CCPA Resource Page
The California Consumer Privacy Act (CCPA), which has become applicable on January 1, 2020, provides new privacy rights to Consumers (as defined in the CCPA), and imposes obligations on Businesses (as defined in the CCPA) when processing personal information.
What is BigaBig’s role under the CCPA?
The CCPA distinguishes between three roles for Businesses involved in the processing of personal information:
Based on our preliminary understanding and assessment of the CCPA and depending on the roles and responsibilities that will be passed to us by our clients and partners, BigaBid will typically assume the role of Service provider/Third party.
What does BigaBid do in order to comply with the CCPA?
BigaBid (Direct) Customer Data Sharing Addendum
This Data Sharing Addendum (“DPA”) forms an integral part of, and is subject to the BigaBid IO Agreement (“Agreement”), entered into by and between the Customer (as defined under the Agreement) (hereinafter referred to as “Controller” and “Data Discloser”) and BigaBid Media Ltd. (“BigaBid”) (hereinafter referred to as “Co-Controller” and “Data Receiver”). Controller and Co-Controller are hereinafter jointly referred to as the “Parties” and individually as the “Party”. Capitalized terms not otherwise defined herein shall have the meaning given to them in the Agreement.
You represent and warrant that you have full authority to bind the Customer to this DPA. If you cannot, or do not agree to, comply with and be bound by this DPA, or do not have authority to bind the Customer or any other entity, please do not provide Personal Data to us.
(A) Third Party Provider (Customer) agrees to share the Personal Data with Bigabid in the European Economic Area (EEA) on terms set out in the Addendum.
(B) Bigabid agrees to use the Personal Data within the EEA on the terms set out in this Addendum.
(C) This is a free-standing Addendum that does not incorporate commercial business terms established by the parties under separate commercial arrangements.
(D) With respect to the separate co-controllership of the parties and without the intention of entering into a joint-controllership as defined in Article 26 of the GDPR, this Addendum sets out the framework for the sharing of personal data between the parties and defines the principles and procedures that the parties shall adhere to and the responsibilities the parties owe to each other.
The following definitions and rules of interpretation apply in this Addendum.
means the purpose of processing personal data received from mobile application users.
this Addendum, which is a document that does not incorporate commercial business terms established by the parties under the master commercial agreement.
a day, other than a Friday, Saturday or public holiday in Israel, when banks in Tel Aviv are open for business.
the period from 9.00 am to 5.00 pm on any Business Day.
Controller, processor, data subject, personal data, processing, special categories of personal data, and appropriate technical measures: as defined in the Data Protection Legislation.
Personal Data Breach
a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Shared Personal Data
Data Protection Legislation
Israeli and any European Union legislation relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications); and the guidance and codes of practice issued by the relevant data protection or supervisory authority and applicable to a party.
Shared Personal Data
Data Subject Request
the exercise by a data subject of his or her rights under Articles 15-22 of the GDPR and the DPA 2018.
the relevant supervisory authority in the territories where the parties to this Addendum are established.
A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality).
A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.
Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular.
Unless the context otherwise requires, a reference to one gender shall include a reference to the other genders.
This Addendum shall be binding on, and ensure to the benefit of, the parties to this Addendum and their respective personal representatives, successors and permitted assigns, and references to any party shall include that party’s personal representatives, successors and permitted assigns.
A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time.
A reference to a statute or statutory provision shall include all subordinate legislation made from time to time under that statute or statutory provision.
A reference to writing or written includes email.
Any obligation on a party not to do something includes an obligation not to allow that thing to be done.
References to clauses are to the clauses of this Addendum.
Any words following the terms including, include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.
This Addendum sets out the framework for the sharing of Personal Data when one Controller discloses personal data to another Controller. It defines the principles and procedures that the parties shall adhere to and the responsibilities the parties owe to each other.
The parties agree to only process Shared Personal Data, as described in clause 4.1 of this Addendum, for the Agreed Purposes. The parties shall not process Shared Personal Data in a way that is incompatible with the Agreed Purposes.
Compliance with national data protection laws
Each Party must ensure compliance with applicable national data protection laws at all times during the term of this Addendum.
Each party has such valid registrations or paid such fees as are required by its national Supervisory Authority (if any) which, by the time that the data sharing is expected to commence, covers the intended data sharing pursuant to this Addendum, unless an exemption applies.
Shared Personal Data
The following types of Personal Data will be shared between the parties during the term of this Addendum:
Any changes to the categories of Shared Data under this Addendum shall be agreed in writing by the parties.
The Shared Personal Data must not be irrelevant or excessive with regard to the Agreed Purposes.
Lawful, fair and transparent processing
Each party shall ensure that it processes the Shared Personal Data fairly and lawfully in accordance with clause 5.2 of this Addendum during the Term.
Each party shall ensure that it has legitimate grounds under the Data Protection Legislation for the processing of Shared Personal Data.
The Customer shall, in respect of Shared Personal Data, ensure that it provides clear and sufficient information to the data subjects, in accordance with the Data Protection Legislation, of the purposes for which it will process their personal data, the legal basis for such purposes and such other information as is required by Article 13 of the GDPR including:
if Shared Personal Data will be transferred to a third party (excluding transfers by Customer to Bigabid, which are to be notified by Customer to the data subjects in accordance with the Addendum and Section 5.4 below), that fact and sufficient information about such transfer and the purpose of such transfer to enable the data subject to understand the purpose and risks of such transfer; and
The Data Discloser undertakes to inform the data subjects, in accordance with the Data Protection Legislation, of the purposes for which the Data Receiver will process their personal data, the legal basis for such purposes and such other information as is required by Article 14 of the GDPR including:
if Shared Personal Data will be transferred to a third party, that fact and sufficient information about such transfer and the purpose of such transfer to enable the data subject to understand the purpose and risks of such transfer;
with respect to expected data transfers from Customer to Bigabid (being the Data Receiver), that Shared Personal Data will be collected, processed and transferred by Customer to Bigabid, for the purposes stipulated in the Addendum; and
if Shared Personal Data will be transferred outside the EEA pursuant to clause 9 of this Addendum, that fact and sufficient information about such transfer, the purpose of such transfer and the safeguards put in place by the controller to enable the data subject to understand the purpose and risks of such transfer.
The parties have developed a reliable means of converting Shared Personal Data to ensure compatibility with each party’s respective datasets.
The Data Discloser shall make all reasonable efforts to ensure that before the Effective Date, Shared Personal Data are accurate and that it has appropriate internal procedures in place for the Data Receiver to sample Shared Personal Data prior to the Effective Date and it will update the same if required prior to transferring the Shared Personal Data.
Shared Personal Data must be limited to the Personal Data described in clause 4.1 of this Addendum.
Data subjects’ rights
The parties each agree to provide such assistance as is reasonably required and requested by the other party, to enable the other party to comply with requests from data subjects to exercise their rights under the Data Protection Legislation with respect to the Shared Personal Data, within the time limits imposed by the Data Protection Legislation.
Bigabid and the Customer are each responsible for maintaining a record of individual requests for information, the decisions made and any information that was exchanged. Records must include copies of the request for information, details of the data accessed and shared and where relevant, notes of any meeting, correspondence or phone calls relating to the request.
Data retention and deletion
Parties may continue to retain Shared Personal Data in accordance with any statutory or professional retention periods applicable in their respective countries and / or industry.
For the purposes of this paragraph, transfers of personal data shall mean any sharing of personal data by Bigabid with a third party, and shall include, but is not limited to, the following:
subcontracting the processing of Shared Personal Data;
granting a third party controller access to the Shared Personal Data.
If Bigabid appoints a third party processor to process the Shared Personal Data it shall comply with Article 28 and Article 30 of the GDPR and shall remain liable to the Customer and data subject(s) for the acts and/or omissions of the processor.
Bigabid may not transfer Shared Personal Data to a third party located outside the EEA unless it;
complies with the provisions of Articles 26 of the GDPR (in the event the third party is a joint controller); and.
ensures that (i) the transfer is to a country approved by the European Commission as providing adequate protection pursuant to Article 45 of the GDPR; (ii) there are appropriate safeguards in place pursuant to Article 46 of the GDPR; (iii) the transfer is to an organization subscribed to the EU-US and/or Swiss-US PrivacyShield Framework; or (iv) one of the derogations for specific situations in Article 49 of the GDPR applies to the transfer.
Security and training
The Customer shall only provide the Shared Personal Data to Bigabid by using secure methods as agreed in advance by the parties.
The parties undertake to have in place throughout the Term of this Addendum appropriate technical and organisational security measures to:
unauthorised or unlawful processing of the Shared Personal Data; and
the accidental loss or destruction of, or damage to, the Shared Personal Data
ensure a level of security appropriate to:
the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and
the nature of the Shared Personal Data to be protected.
The parties shall keep such security measures under review and shall carry out such updates as they agree are appropriate throughout the Term of this Addendum.
It is the responsibility of each party to ensure that its staff members are appropriately trained to handle and process the Shared Personal Data in accordance with the parties technical and organisational security measures together with any other applicable national data protection laws and guidance and have entered into confidentiality agreements relating to the processing of personal data.
The level, content and regularity of training referred to in clause 10.4 of this Addendum shall be proportionate to the staff members’ role, responsibility and frequency with respect to their handling and processing of the Shared Personal Data.
Personal data breaches and reporting procedures
The parties shall each comply with its obligation to report a Personal Data Breach to the appropriate Supervisory Authority and (where applicable) data subjects under Article 33 of the GDPR. The parties shall inform each other of any Personal Data Breach irrespective of whether there is a requirement to notify any Supervisory Authority or data subject(s).
The parties agree to provide commercially reasonable assistance as is necessary to each other to facilitate the handling of any Personal Data Breach in an expeditious and compliant manner.
Resolution of disputes with data subjects or the Supervisory Authority
In the event of a dispute or claim brought by a data subject or the Supervisory Authority concerning the processing of Shared Personal Data against either or both parties, the parties will inform each other about any such disputes or claims, and will cooperate with a view to settling them amicably in a timely fashion.
The parties agree to respond to any generally available non-binding mediation procedure initiated by a data subject or by the Supervisory Authority. If they do participate in the proceedings, the parties may elect to do so remotely (such as by telephone or other electronic means). The parties also agree to consider participating in any other arbitration, mediation or other dispute resolution proceedings developed for data protection disputes.
Each party shall abide by a decision of a competent court of the Data Receiver’s country of establishment or of the Supervisory Authority.
Each party warrants and undertakes that it will:
Without derogating from the data subject notification requirements under Section 5.4.2 above and the Addendum, process the Shared Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments that apply to its personal data processing operations.
Make available on request to the data subjects who are third party beneficiaries a copy of this Addendum, unless the Clause contains confidential information.
Respond within a reasonable time and as far as reasonably possible to enquiries from the relevant Supervisory Authority in relation to the Shared Personal Data.
Respond to Data Subject Requests in accordance with the Data Protection Legislation.
Where applicable, maintain registration or pay the appropriate fees with all relevant Supervisory Authorities to process all Shared Personal Data for the Agreed Purpose.
Take all appropriate steps to ensure compliance with the security measures set out in clause 10 of this Addendum.
Subject to Section 5.4.2 above, the terms of the Addendum and Bigabid’s representations regarding the Verbal Confirmation (as defined therein), the Customer warrants and undertakes that it is entitled to provide the Shared Personal Data to Bigabid and it will make all reasonable efforts to ensure that the Shared Personal Data are accurate.
Except as expressly stated in this Addendum, all warranties, conditions and terms, whether express or implied by statute, common law or otherwise are hereby excluded to the extent permitted by law.
The Data Discloser and Data Receiver undertake to indemnify each other and hold each other harmless from any cost, charge, damages, expense or loss which they cause each other as a result of their breach of any of the provisions of this Addendum, except to the extent that any such liability is excluded under clause 12.3 of this Addendum.
Indemnification hereunder is contingent upon:
the party to be indemnified (the indemnified party) promptly notifying the other party (the indemnifying party) of a claim,
the indemnifying party having sole control of the defence and settlement of any such claim, and
the indemnified party providing reasonable co-operation and assistance to the indemnifying party in defence of such claim.
Either party may terminate this Addendum without cause by giving four weeks written notice to the other party.
Without affecting any other right or remedy available to it, either party may terminate this Addendum with immediate effect by giving written notice to the other party if:
the other party commits a material breach of any term of this Addendum which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 30 days after being notified in writing to do so;
the other party repeatedly breaches any of the terms of this Addendum in such a manner as to reasonably justify the opinion that its conduct is inconsistent with it having the intention or ability to give effect to the terms of this Addendum;
the other party suspends, or threatens to suspend, payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts or is deemed unable to pay its debts;
the other party commences negotiations with all or any class of its creditors with a view to rescheduling any of its debts, or makes a proposal for or enters into any compromise or arrangement with any of its creditors other than (being a company) for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party;
a petition is filed, a notice is given, a resolution is passed, or an order is made, for or in connection with the winding up of that other party (being a company) other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party;
an application is made to court, or an order is made, for the appointment of an administrator, or a notice of intention to appoint an administrator is given or if an administrator is appointed, over the other party (being a company);
the holder of a qualifying floating charge over the assets of that other party (being a company) has become entitled to appoint or has appointed an administrative receiver;
a person becomes entitled to appoint a receiver over all or any of the assets of the other party or a receiver is appointed over all or any of the assets of the other party;
a creditor or encumbrancer of the other party attaches or takes possession of, or a distress, execution, sequestration or other such process is levied or enforced on or sued against, the whole or any part of the other party’s assets and such attachment or process is not discharged within 14 days;
any event occurs, or proceeding is taken, with respect to the other party in any jurisdiction to which it is subject that has an effect equivalent or similar to any of the events mentioned in clause 17.2.3 to clause 17.2.9 (inclusive); or
the other party suspends or ceases, or threatens to suspend or cease, carrying on all or a substantial part of its business.
Termination or expiry of this Addendum shall not affect any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination or expiry, including the right to claim damages in respect of any breach of this Addendum which existed at or before the date of termination or expiry.
Force Majeure Event means any circumstance not within a party’s reasonable control including, without limitation:
flood, drought, earthquake or other natural disaster;
epidemic or pandemic;
terrorist attack, civil war, civil commotion or riots, war, threat of or preparation for war, armed conflict, imposition of sanctions, embargo, or breaking off of diplomatic relations;
nuclear, chemical or biological contamination or sonic boom;
any law or any action taken by a government or public authority, including without limitation imposing an export or import restriction, quota or prohibition, or failing to grant a necessary licence or consent];
collapse of buildings, fire, explosion or accident;
any labour or trade dispute, strikes, industrial action or lockouts other than in each case by the party seeking to rely on this clause, or companies in the same group as that party);
non-performance by suppliers or subcontractors (other than by companies in the same group as the party seeking to rely on this clause); and
interruption or failure of utility service.
Provided it has complied with clause 18.4, if a party is prevented, hindered or delayed in or from performing any of its obligations under this Addendum by a Force Majeure Event (Affected Party), the Affected Party shall not be in breach of this Addendum or otherwise liable for any such failure or delay in the performance of such obligations. The time for performance of such obligations shall be extended accordingly.
The corresponding obligations of the other party will be suspended, and its time for performance of such obligations extended, to the same extent as those of the Affected Party.
The Affected Party shall:
as soon as reasonably practicable after the start of the Force Majeure Event but no later than five days from its start, notify the other party in writing of the Force Majeure Event, the date on which it started, its likely or potential duration, and the effect of the Force Majeure Event on its ability to perform any of its obligations under this Addendum; and
use all reasonable endeavours to mitigate the effect of the Force Majeure Event on the performance of its obligations.
If the Force Majeure Event prevents, hinders or delays the Affected Party’s performance of its obligations for a continuous period of more than four weeks, the party not affected by the Force Majeure Event may terminate this Addendum by giving two weeks’ written notice to the Affected Party.
Assignment and Other Dealings
No variation of this Addendum shall be effective unless it is in writing and signed by the parties (or their authorised representatives).
A waiver of any right or remedy under this Addendum or by law is only effective if given in writing and shall not be deemed a waiver of any subsequent right or remedy.
A failure or delay by a party to exercise any right or remedy provided under this Addendum or by law shall not constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict any further exercise of that or any other right or remedy. No single or partial exercise of any right or remedy provided under this Addendum or by law shall prevent or restrict the further exercise of that or any other right or remedy.
Rights and Remedies
The rights and remedies provided under this Addendum are in addition to, and not exclusive of, any rights or remedies provided by law.
If any provision or part-provision of this Addendum is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this Addendum.
If any provision or part-provision of this Addendum is deemed deleted under clause 23.1 the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
No Partnership or Agency
Nothing in this Addendum is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, or authorise any party to make or enter into any commitments for or on behalf of any other party.
Each party confirms it is acting on its own behalf and not for the benefit of any other person.
Any notice or other communication given to Bigabid under or in connection with this Addendum shall be in writing and shall be:
delivered by hand or by pre-paid first-class post or other next working day delivery service at its registered office; or
sent by email to firstname.lastname@example.org.
Any notice or communication shall be deemed to have been received:
if delivered by hand, on signature of a delivery receipt or at the time the notice is left at the proper address;
if sent by pre-paid first-class post or other next working day delivery service, at 9.00 am on the second Business Day after posting or at the time recorded by the delivery service; and
if sent by email, at the time of transmission, or, if this time falls outside Business Hours, when Business Hours resume.
This clause does not apply to the service of any proceedings or any documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.
This Addendum may be executed in any number of counterparts, each of which when executed shall constitute a duplicate original, but all the counterparts shall together constitute the one agreement.
Transmission of an executed counterpart of this Addendum (but for the avoidance of doubt not just a signature page) by email (in PDF, JPEG or other agreed format) shall take effect as delivery of an executed counterpart of this Addendum. If this method of delivery is adopted, without prejudice to the validity of this Addendum thus made, each party shall provide the other with the original of such counterpart as soon as reasonably possible thereafter.
No counterpart shall be effective until each party has executed at least one counterpart.
This Addendum and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by the governing law as set forth in the Addendum.
The applicable courts, as set forth in the Addendum shall have non-exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with this Addendum or its subject matter or formation.
GDPR Resource Page
On May 25th 2018, the EU’s General Data Protection Regulation (GDPR) came into effect. This significant legislation created a consistent approach towards data protection. The GDPR defines what is Personal Data, who must protect it and how such protection will be made. Despite the fact that the GDPR is a European legislation aiming to protect EU citizens’ privacy rights, it has an effect on companies and organizations outside the EU and created a ‘ripple effect’ that pushed other countries to adopt similar rules (like the CCPA).
The aim of this page is to provide our users (or “you”/ “your” etc.) with the relevant information about their privacy. This is despite the fact that our services are mainly offered for app developers. Essentially, the users are those whose Personal Data is being processed by us.
This page will (hopefully) explain what Personal Data we collect and for which reason, what do we do with the Personal Data we collect and how we collect it, as well as some additional information with respect to our roles and responsibilities under the GDPR. The information in this page cannot cover all aspects of the GDPR and if you have more questions or if you require further information then please contact us at email@example.com.
Your Personal Data
There are two ways in which we may gain access to your data (including Personal Data):
Why and What do we do with your Personal Data
We collect and process Personal Data (mainly) for the following purposes:
One of the major aspects of the GDPR is the rights (aka “data subjects” under the GDPR) that users have in relation to their Personal Data. These rights include, for example, your right to have access to your data, to have your data deleted, corrected etc. BigaBid have taken upon itself to abide by the highest industry standards and practices of the Ad-Tech industry such as the NAI (Network Advertising Initiative) standards and compliance with the IAB TFC (Transparency and Consent Frameworks).
If you wish to exercise any of the privacy rights that you may have, you can use those tools to exercise your rights or reach out to our privacy team at: firstname.lastname@example.org or to our Data Protection Officer at: email@example.com.
Roles and responsibilities (“GDPR talk”)
In other instances, such as via direct advertising on apps, BigaBid will act as the Data Processor of users’ Personal Data. This means that we will process such data on behalf of our partners and in accordance with their instructions. Our responsibilities in such cases are narrower so that if users approach us and request to exercise their rights, we will refer them to the relevant partner – who is the Controller of their Personal Data.
Cross-border data transfers: BigaBid relies on appropriate legal mechanisms for cross-border transfers of Personal Data originating in the EEA.
BigaBid Ltd. Is located in Israel, a jurisdiction that was deemed “adequate” by the EU Commission in providing a sufficient level of data protection.
BigaBid Inc. has self-certified and adheres to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
Data Protection Officer (DPO): The function of the DPO is required under the GDPR in companies that engage in large scale, regular and systematic monitoring of data subjects.
At BigaBid, our DPO is responsible for monitoring and advising our ongoing privacy compliance and serving as a point of contact on Privacy matters for data subjects and supervisory authorities. Our DPO can be reached at: firstname.lastname@example.org
EU Representative: having a European representative is also a GDPR requirement (under Article 27). Our EU representative, Dr. Andreas Mätzler, can be reached at: Schellinggasse 3/10, Vienna 1010, Austria.
Children information: no, nope, no-thank-you! BigaBid does not direct its services to children under the age of 16, and does not knowingly collect data relating to children.
Privacy as a principle
Here at BigaBid, we take privacy seriously. We believe that compliance with the GDPR is crucial but more importantly that privacy should be regarded as a norm and as a fundamental principle.
If you have any questions or comments regarding our privacy practices, or if you would like to exercise any of the privacy and data rights available to you, please feel free to reach out to us at email@example.com or directly to our DPO at: firstname.lastname@example.org.
Effective Date: August 26th, 2020
Biga Bid Media Ltd. (“BigaBid“, “we“, “our” or “us“) develops and provides data-driven performance marketing solutions for the mobile advertising industry, which allow us to bid on, and engage with individuals on behalf of mobile advertisers (our “Customers”) to (“End Users”) who are most likely to become high-value users of their mobile applications, as further described on the BigaBid website – www.bigabid.com. In addition, BigaBid acts as a DMP (Data Management Platform), creating audience related insights for optimizing ad performance (collectively, the “Services”).
You are not legally required to provide us with any Personal Data (defined below), but without it we may not be able to provide you with the full range of Services or with the best user experience when using our Services. To learn more about the choices available to you, please read Section 8 below.
1. Data Collection
We collect Personal Data regarding our Customers, as well as data regarding Visitors. Such data is typically collected and generated through the Visitor’s interaction with our Services, through automatic means, directly from such Visitor or Customer, or from other third parties.In addition, we collect Personal Data regarding End Users, as our systems consider and bid on the opportunity to engage with them and show them our Customers’ advertisements (“Bids”); and following successful Bids and engagements, as we monitor the performance of our Services on behalf of our Customers.
Specifically, we collect the following categories of data (which, to the extent it relates to an identified or identifiable individual, will be deemed as “Personal Data“):
2. Data Uses
We use Personal Data as necessary for the performance of our Services; to comply with applicable law; and to support our legitimate interests in maintaining and improving our Services and offerings, understanding how our Services are used, optimizing our marketing and advertising services, customer service and support operations, and protecting and securing our Visitors, Customers, End Users, ourselves and our Services.We do not sell your personal information for the intents and purposes of the California Consumer Privacy Act (CCPA).
Specifically, we use Personal Data for the following purposes:
3. Data Location & Retention
Please note that except as required by applicable law, we will not be obligated to retain your Personal Data for any particular period, and we are free to securely delete or anonymize it for any reason and at any time, with or without notice to you.
If you have any questions about our data retention policy, please contact us by email at email@example.com.
4. Data Sharing
5. Cookies and Tracking Technologies
If you wish to prevent the use of your mobile device’s advertising ID (e.g. for interest-based advertising), you may change your device settings to reset such advertising ID or to opt-out of such advertising (typically, this is available under the “Privacy” or “Ads” section in your device settings). You may also change your browser settings to reset or block cookies (typically, this is available under the “Settings” or “Help” section in your browser menu).
If you are an End User who lives in the USA, Canada or Europe, you can also opt-out from the collection of your data by our Customers who participate in the Digital Advertising Alliance, by visiting www.aboutads.info/choices (for US users), www.youradchoices.ca/choices (for Canadian users) or www.youronlinechoices.com (for European users).
Please note that if you reset your advertising ID or opt-out of interest-based advertising, you may still see advertisements served by BigaBid, or on any other channels, but those ads will not be targeted based on the above mentioned identifiers. For example, such ads may be instead based on context, such as your progress and actions in a certain app, or your language preferences. Please note that such actions may result in a less enjoyable user experience.
7. Data Security
In order to protect your Personal Data held with us and our Service Providers, we are using industry-standard physical, procedural and electronic security measures, including encryption as appropriate. However, please be aware that regardless of any security measures used, we cannot and do not guarantee the absolute protection and security of any Personal Data stored with us or with any Service Providers as described in Section 4 above.
8. Data Subject Rights
If you wish to exercise your rights under any applicable law, including the EU General Data Protection Regulation (GDPR) or the California Privacy Act (CCPA) such as the right to request access to, and rectification or erasure of your Personal Data held with BigaBid, or to restrict or object to such Personal Data’s processing, or to port such Personal Data (each to the extent available to you under the laws which apply to you)– please contact us by email at firstname.lastname@example.org.Please note that once you contact us by e-mail, we may require additional information and documents, including certain Personal Data, in order to authenticate and validate your identity and to process your request. Such additional data will be then retained by us for legal purposes (e.g. as proof of the identity of the person submitting the request), in accordance with Section 3 above.If you are an End User, we suggest you turn to the relevant Customer, acting as the Controller of your Personal Data in this instance (see Section 10 below for more details).
9. Children’s Privacy
Our Services are not designed to attract children under the age of 16. We do not knowingly collect Personal Data from children and do not wish to do so. If we learn that we collect data relating to a person under the age of 16, we will make all efforts to promptly delete any Personal Data stored with us with regard to such child. If you believe that we might have any such data, please contact us by email at email@example.com.
10. Data Controller/Processor
If you would like to make any requests or queries regarding Personal Data we process on our Customer’s behalf, please contact them directly. For example, if you wish to access, correct, or delete data processed by BigaBid on behalf of a Customer, please direct your request to the relevant Customer (who is the “Data Controller” of such data). Should we receive such requests directly, we may refer them to our Customer.
11. Additional Notices