Privacy Policy

[Last Modified: August 15, 2024]

This privacy policy (“Privacy Policy” or “Policy”) describes how Hivestack Technologies Inc., whichis part of the Perion Network Ltd group (“Hivestack”, “we”, “us”, or “our”) collect, use and disclose certain information, including your personal information and the choices you can make about that information.

Hivestack operates a marketplace which gives marketers a powerful solution to deliver digital out-of-home (“DOOH”) advertising campaigns. Hivestack has developed a proprietary technology platform that enables clients to reach their desired target audience and measure the efficacy of their campaigns through ad bidding and serving marketplace (“Services”). The Services further includes a platform which provides DOOH inventory operators (“Publishers”) and advertising agencies running campaigns on DOOH inventory (“Buyers”), as applicable, with BI and analytic reports and enable the optimization of ad campaigns and monitoring advertising operations running through the Services (“Platform”).

This Privacy Policy governs our processing practices when you merely visit and browse our website https://www.hivestack.com/ ("website"), or when you, either a Publisher or Buyer, use our Services, or when processing end user (“End User”) data received from our Data Brokers (as defined below).

For the purpose of this Privacy Policy a visitor, user of our Services, event attendees and recipients of marketing messages collectively shall be referred to as “you” unless the distinction is required.

This Privacy Policy applies to all users worldwide. If you are a resident of California, please refer to Section 13. Additional Privacy Information for California Residents for information about the categories of Personal Information we may collect and your rights under California privacy laws. If you are a resident of Colorado, Connecticut, Florida, Montana, Nevada, Oregon, Texas, Virginia, or Utah, please refer to Section 14. Additional Privacy Information for Certain United States Residents, which includes additional information about privacy rights for residents of certain U.S. jurisdictions.

1. POLICY AMENDMENTS:

We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent version of the Policy will always be posted on the website. The updated date of the Policy will be reflected in the “Last Modified” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Policy will become effective within 30-days upon the display of the modified Policy. We recommend you review this Policy periodically to ensure that you understand our most updated privacy practices.

2. CONTACT INFORMATION AND DATA CONTROLLER INFORMATION:

Hivestack Technologies Inc., (a member of the Perion Network Ltd group) incorporated under the laws of Canada, and it is the controller of your Personal Data.

You may contact us and our DPO as follows:

By Submitting the DSR form: https://wkf.ms/46qa7F7].

By Mail: 118 Rue Saint-Pierre, Montréal, QC H2Y 2L7, Canada.

By Email: privacy@hivestack.com

Representative for data subjects in the EU and UK:

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group, detailed below, as our privacy representative and your point of contact.

EU representative: Maetzler Rechtsanwalts GmbH & Co KG with a registered address at Schellinggasse 3/10, 1010 Vienna, Austria.

UK-GDPR representative: Prighter Ltd with a registered address at 20 Mortlake Mortlake High Street, London, SW14 8JN, United Kingdom.

Swiss FADP representative: Prighter CH GmbH with a registered address at Obergrundstrasse 17, 6002 Luzern, Switzerland

Prighter gives you an easy way to exercise your privacy-related rights (e.g., requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following websitehttps://prighter.com/q/11106546394 -OR- If you need you can also use the email "rep_perion@prighter.com".

3. DATA SETS WE COLLECT AND FOR WHAT PURPOSE:

You can find here information regarding the purposes for which we process your personal data as well as our lawful basis for processing, the definition of “personal” and “non-personal” data, and how it is technically processed.

Non-Personal Data

During your interaction with our website and Services, we may collect aggregated, non-personal non-identifiable information, which may be made available or gathered via your access to and use of the Services (“Non-Personal Data “). We are not aware of the identity of the user from which the Non-Personal Data is collected. The Non-Personal Data being collected may include your aggregated usage information and technical information transmitted by your device, such as: the type of browser or device you use, language preference, time and date stamp, country location, etc.

Personal Data

We may also collect from you, directly or indirectly, during your access or interaction with the website or Services, individually identifiable information, namely information that identifies an individual or may, with reasonable effort, be used to identify an individual (“Personal Data”). The types of Personal Data that we collect as well as the purpose for processing and the lawfulness are specified in the table below.

We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning a person's health or data concerning a person’s sex life or sexual orientation (“Special Categories of Personal Data”).

The table below details the processing of Personal Data, the purpose, lawful basis, and processing operations:

DATA SET

PURPOSE AND OPERATIONS

LAWFUL BASIS

WEBSITE

Online Identifiers and Usage Data:

When you access our website, we collect certain online identifiers such as: IP address, cookie ID, agent ID, unique identifiers (“Online Identifiers”).

We use tools, pixels and cookies, provided by third party analytic and marketing providers which collect online behavior data, insights and segments on website visitors so that we can detect if you are a potential partner. This data includes your click stream data, which sites your visited, which pages you viewed on our website, etc. (“Usage Data”). The Usage Data is usually connected to an Online Identifier.

Maintaining the Website, Marketing and Analytics:

First party cookies are strictly necessary and are used to enable the operation of the website. Third party cookies collect the Online Identifiers to provide us with analytic and marketing services.

We use Usage Data for our marketing purpose and for identifying potential partners and prospects.

We process the Online Identifiers and Usage Data through third party cookies based on consent which is provided through the cookie notice and consent manager. You may withdraw consent at any time by using the cookie preference settings available in the bottom on the page.

First party cookies are strictly necessary and processing of Online Identifiers is subject to our legitimate interest.

End User Consent & Privacy Preference

When you visit a website and before we collect the Online Identifiers, Usage Data, etc. for analytic and marketing purposes as described hereinabove, you will be presented with a cookie banner which is part of our cookie manager platform (“CMP”). Through this CMP you provide your preferences and consents with regards to the processing of data through these cookies and for which purposes. We log and keep your preferences through the CMP and share your preference with the third party tools and cookies placed on our website.

The collection and processing of your consent and privacy preferences enable us to (i) verify information about the transparency, consent, or objection to certain advertiser, processing activity etc. (ii) Retrieve or pass on consent strings to the vendors; and (iii) Respect signals communicated by a CMP.

This ensures that the tools, cookies and vendors that receive your Personal Data are aligned with your chosen preference.

We process such information subject to our legitimate interest as such processing is necessary in order to enable our service, comply with applicable laws, and to allow third party entities to respect your privacy preferences.

Contact Information:

If you voluntarily contact us, you may be required to provide us with certain information such as your name, job title, company name, email address (“Contact Information”) and any additional information you decide to share with us voluntarily. Further, when you sign up to our newsletter or event, you will be requested to provide your email address.

Newsletter Registration, Downloading reports and whitepapers, or Respond to a Query:

We will use your email in order to send you our newsletter and other marketing materials or to send you the blueprints you requested.

We will use this data to respond to your inquiry.

We process such Contact Information for the purpose of responding to your inquiry subject to our legitimate interest. We may keep such correspondence if we are legally required to.

We further process such Contact Information for the purpose of registering you to the newsletter, subject to your consent. You may withdraw consent at any time from the newsletter through the “unsubscribe” link within the email.

When we use the Contact Information for the purpose of sending you the whitepaper requests, we process such information subject to contract necessity.

Job Application Information:

In the event you apply for a position posted on our website and submit your CV we will process the information included in the CV and the application form, as further detailed in our Candidate Privacy Notice - https://www.hivestack.com/candidate-policy/

Recruitment:

Please refer to our Candidate Privacy Notice for further details.

We process such information subject to our legitimate interest.

If we process sensitive data to ensure diversity, we will do so upon your explicit consent, which you may withdraw at any time by contacting us.

BUYERS AND PUBLISHERS

Account and Email Address:

When the Publisher/Buyer uses our Service, they will create an account or be designated with an account, from which you may use the Service and review the reports. The account information includes your Contact Information, user name and credential. Further, we will send Buyers invoices, and materials and marketing content through the email information you (buyer and publisher) provided during your onboarding and creation of the Account.

Account information is processed solely to provide the Services.

We will further use the email provided to keep you updated with offers and content such as updates (“Direct Marketing”), new capabilities and features, and to send you invoices and supporting documentation.

Processed for the purpose of fulfilling our contract obligations with.

For Direct Marketing purposes we process such information subject to our legitimate interest. You can opt-out at any time, however certain content (such as invoices and other administrative e-mails) will still be sent.

Usage Data:

When you access and use the Services, we collect data on how and when you access the account and Services, this information includes access logs (which include your email or user name and the time stamp of your access), clicks and navigation on the platform, time and date the account was accessed and the duration of use.

We process the usage data for the purpose of fixing bugs and errors, security purposes, to understand how the Services are used and improve our services.

Usage data is used for our legitimate interest in improving our services.

Information Provided Through Support: If you contact us for support, we will process your Contact Information and any other information you provide us with

Support:

We process the information solely to provide you with the technical support needed.

Processed for the purpose of fulfilling our contract obligations with.

END USERS

MAIDs, Location Data and Segments: Hivestack partners with data providers (“Data Brokers”) which share with us precise location data- lat/lon (GPS-level data) associated with a mobile advertising ID (“MAID”), timestamp and accuracy.

Hivestack also receives pre-defined Audience Segments, which include merely list of MAIDs, from Data Brokers.

Hivestack does not receive personally identifiable data such as names, phone numbers, email addresses or physical addresses.

Running DOOH Campaigns:

Audience Creation: Buyer creates the required audience based on data provided by the Data Brokers.

Audience Concentration Score: understand the optimal times and locations to best reach defined audiences on DOOH screens. This allows Hivestack to deliver ads to DOOH screens and to understand movement patterns.

Measurement: to measure the impact of the DOOH campaign

we rely on our Data Brokers’ lawful basis, as applicable to the jurisdiction.

We may collect different categories of Personal Data and Non-Personal Data from you, depending on the nature of your interaction with the Services provided through the website and Platform, as detailed above. If we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal Data or for as long as it remains combined.

4. HOW WE COLLECT YOUR INFORMATION:

Depending on the nature of your interaction with us, we may collect the above detailed information from you, as follows:

Automatically, when you visit our website or interact with our Platform, including through the use of Cookies (as detailed below) and similar tracking technologies.

When you voluntarily choose to provide us with information, such as when you contact us, all as detailed in this Policy.

Provided from third-parties, such as our Data Brokers.

5. COOKIES AND SIMILAR TECHNOLOGIES:

We use “cookies” (or similar tracking technologies) when you access our website. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, as well as for statistical purposes, analytic purposes and marketing. You can find more information about our use of cookies by visiting the cookie preference link available at the bottom of the website.

6. DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH:

We share your data with third parties, including our advertisers and publishers or service providers that help us provide our Services. You can find here information about the categories of such third-party recipients.

CATEGORY OF RECIPIENT

DATA THAT WILL BE SHARED

PURPOSE OF SHARING

Buyers

End User Data (MAIDs)

Publishers’/Buyers’ advertising purposes.

Publishers

Service Providers

All data

We may disclose Personal Data to our service providers, contractors and third parties, including, but not limited to, our cloud and hosting provider, analytics and marketing providers, payment processors, CRM systems, Salesforce, etc., the service providers are limited by contracts which limit their use of the data, and requires implementing security measures. The service providers process the data solely to provide the needed services. These entities are prohibited from using your Personal Data for any purposes other than providing us with requested services.

Any acquirer of our business

All data

We may share Personal Data, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy.

Governmental agencies or authorized third parties.

Subject to law enforcement authority request.

We may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose.

When we share information with services providers, Publishers and Buyers, we ensure they only have access to such information that is strictly necessary for us to provide the Services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only while ensuring compliance with all applicable data protection regulations (such service providers may use other non-personal data for their own benefit).

7. DATA RETENTION:

In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to optout, where applicable. Mobile Device IDs (and associated location data) obtained from our Data Brokers are retained for up to 12 months.

Other circumstances in which we will retain your Personal Information for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.

8. SECURITY MEASURES:

We work hard to protect the Personal Data we process from unauthorized access, alteration, disclosure, or destruction. We have implemented physical, technical, and administrative security measures for the Services that comply with applicable laws and industry, such as encryption using SSL, we minimize the amount of data that we store on our servers, restricting access to Personal Data to Hivestack employees, contractors, and agents, etc. Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.

Please contact us if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party's attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.

9. INTERNATIONAL DATA TRANSFER:

Our data servers in which we host and store the information are located in the US and Frankfurt AWS. The Company’s HQ are based in Canada in which we may access the information stored on such servers or other systems such as the Company’s ERP, CRM, Salesforce, and other systems. In the event that we need to transfer your Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Furthermore, when Personal Data that is collected within the European Economic Area ("EEA") is transferred outside of the EEA to a country that has not received an adequacy decision from the European Commission, we will take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance with the provision of the standard contractual clauses approved by the European Union. Thus, we will obtain contractual commitments or assurances from the data importer to protect your Personal Information, using contractual protections that EEA and UK regulators have pre-approved to ensure your data is protected (known as standard contract clauses), or rely on adequacy decisions issued by the European Commission. Some of these assurances are well-recognized certification schemes.

10. USER RIGHTS

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.

The right to know what Personal Data we collect about you, the purpose of collection, with whom we share it, and additional information such as the categories of sources from which the Personal Data is collected – all as provided under this Privacy Notice;

The right to request access and inspect your Personal Data, which entitles you to review or receive a copy of certain Personal Data we hold about you;

The right to correct (“rectify”) inaccuracies in your Personal Data, which entitles you to have any incomplete or inaccurate Personal Data corrected;

The right to request deletion of your Personal Data, which entitles you to request us to delete Personal Data (subject to applicable Data Protection Laws, which permits the retention of certain Personal under certain circumstances);

The right to request to restrict processing of Personal Data, which entitles you to request to limit the purposes for which we process your Personal Data (subject to certain conditions under Data Protection Laws);

The right to object to processing of your Personal Data, which entitles you to object to our processing of your Personal Data (subject to certain conditions under Data Protection Laws);

The right to data portability, which entitles you to receive the Personal Data you have provided, in a structured, commonly used and machine-readable format and transmit it to another controller;

The right to withdraw consent, where we are processing your Personal Data based on your consent;

The right to be informed of automated decision making, which entitles you to be informed of instances where your Personal Data is used to render a decision based exclusively on an automated process;

Exercise your privacy rights without receiving discriminatory treatment by us; and/or

The right to appeal or lodge a complaint. If we decline to take action on your request, we will inform you without undue delay as required under applicable Data Protection Laws. For EEA/UK data subjects, you have the right to lodge a complaint with the applicable Data Protection Authority in the EU or the Information Commissioner in the UK. For Canadian data subjects, you have the right to lodge a complaint with the local Data Protection Authority as follows: (1) If you reside in Quebec, contact https://www.cai.gouv.qc.ca/; (2) If you reside in British Columbia, contact https://www.oipc.bc.ca/; and (3) If you reside in Alberta. Contact https://www.oipc.ab.ca.

The rights described above are not absolute rights and may be subject to certain legal, business or contractual requirements. Applicable laws may allow or require us to deny or partially deny your request.

You may exercise any or all of your above rights in relation to your Personal Data by filling out the Online Data Subject Request (“DSR”) form available here.

Certain rights can be easily executed independently by you without the need to fill out the DSR Form:

You can opt-out from receiving our emails by clicking “unsubscribe” link;

You can withdraw consent for processing Online Identifiers and Behavior Data, for analytics or marketing purposes, at any time be using the cookie settings on the website.

11. IBA OPT OUT OPTIONS

Interest-Based Advertising ("IBA"): We may “share” your Personal Data with third parties for personalized advertising purposes. If you wish to opt-out from the sharing of your personal data with third parties for the purpose of cross-contextual interest-based advertising there are many ways to do so, as further detailed below. Please note that even if you opt-out you may still see personalized ads based on information other companies and ad networks have collected about you, if you have not opted out of sharing with them.

Hivestack is a member of the Network Advertising Initiative (NAI), and we undergo annual certifications that we adhere to their strict Code of Conduct. To learn more about the NAI or how to opt out of receiving targeted advertising from other third party services that belong to the NAI, please follow this link.

For IBA opt out options on desktop and mobile websites, please visit:

Digital Advertising Alliance (US) https://www.aboutads.info/choices/

Digital Advertising Alliance (Canada) https://youradchoices.ca/en/tools

Digital Advertising Alliance (EU) https://www.youronlinechoices.com/

Google https://adssettings.google.com/authenticated

Google Analytics https://tools.google.com/dlpage/gaoptout

Global privacy control preference https://globalprivacycontrol.org/

Further, on every webpage or app you browse there are “cookie settings” through which you may opt out.

You may limit the disclosure of certain Information by your mobile device to us and Publishers by adjusting the settings on your mobile Device.

For iOS mobile Devices, go to “Settings” from your Device’s home screen; scroll down to “Privacy”; select “Advertising”; and turn on “Limit Ad Tracking.”

For Android mobile Devices, go to “Google Settings” on your Device; select “Ads”; and check the box labeled “Opt Out of Interest-Based Ads.”

Our data partners honor these “limit” or “opt out” instructions or “flags” by removing recognized Devices from our cross-app advertising or ad delivery and reporting solutions, on a going-forward basis.

12. ELIGIBILITY AND CHILDREN PRIVACY:

The Services are not intended for use by children (the phrase "child" shall mean an individual that is under the age defined by applicable law, which concerning the EEA is under the age of 16, and with respect to the US, under the age of 17), and we do not knowingly process children's information. We will discard any information we receive from a user that is considered a "child" immediately upon discovering that such a user shared information with us. Please contact us if you have reason to believe that a child has shared any information with us.

13. ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS

This section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”) effective November 2020, and as amended by the CPRA, effective January 1, 2023.

Please see the CCPA Privacy Notice which discloses the categories of personal information collected, purpose of processing, source, categories of recipients with whom the personal information is shared for a business purpose, whether the personal information is sole or shared, the retention period, and how to exercise your rights as a California resident.

14. ADDITIONAL PRIVACY INFORMATION FOR CERTAIN UNITED STATES RESIDENTS

Residents of certain U.S. states, including Colorado, Connecticut, Florida, Montana Nevada, Oregon Texas, Virginia, and Utah, may have additional rights under applicable privacy laws and be entitled to additional disclosures.

Consumer Rights:

Residents of certain U.S. states, including Colorado, Connecticut, Florida, Montana, Nevada, Oregon Texas, Virginia, and Utah, may have additional rights under applicable privacy laws, subject to certain limitations, which may include:

Access. The right to confirm whether we are processing their Personal Information and to obtain a copy of their Personal Information in a portable and, to the extent technically feasible, readily usable format.

Delete. The right to delete their Personal Information provided to or obtained by us.

Correct. The right to correct inaccuracies in their Personal Information, taking into account the nature and purposes of the processing of the personal information.

Opt-Out. To opt out of certain types of processing, including: (i) to opt out of the “sale” of their Personal Information; (ii) to opt out of targeted advertising by us; and (iii) to opt out of any processing of Personal Information for purposes of making decisions that produce legal or similarly significant effects.

You may submit a request to exercise most of your privacy rights under U.S. state privacy laws online using our DSR Form. When you submit a request, we will take steps to verify your identity and your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for denial and how to remedy any deficiencies, where applicable.