GeoRiot Privacy Policy

Overview

GeoRiot provides a set of services ("Services") to commercial customers ("Clients") for purposes of online marketing and sales of digital and physical products and services ("Products") to individuals ("Consumers"). The Services are provided to Clients worldwide, including in the United States ("U.S."), the member states of the European Union ("E.U."), and Switzerland.

The Services include the following:

  • Link Localization. Link Localization redirects Consumers to a page on a nationally- or regionally-specific international online marketplace, such as the iTunes and/or Amazon online international storefronts ("Storefronts"), that GeoRiot believes is most relevant for that Consumer based on a specialized link clicked on by that Consumer. Localization helps ensure that the Consumer sees fewer error messages, and helps improve a Consumer's buying experience by placing them in a storefront where shipping and tax rates are minimized, and currency and language are appropriate. Localization also helps ensure the proper use of nationally or regionally-specific affiliate programs.
  • Data Analytics. Our Data Analytics service provides Clients with marketing content based on data identifying the geographical location ("Location Data") and type of computer, tablet, smartphone or other device ("Device Data") used by a Consumer, as well as the Device's operating system and browser ("Software Data"), other applications on the Device, and previous transactions using the Device ("Transactions Data"). Our Data Analytics service helps Clients ensure that advertising content is relevant to the Consumer and appropriate to the country or region where the Consumer is located.

GeoRiot does not provide any products or services to Consumers or engage in transactions with them. GeoRiot also does not collect or use information such as names, addresses or other contact information, governmental or corporate identification numbers, account numbers or images, or other information which specifically identifies individuals ("Personal Data").

GeoRiot does collect and use information about Devices, such as Internet protocol ("IP") address numbers and operating system and browser information. GeoRiot also uses cookies to obtain information about Transactions using a Device. Because it may be possible to use some of this Location, Device, Software or Transaction information ("Potential Personal Information") in combination with other information to identify individual Consumers, as a matter of due diligence and prudence GeoRiot has taken appropriate measures to ensure the security, integrity and ethical use of such information. GeoRiot does not combine Potential Personal Information with other data to identify individuals for purposes of the Services.

Though not required, as a matter of prudence and due diligence, GeoRiot has elected to attest to its adherence to the U.S.-E.U. Safe Harbor Framework, the U.S.-Swiss Safe Harbor Framework, and the Privacy Principles established by the E.U. Commission.

Adherence to Privacy Principles

GeoRiot complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from E.U. member nations and Switzerland, with respect to Potential Personal Information, whether or not such information is in fact Personal Data for purposes of the Safe Harbor. GeoRiot has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view GeoRiot's certification, please visit http://www.export.gov/safeharbor/.

GeoRiot as Data Processor on Behalf of Clients

GeoRiot may under some arrangements act as a data processor of Personal Data on behalf of a Client. In such event GeoRiot shall only use or process such information as instructed by the Client, which is the data controller, and shall not control or share such Personal Data without direction from the Client. This relationship shall be specified by appropriate agreements between GeoRiot and any such Client, in compliance with the applicable E.U. requirements. For example, this might occur if the Client requested special analytical services involving Potential Personal Information which might permit some individual identification. This Privacy Policy will not apply to Personal Information subject to such agreements.

GeoRiot as Data Controller

In arrangements with Clients where GeoRiot is not a data processor for the Client, GeoRiot shall act as the data controller and comply with all applicable E.U. and Safe Harbor requirements.

Scope of Notice

This Privacy Policy is published to provide notice of GeoRiot's data collection and privacy practices to Consumers. However, GeoRiot does not typically interact directly with Consumers, since its presence on consumer-oriented websites, applications and other digital properties ("Client's Digital Properties") is limited to the GeoRiot Link in/on the Client's Digital Properties. GeoRiot therefore contractually requires its Clients to ensure their compliance with any legal requirements for notification to and consent by individuals with respect to their data collection and use practices involved in the Link Localization and Data Analytics services, as required in their applicable jurisdictions.

In addition, GeoRiot contractually requires its clients to comply with the Network Advertising Initiative Code of Conduct where it is applicable to their business. In particular, if a Client attempts to combine Personal Data with Potential Personal Information, it is required to notify the affected individuals and obtain their opt-in consent in accordance with the NAI Code of Conduct. If a Client collects data for interest-based advertising, it is required to clearly and conspicuously post a notice consistent with the NAI Code that contains:

  • a statement that data may be collected for interest-based advertising;
  • a description of types of data that are collected for interest-based advertising purposes;
  • an explanation of how, and for what purpose, the data collected will be used or transferred to third parties; and
  • a conspicuous link to an opt-out mechanism.

If GeoRiot should intentionally collect Personal Data directly from individuals for any other reason, GeoRiot will conform to the same standards.

Information Collected by GeoRiot

GeoRiot principally collects information through transactions that occur as part of "Link Localization." In this process a link, which promotes or sells a Product ("GeoRiot Link"), is posted on a Client's Digital Property, and points to an international retailer's digital storefront, as directed by the Client. When a Consumer clicks the GeoRiot Link, information is collected and transmitted to GeoRiot's servers. This information is automatically analyzed to identify the location and type of Device being used to access the link. Based on this information, the GeoRiot Link redirects the Device to a web page in regional or country-specific storefront of the international retailer ("Localized Page") which promotes or sells the Product.

GeoRiot uses cookies to store information about Transactions the Device has been used for ("GeoRiot Cookie"). The GeoRiot Cookie is set in the Device when the GeoRiot Link is clicked, and is used to store data about Transactions. The GeoRiot Cookie may be updated whenever the Device is used for a new Transaction.

GeoRiot does not create or administer either the Client's Digital Properties or the International Retailer's Storefront pages, does not provide content for either, and does not sell or promote Products on either. The only information GeoRiot collects from either Digital Property is that provided in response to the click on the GeoRiot Link.

GeoRiot may collect the following information from the Device used to click on the GeoRiot Link:

  • Device identification data, including any unique identifier assigned by the operating system of the Device which is intended to support advertising with mobile devices and tablets, such as Apple's Identifier for Advertising ("IDFA") or similar identifiers used on Android, Kindle or Windows Mobile Devices and tablets. The GeoRiot Cookie may also serve as a Device identifier. Device identification data is treated as Potential Personal Information.
  • The IP address of the Device in use. The IP address provides network information, which can often be used to determine the country, state and sometimes city and postal code where the Device is in use. The IP address is Location Information, which is treated as Potential Personal Information.
  • The URL of the referrer, which is the Digital Property on which the originating GeoRiot Link is sited. The referrer URL is not treated as Potential Personal Information.
  • User agent information which identifies the operating system and browser used by the Device in use. User agent information is treated as Potential Personal Information.
  • Product identification information, such as metadata for an iPad app that was used or open on the Device, or Products the Device was used to view. Product identification information is not treated as Potential Personal Information.
  • Information about previous Transactions, if a GeoRiot Cookie or certain other device-related information is present. Transaction Information is treated as Potential Personal Information.

In addition, GeoRiot may collect the following information from third party sources:

  • Product information including Product price, genre, name, developer, publisher, and other general information published by the International Retailer, developer or other third party. Product Information is not treated as Potential Personal Information.
  • Limited purchase information obtained by the International Retailer in a Transaction, such as the number of Products purchased, a list of items (or categories of items), purchase prices, and timestamp of the Transaction. Purchase information is considered Transaction information and is treated as Potential Personal Information. Purchase information is collected and provided to GeoRiot by Clients, who are responsible for ensuring that any individual consent or authorization required for its use by GeoRiot has been obtained.

GeoRiot does not collect any other information that might be considered, or might be used to derive, an individual's Personal Data, sensitive or otherwise.

GeoRiot's services are only offered to individuals who are 18 years of age or older. GeoRiot does not knowingly collect or maintain any Personal Data from individuals who are under 13 years of age, and no aspect of the Services is designed to attract people under the age of 13. If GeoRiot obtains knowledge that a Consumer is under the age of 13, GeoRiot will remove Potential Personal Information with respect to that individual from its databases.

Use of Information by GeoRiot

GeoRiot may use Potential Personal Information it obtains as follows:

  • For purposes of Link Localization, to redirect Consumers from digital properties to appropriate Storefronts.
  • For purposes of Data Analytics, to create reports of Client marketing activities using GeoRiot Links. Reports include aggregated information about matters including click trends, geographic information, sales and commissions data, separately or in combination, based on Data collected by GeoRiot. Reports may be filtered based on specified parameters (e.g. number of clicks per day per specific location; clicks from specific referrers or from Devices using specific Software; etc.).
  • For purposes of Data Analytics, in aggregated data sets to support specific marketing strategies and Product and advertising content offerings, based on correlations of various types of Data with different Transactions. For example, a specific Device might have a high correlation with purchases of specific types of games, and low correlation for business software. When Device information indicates that the Device is being used and the available Data indicates it probably does not have a certain game already installed, a Client may elect to show an ad for the game instead of an ad for a business app.
  • For purposes of GeoRiot's internal management and administration, and fulfillment of its legal responsibilities or protection of its legal interests.

Disclosure or Onward Transfer of Information

GeoRiot may disclose or provide Potential Personal Information to third parties as follows:

  • To a Client for purposes of Data Analytics, as part of aggregated data in a report or data set.
  • To a subsidiary or affiliated company of GeoRiot, subject to their compliance with this Privacy Policy.
  • To a third party services provider, such as a hosting or analysis service or a security consulting firm, for purposes of GeoRiot's internal management and administration or fulfillment of its legal responsibilities or protection of its legal interests, subject to contractual requirements for protection of the information consistent with this policy and E.U. and Safe Harbor requirements.
  • To governmental authorities or their legal designees, if required by applicable law.

Data Integrity

GeoRiot will take reasonable steps to ensure that Potential Personal Information is accurate, complete, current, and reliable for its intended use.

Choice

GeoRiot will provide Consumers the opportunity to opt-out if their Potential Personal Information is to be disclosed to a third party other than one disclosed in this Privacy Policy, or used for a purpose incompatible with the purpose for which it was originally collected or as otherwise permitted or authorized by the individual.

A Consumer may opt-out of any previously authorized or permitted disclosure of Device information by GeoRiot to Clients, by emailing us here.

In order to opt-out the Consumer may be required to provide the unique identifier for the Device. In order to make such an opt-out effective, GeoRiot may place an opt-out cookie on the Device. This opt-out cookie notifies GeoRiot not to use the applicable Device information to support delivery of advertising or other content, or as part of aggregated information. Because the opt-out is specific to a Device and not an individual Consumer, it will not be effective with respect to the Consumer as an individual, or to any other Device. GeoRiot may record and retain Device identification information in order to administer the opt-out.

GeoRiot may retain Device information that is subject to a Consumer's disclosure opt-out in accordance with GeoRiot's Data Retention Policy. The purpose of retaining such information is for GeoRiot's internal management and administration or fulfillment of its legal responsibilities or protection of its legal interests. Residual Device information may also remain within databases, access logs, and other records. GeoRiot is not responsible for updating or removing Device Information disclosed to third parties before the Consumer's opt-out.

GeoRiot does not collect, use or disclose sensitive information. In the event GeoRiot should do so, GeoRiot will give Consumers an explicit opt-in choice if their sensitive information is to be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or as authorized by the individual.

Access

GeoRiot provides Consumers with a tool to allow them to review and request that GeoRiot update or delete Potential Personal Information to the extent the information can be identified to the individual Consumer or is identifiable to a specific Device. To access this, email us here.

Security

GeoRiot maintains physical, electronic and procedural safeguards to protect Potential Personal Information, and continually monitors access to its systems to detect unauthorized attempts to gain access to such information. However, GeoRiot cannot guarantee that these safeguards will not be penetrated or compromised or that all information will remain secure under all circumstances.

Enforcement

The Federal Trade Commission may investigate violations of this Policy, and enforce compliance with the Safe Harbor and applicable law.

GeoRiot provides assurance of its compliance with this Privacy Policy by conducting internal assessments of its relevant practices internally. In the event such an assessment finds non-compliant privacy, corrective action plans will be developed to resolve the identified gaps in compliance, as well as preventive action plans to maintain compliance.

Any employee GeoRiot finds has violated this Policy will be subject to disciplinary action up to and including termination of employment.

Dispute resolution

Any questions or concerns about the use or disclosures of Potential Personal Information by GeoRiot or other matters subject to this Policy should be directed to the address given below. GeoRiot will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Privacy Policy. Disputes that cannot be resolved will be subject to arbitration by an arbitrator from the American Arbitration Association, under the rules of that Association.

Amendment of Policy

GeoRiot reserves the right to modify this Privacy Policy at any time without notice. If GeoRiot amends this Privacy Policy, notice of the amendment and the amended policy will be posted on the GeoRiot website and such other sites as GeoRiot may deem appropriate. Any amendment will be consistent with the requirements of the Safe Harbor and applicable E.U. law.

Contact Information

Please contact us at contact@georiot.com with any questions, comments, or concerns.

No credit cards, no obligation, and no subscription fees, ever.
© Copyright 2013 by GeoRiot