GeoRiot provides a set of services ("Services") to commercial customers ("Clients") for purposes of online marketing and sales of digital and physical products and services ("Products") to individuals ("Consumers"). The Services are provided to Clients worldwide, including in the United States ("U.S."), the member states of the European Union ("E.U."), and Switzerland.
The Services include the following:
GeoRiot does not provide any products or services to Consumers or engage in transactions with them. GeoRiot also does not collect or use information such as names, addresses or other contact information, governmental or corporate identification numbers, account numbers or images, or other information which specifically identifies individuals ("Personal Data").
Though not required, as a matter of prudence and due diligence, GeoRiot has elected to attest to its adherence to the U.S.-E.U. Safe Harbor Framework, the U.S.-Swiss Safe Harbor Framework, and the Privacy Principles established by the E.U. Commission.
GeoRiot complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from E.U. member nations and Switzerland, with respect to Potential Personal Information, whether or not such information is in fact Personal Data for purposes of the Safe Harbor. GeoRiot has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view GeoRiot's certification, please visit http://www.export.gov/safeharbor/.
In arrangements with Clients where GeoRiot is not a data processor for the Client, GeoRiot shall act as the data controller and comply with all applicable E.U. and Safe Harbor requirements.
In addition, GeoRiot contractually requires its clients to comply with the Network Advertising Initiative Code of Conduct where it is applicable to their business. In particular, if a Client attempts to combine Personal Data with Potential Personal Information, it is required to notify the affected individuals and obtain their opt-in consent in accordance with the NAI Code of Conduct. If a Client collects data for interest-based advertising, it is required to clearly and conspicuously post a notice consistent with the NAI Code that contains:
If GeoRiot should intentionally collect Personal Data directly from individuals for any other reason, GeoRiot will conform to the same standards.
GeoRiot principally collects information through transactions that occur as part of "Link Localization." In this process a link, which promotes or sells a Product ("GeoRiot Link"), is posted on a Client's Digital Property, and points to an international retailer's digital storefront, as directed by the Client. When a Consumer clicks the GeoRiot Link, information is collected and transmitted to GeoRiot's servers. This information is automatically analyzed to identify the location and type of Device being used to access the link. Based on this information, the GeoRiot Link redirects the Device to a web page in regional or country-specific storefront of the international retailer ("Localized Page") which promotes or sells the Product.
GeoRiot does not create or administer either the Client's Digital Properties or the International Retailer's Storefront pages, does not provide content for either, and does not sell or promote Products on either. The only information GeoRiot collects from either Digital Property is that provided in response to the click on the GeoRiot Link.
GeoRiot may collect the following information from the Device used to click on the GeoRiot Link:
In addition, GeoRiot may collect the following information from third party sources:
GeoRiot does not collect any other information that might be considered, or might be used to derive, an individual's Personal Data, sensitive or otherwise.
GeoRiot's services are only offered to individuals who are 18 years of age or older. GeoRiot does not knowingly collect or maintain any Personal Data from individuals who are under 13 years of age, and no aspect of the Services is designed to attract people under the age of 13. If GeoRiot obtains knowledge that a Consumer is under the age of 13, GeoRiot will remove Potential Personal Information with respect to that individual from its databases.
GeoRiot may use Potential Personal Information it obtains as follows:
GeoRiot may disclose or provide Potential Personal Information to third parties as follows:
GeoRiot will take reasonable steps to ensure that Potential Personal Information is accurate, complete, current, and reliable for its intended use.
A Consumer may opt-out of any previously authorized or permitted disclosure of Device information by GeoRiot to Clients, by emailing us here.
In order to opt-out the Consumer may be required to provide the unique identifier for the Device. In order to make such an opt-out effective, GeoRiot may place an opt-out cookie on the Device. This opt-out cookie notifies GeoRiot not to use the applicable Device information to support delivery of advertising or other content, or as part of aggregated information. Because the opt-out is specific to a Device and not an individual Consumer, it will not be effective with respect to the Consumer as an individual, or to any other Device. GeoRiot may record and retain Device identification information in order to administer the opt-out.
GeoRiot may retain Device information that is subject to a Consumer's disclosure opt-out in accordance with GeoRiot's Data Retention Policy. The purpose of retaining such information is for GeoRiot's internal management and administration or fulfillment of its legal responsibilities or protection of its legal interests. Residual Device information may also remain within databases, access logs, and other records. GeoRiot is not responsible for updating or removing Device Information disclosed to third parties before the Consumer's opt-out.
GeoRiot does not collect, use or disclose sensitive information. In the event GeoRiot should do so, GeoRiot will give Consumers an explicit opt-in choice if their sensitive information is to be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or as authorized by the individual.
GeoRiot provides Consumers with a tool to allow them to review and request that GeoRiot update or delete Potential Personal Information to the extent the information can be identified to the individual Consumer or is identifiable to a specific Device. To access this, email us here.
GeoRiot maintains physical, electronic and procedural safeguards to protect Potential Personal Information, and continually monitors access to its systems to detect unauthorized attempts to gain access to such information. However, GeoRiot cannot guarantee that these safeguards will not be penetrated or compromised or that all information will remain secure under all circumstances.
The Federal Trade Commission may investigate violations of this Policy, and enforce compliance with the Safe Harbor and applicable law.
Any employee GeoRiot finds has violated this Policy will be subject to disciplinary action up to and including termination of employment.
Please contact us at firstname.lastname@example.org with any questions, comments, or concerns.