Taking privacy & data governance seriously
Krux is not in the business of setting industry standards, but we do all that we can to advance industry dialogue and improve standards of practice. We provide a Platform that enables our clients to manage their digital data subject to their own privacy policies. In that way, we enable our clients to manage their data in a responsible way and we empower consumers to better understand what data is collected via the Platform and how it is used.
We are members of the Network Advertising Initiative (“NAI”) and adhere to the 2015 NAI self regulatory codes of conduct. We also adhere to the Digital Advertising Alliance (“DAA”) Code of Conduct in the U.S., Canada and EU. In our work, we will seek to maintain alignment with standards established by industry groups such as the IAB, NAI, DAA, and DCN, and we are members in good standing of the IAB, NAI, and DCN.
The Krux Site is primarily directed to our clients (our “Clients”) and prospective clients; which are generally businesses. We don’t collect personally identifiable information (“PII”) such as email addresses or telephone numbers from the Krux Site unless it is provided to us. For example, a user may choose to send us an email that contains their PII, or download a white paper in which case we’ll ask for PII such as their name, company name, email and telephone number. Our clients typically provide PII in order to setup an account with us, including their name, home or business address, email address, and/or telephone number. We use the PII we’re provided to answer questions, send requested information and/or to service our Clients’ accounts. We also collect the same non-personally identifiable information (“Non-PII”) from the Krux Site as we obtain from our Clients via our technology Platform. Non-PII is information that cannot by itself be used to identify a particular person or entity, and may include an IP host address, pages viewed, browser type, Internet browsing and usage habits, Internet Service Provider, domain name, the time/date of a visit to a website, the referring URL and a computer or device’s operating system. We do not enable our technology Platform on the sections of the Krux Site that enables our Clients to login and manage their accounts.
Krux Technology Platform
Krux uses HTML5 cookies in Connection with the Platform, including on the Krux Site and most Client Sites. An HTML5 cookie is also known as HTML5 Web storage and is an alternative to the commonly used HTTP browser cookie. Krux uses HTML5 cookies as a backup storage mechanism to HTTP cookies; storing both ad targeting data as well as user opt-outs in both HTTP and HTML5 cookies (collectively, our “Cookies”).
Krux is experimenting with the use of statistical identifiers in connection with the Platform, including on the Krux Site and some Client Sites where requested by Clients. Statistical identifiers are created using non-PII about computers and mobiles devices such as the operating system, user-agent string, IP address (in jurisdictions where this is not considered to be personal data), Internet browser, installed fonts, and similar information. This information makes your computer or device distinct enough for our systems to determine within a reasonable probability that they are encountering the same computer or device. Statistical identifiers enable users to be uniquely identified via the Platform, enabling the Platform to store ad targeting, analytics and other data.
Mobile Device Identifiers
Krux uses mobile device identifiers such as the Android Advertising ID and Apple iOS’ IDFA in connection with the Platform where Clients ask Krux to store information collected via Client Mobile Apps. Mobile device identifiers enable users to be uniquely identified via the Platform, enabling the Platform to store ad targeting data.
How we Collect and use Non-PII via our Technology Platform
Krux offers a technology Platform for website and mobile application operators, and we utilize the Platform when users visit the Krux Site. When a user visits the website or mobile application of one of our Clients (the "Client Site" or “Client App”, collectively, the “Client Site and App”), the Client collects and transfers to Krux and/or enables Krux to collect Non-PII related to that user’s visits to their website or mobile app (our Client’s "Session Data"). This Session Data may include information about how the user came to the Client Site and App, which search engines they use, the search terms used to find the Client Site, their experience on the Client Site and App, information about how they interact with the Client Site and App, demographic information that the Client has collected from that user and other visitors, data from third-party data providers, and information regarding how users interact with advertisements on the Client Site and App. Additionally, browsers send certain standard information to every website a user visits, such as an IP address, browser type and language settings, access times, and referring website addresses. This information is collected during visits to each Client Site and App, including the Krux Site. We make Session Data accessible only to each individual Client. The Client typically uses this data on our Platform to deliver targeted advertising campaigns both on the Client Site and App as well as off their sites and apps. For example, Clients may use the Platform to help them find interested users and to deliver ads that attempt to bring those users back to the Client’s Site and App. Where our systems can reasonably infer that a particular computer and/or mobile device belong to the same user or household, we may store such information for use on the Platform. The data stored on our Platform may be combined with other third party data in order to better target advertisements, to enable Clients to better understand users across multiple computers and devices, and for ad delivery and reporting purposes.
While Krux does not allow PII directly onto the Platform, we do receive PII from Clients outside of the Platform. Typically, we receive the PII as part of an onboarding process whereby Krux receives data that contains PII and render that data into Non-PII targeting segments utilizing a privacy-by-design process. Krux may work with a third-party technology partner to help facilitate the onboarding process.
Krux does not directly share Non-PII with either partners or third parties. Clients may choose to share their Non-PII data with others at their discretion, and Krux may assist them to share user data collected on those Client Sites and Apps. Reporting is done at the aggregate level, with no user level information accessible.
How we use PII, Onward Transfer
We aim to keep PII data off of our Platform and do not intentionally collect PII via the Platform. As described above, we may obtain PII when visitors to the Krux Site choose to provide it. For Clients who have setup an account with Krux, we use the PII we have to administer their account. When Clients terminate their accounts, Krux removes their PII from our systems within a reasonable time following such termination, subject to our right to retain (i) copies of transactions between the client and Krux and related payment information, (ii) information relating to any dispute or potential fraud, (iii) any additional information that in Krux discretion, needs to keep to protect our legal rights or the rights of others.
From time to time, Krux engages with partners to perform services on behalf of Krux or other Clients who use our services. For example, we may provide information to corporate affiliates, or to third parties under contract with Krux ("Contracted Parties") to provide services such as credit card verification and processing, fraud detection and prevention, or data hosting. In all cases, Contracted Partners are contractually required to maintain the confidentiality of PII and may not use it for purposes other than performing the specific services on Krux's behalf. Other than such disclosure to Contracted Parties, Krux may also disclose PII if such disclosure is required for Krux to comply with valid and binding legal requirements, to protect Krux's rights or property (or that of Krux customers), and/or where needed to protect personal safety. For example, Krux may be required to disclose information in response to lawful requests by public authorities, including by government law enforcement or national security agencies. In the event we are required to disclose information in response to legal process or a government request, we will attempt to notify affected users for which we have contact information to the extent we are legally permitted to do so. Finally, Krux may transfer information, including any PII, to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change. If Krux is involved in a merger, acquisition, or sale of all or a portion of its assets, users will be notified via email and/or a prominent notice on the Krux Site of any change in ownership or uses of PII, as well as any choices users may have regarding their PII.
Children, Sensitive Data
In accordance with industry standards and law (e.g., the COPPA regulations in the U.S.), we do not knowingly collect, administer, or enable the commercial use of PII relating to children less than 13 years of age.
Ability to Opt-Out
Browser Opt-out - Krux offers a one click opt-out solution here for users who wish to opt-out of targeting via the Krux technology Platform. If you choose to opt-out, Krux deletes any targeting data it may have for your browser, and we will no longer enable our Clients to target that browser using our technology Platform. You will likely still receive advertisements, but Krux technology will have no input or impact on tailoring those ads. Please note that if you delete, block, or otherwise restrict cookies, or if you use a different computer, device or Internet browser, you will need to renew your opt-out choice. Also, because we utilize HTML5 cookies to record your opt-out choice, it may take an additional visit to one of our Clients’ websites for your opt-out choice to go into effect. To the extent that a particular browser and a mobile device are linked via our Platform, opting out will sever the link.
Mobile App Opt-out - Krux honors the mobile device settings for Android and Apple iOS devices. To exercise this opt-out, please visit the privacy settings of your Android or iOS device and select “limit ad tracking” (Apple iOS) or “opt-out of interest based ads” (Android). On devices where we see that such a selection has been made, we will not target that mobile device via the Krux Platform. To the extent that a particular browser and a mobile device are linked via our Platform, opting out will sever the link.
Do Not Track - Some web browsers offer a mechanism, known as a "Do Not Track" ("DNT"), that allows a user to elect to stop the collection of certain browsing data by websites and technology companies. Currently, the standards regarding the DNT signals and appropriate responses are not defined. As a result, Krux is experimenting with DNT and may place an opt-out cookie on computers or other devices when we see a valid DNT signal.
Delete PII – While we don’t knowingly obtain PII via our technology Platform, if you’ve provided Krux with PII via the Website (e.g., by sending us an email or by registering with Krux as a Client), Krux provides the ability for users to obtain and correct or request destruction of information maintained by Krux by sending an email to firstname.lastname@example.org or by contacting us at the address noted below. We will answer these requests in a reasonable time. We will also allow users to control the delivery of promotional emails from Krux.
Data Retention / Minimization
Krux stores PII such as email address or billing details so long as you continue to have a business relationship with us. You may ask us to delete that information by following the instructions above.
Our cookies and similar tracking technologies expire six months from the last time our systems encounter a particular computer or device. We do not use any Session Data that is more than twenty-four (24) months old for user profiling or targeting. After 24 months, we remove any unique identifiers and store the data for up to 5 years.
We take commercially reasonable efforts to maintain security protections in accordance with industry practices to protect data we collect from loss, alteration, destruction, misuse and unauthorized access or disclosure. We have policies to help maintain control and physical security of the facilities used to store data and only allow access to authorized personnel, restrict access to data to those employees, contractors and agents that have a need to know the information in order to provide and support our services. All Krux employees are bound by confidentiality obligations and may be subject to disciplinary or legal action if they fail to meet these responsibilities.
We process information in a way that is compatible with and relevant for the purpose for which it was collected. To the extent necessary for those purposes, we take reasonable steps to ensure that any information in our care is accurate, complete, current and reliable for its intended use.
We endeavor to make our data reliable, accurate, complete, and current. One of the steps that we take is to permit users to provide demographic information, such as their age and gender, that will be associated with their browser. You can provide general demographic information by going to the following website. http://www.krux.com/privacy/consumer-choice/
Data From the European Union or Switzerland
If Krux received data about you from the EU, pursuant to Privacy Shield you have the following rights and options in addition to those explained elsewhere in this policy:
- Access. You have the right to ask Krux whether it has received personal information about you from the EU, and, if so, what data Krux has received. Although Krux will attempt in good faith to respond to your request, it may not be able to provide the requested information in all situations. For example, Krux may not be able to provide the information that you request if it imposes an undue burden or expense, requires Krux to release confidential commercial information, or requires the disclosure of information relating to another person. You can submit a request for information via email@example.com, or via mail to 181 South Park, #2, San Francisco, CA 94107.
- Correction. You have the right to ask Krux to correct the personal information that it receives about you from the EU. For example, you can provide your gender and age so that it is associated to your browser at the following website. Although Krux will attempt in good faith to respond to other requests to correct information, it may not be able to make the correction in all situations. For example, Krux may not be able to correct information about you if it would impose an undue burden or expense, or require Krux to change information relating to another person. You can submit a request to correct information via firstname.lastname@example.org, or via mail to 181 South Park, #2, San Francisco, CA 94107.
- Onward transfer. As discussed above, Krux may share information with third parties that provide Krux with service. If such an entity takes an action that is contrary to the principles of the EU-US Privacy Shield, Krux shall be liable for those actions unless it can prove that it was not responsible for causing such actions.
- Disputes. Krux has committed to attempt to resolve privacy complaints under the EU-US Privacy Shield Principles. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint with the Council of Better Business Bureaus (“CBBB”) EU Privacy Shield dispute resolution program.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
If Krux received data about you from Switzerland, pursuant to the US-Swiss Safe Harbor Principles you have the following rights and options in addition to those explained elsewhere in this policy:
Disputes. Krux has further committed to refer unresolved privacy complaints under the Swiss Safe Harbor Principles the BBB EU Safe Harbor, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by the Privacy Officer at Krux, please visit the BBB EU SAFE HARBOR web site at www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.
Changes, questions, and communication
If we are required to contact you concerning your information, we may do so, if permitted by law, via email, telephone, and/or mail.
Last Updated: August 9, 2016