service providers, third parties |
Yes, in certain circumstances, such as where we act as a third party or business, and where the recipient is not a service provider | |
Inferences drawn from any of the categories described above to create a profile about a consumer reflecting the consumer’s preferences and characteristics | Chicory clients, data analysis partners, advertising technology partners, which may include advertising networks, internet service providers, fraud prevention partners, cloud providers, publishers, service providers, third parties |
Yes, in certain circumstances, such as where we act as a third party or business, and where the recipient is not a service provider | |
Commercial Information | Chicory clients, data analysis partners, advertising technology partners, which may include advertising networks, internet service providers, fraud prevention partners, cloud providers, publishers, service providers, third parties |
Yes, in certain circumstances, such as where we act as a third party or business, and where the recipient is not a service provider |
To find more details about the specific data points Chicory collects, please see the “WHAT PERSONAL INFORMATION DO WE COLLECT AND USE?” section above. For more details on how and to whom we disclose information see “SHARING OF YOUR PERSONAL INFORMATION” above.
For more details on how we use your information, please see the “HOW DO WE USE YOUR PERSONAL INFORMATION?” section above, which further describes the business and commercial purposes for which that information is used and disclosed, including the purposes for which the information is sold or shared. You can learn more about the sources from which we obtain personal information in the “WHAT PERSONAL INFORMATION DO WE COLLECT AND USE?” and “HOW DO WE COLLECT PERSONAL INFORMATION” sections above.
As noted, you can find additional information pertinent to California consumers throughout the Product Privacy Policy sections above, including information concerning our data collection, use, and disclosure practices.
CALIFORNIA “SHINE THE LIGHT”
Under California Civil Code Section 1798.83 (“Shine the Light”), California residents have the right to request in writing from businesses with whom they have an established business relationship: (a) a list of the categories of personal information, as defined under Shine the Light, such as name, email address, and mailing address, and the type of services provided to the customer that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. To request the above information, please contact us by email at privacy@chicory.co. If you do not want your personal information shared with any third party who may use such information for direct marketing purposes, then you may opt out of such disclosures by sending an email to us at privacy@chicory.co.
Your Nevada Privacy Rights
If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at https://info.chicory.co/contact-us or email us at privacy@chicory.co with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account.
Your Additional State Privacy Rights
Residents of Virginia, Colorado, Connecticut and Utah (“States”) have certain rights with respect to their personal information. These rights are established through the Virginia Consumer Data Protection Act (“VCDPA”), Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), and the Utah Consumer Privacy Act (“UCPA”) (collectively, the “State Laws”). The rights available to residents of these States are explained below.
The categories of personal information, which may be referred to from time to time within this section as personal data for consistency with the applicable State Laws, we process, our purposes for processing your personal data, the categories of personal data that we share with third parties and the categories of third parties with whom we share it are detailed above in this Product Privacy Policy.
Certain rights that you may have concerning your personal data are set forth in this Product Privacy Policy. The applicable State Laws provide you with the following additional rights, except where indicated otherwise below:
Right to know. You have the right to know and see what personal data we have collected about you.
Right to data portability. You have the right to obtain a copy of your personal data that you previously provided to us or that we have obtained in a portable and, when feasible, readily usable format, where the processing is carried out by automated means. Subject to certain exceptions, you may request such personal information free of charge once annually, except for Virginia residents, who may request such personal information up to twice annually.
Right to delete. Residents of Virginia, Colorado and Utah have the right to request that we delete the personal data we have collected about you; requests from Utah residents cover only personal information that you have provided directly to us. Please note that we may deny requests to delete if the requested deletion falls under an exception as set forth the applicable State Laws. Additionally, if you request deletion of your personal information and we have obtained such information from a third-party source, we may retain such data by keeping a record of the deletion request and the minimum data necessary to ensure that your personal information remains deleted from our records and that such retained data is not used for any other purpose, or we may opt you out of the processing of such personal information for any purpose except for those allowed under the applicable State Laws.
Right to opt out of selling or sharing. Residents of Virginia, Colorado, Connecticut and Virginia have the right to opt out of the sale of your personal data and/or the processing of your personal data for purposes of (i) targeted advertising or (ii) profiling that produces legal or similarly significant effects concerning you. Utah residents may opt out of the processing for the purposes described in (i) and (ii) of this paragraph. As of the latest date of the Product Privacy Policy:
We DO process personal data for the purposes of targeted advertising
We MAY sell your personal data in exchange for monetary consideration, as we understand the definition of “sale” under VCDPA.
We DO NOT engage in profiling decision based on your personal data that produce legal or similarly significant effects concerning you.
If you wish to opt out of the processing of your personal data for any of the purposes set forth in this sub-section, and your state of residence provides for such opt-out right, please click here.
Right to correct. You have the right to request that we correct inaccurate personal data.
Right to nondiscrimination. Residents of Virginia, Colorado and Connecticut have the right not to receive discriminatory treatment by us for the exercise of your VCDPA privacy rights. Unless permitted by the applicable State Laws, we will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Exercising Your State Law Privacy Rights
If you wish to opt out of the processing of your personal information for targeted advertising, please click here.
We comply with opt-out requests by placing an "opt-out cookie" on your computer or device. Consequently, if you clear your Cookies on that computer or device, we will not be able to read our "opt-out cookie" and may resume collecting information from that computer or device for purposes of retargeting. Similarly, an opt-out request will not be effective on other browsers, computers, or devices you may use if you have not opted out while using that browser, computer, or device.
Please note Cookies are browser and device specific, so you must opt out on all of the browsers (e.g. Chrome, Safari) and devices (e.g. laptop, smartphones) you use.
To exercise any of your State Law privacy rights, or if you have any questions about your privacy rights, you may contact us by:
Calling us at +1-800-752-8901
Emailing us at privacy@chicory.co
Verification of Your Identity. After submitting a request, we will take steps to verify your identity in order for us to properly respond and/or confirm that it is not a fraudulent request. In order to verify your identity, we will request, at a minimum, that you provide your name, email address, phone number, address, and relationship to us, so that we can seek to match this information with the information existing in our systems. When providing us this information, you represent and affirm that all information provided is true and accurate. If we are unable to verify using reasonably commercial efforts that the consumer submitting the request is the same individual about whom we have collected personal information, then we are not required to comply with the request; we may contact you for more information reasonably necessary to authenticate the request, but ultimately we may not be able to meet your request.
Except as required by law, only you may make a verifiable request related to your personal information. If you are making a request as the parent or legal guardian of a known child regarding the processing of that child’s personal information, we may ask you to submit reliable proof of your identity.
Our Response Time to Your Request
We will make every effort to respond to your request within forty-five (45) days from when you contacted us. If you have a complex request, certain State Laws allow us an extension of our time to respond. We will still contact you within forty-five (45) days from when you contacted us to let you know we need more time to respond and the reason for the extension.
Your Right to Appeal
If we decline to take action regarding a request that you have submitted, we will inform you of our reason for doing so, and for Virginia, Colorado, and Connecticut residents, provide instructions for how to appeal the decision. In the event that we do not respond to a request that you make pursuant to one of the privacy rights set forth in this Additional State Privacy Rights section, residents of those states will have the right to appeal our refusal to take action within a reasonable period of time after you receive our decision. Within 60 days of the time provided by your State Law of, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, we will also provide you with an online mechanism, if available, or other method through which you may contact the your state’s regulatory authority to submit a complaint.
Sensitive Data
The State Laws of Virginia, Colorado and Connecticut require companies to obtain a consumer’s affirmative consent before processing “sensitive data,” which may include, depending on the specific statute, information that reveals:
Precise Geolocation data
Racial or ethnic origin
Religious beliefs
A mental or physical health condition or diagnosis
Sex life or sexual orientation
Citizenship or citizenship status
Genetic data
Biometric data
Personal data regarding a known child
Contents of email
Social Security or other ID
We will not process any such sensitive data from Virginia, Colorado, or Connecticut residents without first obtaining your consent. Additionally, for Colorado residents, we will not process any Sensitive Data Inferences (as defined by CPA) without first obtaining your consent.
TRANSMISSION OF INFORMATION TO OTHER COUNTRIES
Chicory is located in the United States.
If you submit personal information to Chicory, your personal information may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. By submitting your personal information to us you agree to the transfer, storage, and processing of your personal information in a country other than your country of residence including, but not necessarily limited to, the United States.
Children's Privacy
Children under 16 years of age are not permitted to use the Product, and we do not knowingly collect information from children under the age of 16. By accessing the Product or using any services available through the Product, you represent that you are 18 years of age or older, or are 16 years of age or older and have valid parental consent to do so.
Security
Chicory uses industry-standard technical and organizational security measures to help protect information transmitted over or stored on our systems. Please note, however, that no transmission or storage of information can ever be guaranteed to be completely secure, though we do take all reasonable precautions to protect against security incidents.
Contacting Us
If you have any questions about our privacy or security practices, you can contact us by mail, telephone, or e-mail:
18 West 21st Street, 8th Fl, New York, NY 10010
+1-800-752-8901
If we need, or are required, to contact you concerning any event that involves your personal information we may do so by e-mail, telephone, or mail.
Changes to this policy
We update this Product Privacy Policy from time to time in our discretion and will notify you of any material changes to the way in which we treat personal information by posting an updated privacy policy or other notice on relevant areas of the Site. Any updated version of this Product Privacy Policy will be effective immediately upon the posting of the revised Product Privacy Policy unless otherwise specified. Your continued use of the Product or related services after the effective date of the revised Product Privacy Policy (or such other act specified at that time) will constitute your consent to those changes. However, where required by law, we will not, without your consent, use your personal information in a manner materially different from what was stated at the time your personal information was collected.
Glossary
Ad Server: An ad server, in its simplest form, is the computer responsible for delivering an ad to be shown in a web page or a mobile app. Today, communications may be sent to several servers in the process of selecting and delivering an ad. This occurs in a matter of milliseconds.
Beacons, Pixels, Tags, and SDKs: Beacons (also sometimes referred to as web beacons or pixels) and tags are elements included in web pages to enable companies to collect data, serve advertising, and provide related services, such as measuring ad effectiveness or preventing fake ad traffic. They do this by allowing communication between a web browser and a server. A beacon is a small transparent image that is placed on a web page. A tag is small piece of website code that is run by the web browser. An SDK is a piece of computer code that developers include in their desktop or mobile browsers and/or applications, or other software and which may collect certain data.
Cookie: A cookie is a small text file that is stored in a web browser by a website or ad server. By saving information in a cookie, websites and servers can remember preferences or recognize web browsers from one visit to another or from one website to another.
Cross-Device Mapping: Cross-device mapping is the process of making inferences that certain devices are related to each other (i.e. that they belong to the same user or household). This is done using either “statistical” or “deterministic” methods (or a combination). “Statistical” refers to using mathematical techniques to make intelligent guesses that certain devices are related. “Deterministic” means using known relationships, for example logins that use the same email address or other personal information, to link multiple devices to a single user. When this method is used companies typically mask the actual email address.
ID Syncing: ID syncing (sometimes also referred to as cookie syncing) is a common and long-standing process in the digital advertising industry. It enables advertisers to link up data from multiple advertising platforms, and helps advertisers buy ads in more than one place.
Here’s an example of how it works.
Let’s say you sell a product on your website. A customer visits your site. Your website stores a cookie to identify that customer’s browser, and the cookie contains an ID of 12345. You then associate that ID with information about what the customer shopped for on your site. If you want to then use that information to advertise to that user, you might go to an online advertising marketplace to buy ads. In order to buy the right ads and show them to the right user, you’ll need to match your ID, which is 12345 to the ID that the marketplace has assigned to the same customer (which let’s say for this example is ABCDE). The result is a record that says ID 12345 = Marketplace ID ABCDE. That way, when the marketplace offers to sell you an ad to be shown to ABCDE, your system will know that ABCDE is the same as 12345, and you can pick the right ad to show the customer.
Interest-Based Advertising / Targeted Advertising: Interest-based advertising (“IBA”) or targeted advertising (sometimes referred to as “cross-context behavioral advertising”) is advertising that uses information collected across multiple web sites or mobile apps to predict users' preferences and to show ads that are most likely to be of interest to them. For example, if a user visits a travel site or uses a travel app, she might see travel-related ads on another site or app. Advertisers may also use other information they have or can acquire about users’ interests. Users have choices with respect to this type of advertising, as discussed herein. Please note that differing state laws may have different ways of defining interest based advertising and/or targeted advertising and those terms as used herein shall have the meanings under each applicable law as appropriate.
Non-Cookie Technology: Companies including Chicory sometimes use alternative methods that perform functions similar to cookies, which may include pixels, beacons, and tags (as discussed above in this Glossary), in order to identify unique browsers or devices. For example, some platforms, such as Apple’s iOS and Google’s Play Services for Android, provide unique IDs to be used for advertising. Additionally, mathematical or statistical techniques are sometimes used to try to identify devices. These "Statistical Identifiers" are not 100% accurate. Non-Cookie Technology may be utilized both for Ad Delivery and Reporting (ADR), and as part of Interest-Based Advertising (“IBA”).
Platform Data: The Product is designed to use certain types of data, that all together we call Platform Data. It includes data generated through the Product as well as data clients or we receive from other sources and then use on the Product, or that they buy or sell through the Product. This may include information about Internet users’ browsers and devices, and about users and their behavior on Publisher Media Properties, or other properties on which our Product may function, or on which our or our clients’ ads, product-related links, or other content or technology may appear or be placed, such as: the type of browser and its settings, information about the device’s operating system, cookie information, information about other identifiers assigned to the device, and the IP address from which the device accesses a client’s website or mobile application - where we are entitled by law to do so, information about the user’s activity on that device, including web pages and mobile apps visited or used, information about the geographic location of the device when it accesses a website or mobile application, and inferences or information about users’ interests that are created, acquired, bought, sold, or used by our clients. Some of the data that the Product receives from browsers and devices might also be called “HTTP header data” or “clickstream data.” We do not allow data that by itself identifies an individual, such as name, address, phone number, email address, or government identifier, to be stored or used on the Product.
Precise Geographic Location: Your device may be capable of sharing your precise geographic location with the apps or web pages you visit using that device. Devices use one or more methods to determine your location, including GPS coordinates and information about wi-fi networks in your vicinity. (Less exact geographic location – like the neighborhood you may live in - determined from IP address is typically not considered to be “precise.”) Devices such as iPhone or Android phones typically ask for users’ consent before installing or using an app that accesses the device’s precise geographic location. The app, in turn, may make this information available to third-party advertising companies in order to make the ads you see more relevant.
Real-Time Transactions / Real-Time Bidding / Programmatic Advertising: Advertising buyers are able to bid in "real time" for the opportunity to show an online advertisement when a web page is loaded or an app is used. The winning bidder gets to show its ad. Of course, the explanations above are simplified. There are many resources available on the web to learn more about these concepts and online advertising in general. Although we have no responsibility for the content of these sites, we offer the following as good places to learn more:
OnGuardOnline.gov: onguardonline.gov
All About Cookies: www.allaboutcookies.org
Wikipedia: en.wikipedia.org/wiki/Online_advertising AboutAds.info,
For Consumers page: www.aboutads.info/consumers
About web browser cookie settings: