Privacy at 33Across
33Across, Inc. and its corporate group affiliates (collectively, “33Across”) provides online publishers and marketers (our “Clients”) with a suite of products and technologies (“Products”, or “Technology”) that provide insights into how content is consumed and shared on their web sites, monetize this content, and drive incremental traffic.
Privacy Practices For Our Technology
Overview of How We Use and Protect Information
33Across provides Products that enable Clients to gain insights into how their content is being consumed and shared by end-users. Using two distinguishable browser technologies – traditional cookie-based and innovative cookie-less – end-user data is collected across multiple websites to provide these insights. The data collected consists of behavioral information regarding the web pages they visit and/or the actions they take on websites, such as copying or sharing content, clicking on hyperlinks or advertising on the page, or signing up for products or services offered by our Clients. We use the collected information to target and display advertisements that may be of interest to users.
Some of our Products insert advertising from our partners on our Client websites. We record information that an ad was requested or shown, and any user interactions with the ad or the page where the ad appears. This information is used for analysis, reporting and troubleshooting.
We categorize website visitors with similar characteristics or interests into non-personally identified data segments and offer these segments to our Clients, improving their ability to deliver more relevant advertising or analytics. For example, if a person expresses an interest in comedy films by visiting a page with related content, our Technology would help our Clients characterize other people who are likely to enjoy comedy films based on similarities in browsing or sharing behavior.
We do not knowingly use information that comes from what we consider to be sensitive health information. We may use health-related segments that are inferred from data we collect but are not derived from sensitive health data. Click here for a list of the standard health-related segments that may be used by our platform.
Data Our Technology Collects through Client Websites
Personally Identified Information
When we refer to Personally Identified Information (“PII”) in this policy, we mean any information used or intended to be used to directly identify a particular individual, including name, address, telephone number, email address, financial account number, and government-issued identifier. We do not collect PII through Client websites via our Technology.
33Across collects only Device-Identified Information (“DII”) from the web pages where our Clients deploy our Products. When we refer to DII in this policy, we mean information that is linked to a browser, device, group of devices, but is not used or intended to be used to directly identify a particular individual. DII includes, but is not limited to, mobile device ID, hashed email address, the Internet Protocol (IP) address and metadata that your device uses to connect to the internet, browser type (for example Chrome, Safari or Mozilla), operating system (for example Windows or MacOS) and the URL of Client website pages or sections visited, as long as that data is not linked to PII.
Keep in mind that in certain contexts and jurisdictions, some information that we in this policy regard as DII, such as IP addresses, may nevertheless be regarded as “personal information” – for example, under privacy legislation in California and elsewhere. We do not, however, collect DII for visitors to Client websites whose IP address suggests that they are from European Economic Area (EEA) countries.
Privacy Practices For Our Website
Personally Identified Information
We collect PII exclusively on the 33Across Websites: our main company site (33across.com) and our publisher portal (platform.33across.com), when you choose to provide it to us. For example, you may choose to provide us PII about yourself by sending us an email, by completing an online form, or by registering for a login and password for the Products we offer. We use this information only to contact you to respond to your inquiry or manage your registered account.
Device Identified Information
33Across automatically receives and records certain DII from all visitors to our Websites, including your IP address, pages viewed, browser type, settings and language, the time/date of your visit to this Website, and the referring URL and your computer’s operating system. 33Across uses this DII to help diagnose problems with its server, analyze trends and administer the Website. However, keep in mind that some of this DII could be regarded as “personal information” under the privacy laws in California and elsewhere.
We use DII browser session cookies and persistent cookies in our Products and on our Website to provide, monitor, analyze, and improve our services. For more information about cookies please visit allaboutcookies.org.
We try and set cookies for first-time visitors to any of the sites that deploy our Technology or Products. If our cookie is already set on your browser, we know you are a returning visitor and log data using your existing cookie. You are always free to configure your browser to decline to receive cookies or clear your cookies, which will result in us treating you as a new visitor every time you encounter our Products on our Client websites. However, in order to stop data collection by 33Across, you have to explicitly opt-out, as described in the next section of this document.
We do not combine information collected through cookies with PII you may have provided to us when you registered for our Products or submitted a form through our Website.
Some of our business partners (for example, Google Analytics) or Clients may set or use their own cookies on our Website or through the Products we provide. However, we have no access to or control over these cookies. Some of our business partners may engage in cross-device mapping. In other words, our business partners may link the cookie data we gather to device identifiers concerning the same user. Our business partners may then share the cross-device mapping or other user data with us, for the purpose of personalized advertising.
Notification About Other Parties
The following disclosure is made pursuant to the California Online Privacy Protection Act: When you use our Website or websites of our Clients, other parties, such as Google, may collect DII about your online activities over time and across different websites or online services.
Our Cookie-less technology attaches a statistical DII to a user’s browser. This statistical DII is based primarily on the device’s IP address and metadata ordinarily present in the information sent between a user’s web browser and a web server. This metadata may include, for instance, the languages that the web browser accepts and prefers, the compression algorithm that the web browser accepts, and information about the browser type and version and operating system, vendor and version.
The statistical DII helps us to correlate an unnamed user to the URLs of Client website pages or sections that the unnamed user visited through their browser.
We refer to this as a “statistical DII” because it is not able to perform this correlation at 100% accuracy.
We also use two other different types of Cookie-less technologies. The first is a hashed (encoded) email address. Hashed encoding is a method that substitutes your actual email address with a long sequence of digits, and ensures that we cannot know what your email address actually is. Like other DIIs, the hashed email address is not used or intended to be used to directly identify you.
The second is mobile device advertising ID (MAID). This is a unique advertising-related identifier that is attached to your mobile device. Like other DIIs, the MAID is not used or intended to be used to directly identify you.
Information about your options for opt-out is provided below. However, please note that opting out does not mean you will no longer receive online advertising. It does mean that 33Across will no longer collect any data associated with your activities on any of our Clients’ websites.
33Across is a member of the Network Advertising Initiative (NAI) and adheres with the NAI’s Code. You may visit https://optout.networkadvertising.org to find out more about the NAI’s Self-Regulatory Program and to opt out of 33Across and other NAI member company advertising programs.
33Across is a participating company in the European Digital Advertising Alliance and adheres to the Interactive Advertising Bureau (IAB) Europe’s EU Framework for Online Behavioral Advertising. Learn more about online behavioral advertising, additional choices regarding the collection and use of data for online behavioral advertising, and how to file any consumer feedback or complaints with the national advertising Self-Regulatory Organization at https://www.edaa.eu/ and https://www.youronlinechoices.com.
We use persistent cookies and cookie-less technology to manage your opt-out status.
You may visit http://optout.33across.com to opt-out of data collection from 33Across, for both our cookie-based and cookie-less Technologies.
The 33Across Opt-out Tool itself relies on cookies and cookie-less technology to store and read your opt-out status. This means that if you use multiple computers or browsers, you will need to repeat the opt-out process for each computer and each browser. If you buy a new computer, change web browsers, update to a new version of your web browser, change IP addresses, or clear your 33Across cookies, you will need to perform the opt-out task again. Please note the following additional limitations of opting-out:
- In order for the opt-out tool to work on your computer for cookie-based identifiers, your browser must be set to accept cookies. If you clear your browser’s cookies, your opt-out cookies will also be removed and your opt-out will no longer be effective until you actively opt-out again.
- Because the statistical DII does not provide 100% accuracy, an opt-out you performed through a particular browser, particular device, and a particular type of Internet connection may not be effective for other browsers or browser settings, devices or types of Internet connection. Also, an opt-out you performed may effectively also opt-out other users such as those in your household who use the same kind of browser and browser settings, device and Internet connection
- Opting-out of us processing your hashed email address will only be effective for the particular email address you entered in the opt-out form.
- Opting-out of us processing your mobile device advertising ID (MAID) will only be effective for so long as your mobile device uses that MAID. If your device generates a new MAID (for example, when you reset your device’s settings), your previous opt-out of the MAID will not be effective unless you actively opt-out again with your newly generated MAID.
Additional Information for Data Subjects
in the European Economic Area
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) gives data subjects who are in the EEA the right to review, rectify, or delete their personal information.
However, as of July 1, 2020 33Across’ Products and Technology no longer collect new personal data from data subjects in the European Economic Area. In addition, we have fully discarded all personal data we had from data subjects in the European Economic Area as of September 30, 2020.
General Privacy Information
The security of your information is important to us. We take security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include firewalls and encryption, internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems. We restrict data access to a subset of 33Across employees, contractors and agents who need to know that information in order to operate, develop or improve our Products and services. These individuals are bound by confidentiality and data security obligations and may be subject to discipline, including termination, if they fail to meet these obligations.
No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.
We retain contact information submitted by Clients as long as they are actively registered for our Products. Data about users who contact us via our Website is retained as long as their interaction with us is active. Data about inactive Publishers or Website users may be deleted as space requires or in the normal course of business. You can request that your data be removed from our records by contacting us at email@example.com.
We retain non-personally identifiable user activity data collected through our Products for 90 days. Statistical summaries and data aggregations across many users’ activities may be kept for longer periods.
The Website and Products are hosted in the United States. If you access the Website or Products from the European Union, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure that differ from United States laws, please be advised that through your continued use of the Website or Products, you are transferring your PII and DII to the United States and you consent to that transfer. Additionally, you understand that your PII and DII may be processed in the United States.
Information Relating to Children
Protecting the privacy of children is very important to us. We do not knowingly collect any information from anyone under the age of 13 and no part of our Website or Products are designed specifically to attract people under the age of 13. If we are made aware that we have received any information from anyone under the age of 13, we will use reasonable efforts to remove that information from our records.
Disclosure of Information to Third Parties
We do not rent or share your PII with non-affiliated third parties without your consent. We may, however, share your PII with trusted third-party contractors who provide services for us. These third-party contractors are prohibited from using the information we provide for purposes other than performing services for us.
We may share DII collected on the Website or via our Technology with unaffiliated third parties. These also include third party marketing partners, with whom we share DII for commercial purposes. For example, we may disclose to a marketing data broker that our online advertisements offering ‘sports car’ test drives receive more clicks than those offering ‘mini van’ test drives.
We may disclose your information to third parties when we reasonably believe we are obligated to do so by law, and in order to investigate, prevent, or take action regarding suspected or actual prohibited activities, including but not limited to, fraud and situations involving potential threats to the physical safety of any person.
Finally, in the event we are acquired by or merged with a third-party entity or undergo another change of control, we reserve the right to transfer information, including any PII and DII, to a successor entity. You understand that we may not be able to control how your information is used in the event of such a change of control.
Conditions of Use
Questions or Comments?
Attn: Privacy Officer
229 West 28th Street, 4th Fl.
New York, NY 10001
Effective date of policy: May 27, 2021