DYNAMIC YIELD PLATFORM PRIVACY POLICY
Last Updated April 04, 2017

We, at Dynamic Yield, including Dynamic Yield Ltd., and its wholly owned subsidiaries, Dynamic Yield, Inc. and Dynamic Yield UK Ltd., Dynamic Yield GmbH and Dynamic Yield APAC PTE Ltd. (“DY,” “we,” “us,” or “our”), have created this privacy policy (“Platform Privacy Policy” or “Privacy Policy”) to inform you how our proprietary platform (the “Platform”) collects, uses, and processes information, on behalf of online marketers, website owners, leading brands, and other businesses that use our services (collectively, our “Clients”), which is related to Client’s online users or customers (“End Users” or “you”).

We encourage Clients and End Users to read the Platform Privacy Policy carefully and use it to make informed decisions. Please note that this Platform Privacy Policy does not apply to each Client’s privacy practices and any processing of information, which may be made by the Client outside the scope of our Services (as defined below). If End Users wish to understand how the Client may use such information, they should review the applicable Client’s privacy policy.

In this Privacy Policy, you can read about:

  • Our Services
  • What type of information we process
  • How we collect End Users’ information
  • Our usage of Cookies
  • How we use the information
  • With whom we share the information
  • For how long we retain the information
  • How we safeguard the information
  • Children’s Personal Information
  • Privacy Shield Certification
  • How to contact us

DY’s Services

We sell to our Clients a license to use our SaaS solution which provides different features, which include the following: i) Automated Personalization, ii) Dynamic AB Testing to optimize yield, iii) a full set of features to help Clients optimize their website conversions and maximize revenues, iv) targeted and omnichannel personalized messaging platform directed to End Users, and v) a flexible data architecture to allow for powerful integrations with any enterprise system (collectively, the “Services”). We provide our Services under the sole direction of our Clients, when collecting and processing your information.

The Information we Collect

In the course of operating the Platform and providing our services, DY collects the following types of information from End Users:

  • Personal Information. We may collect individually identifiable information which is related to End Users, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Information”), including the following:
    • Contact Information: Our Clients may send us (directly or by using their e-mail service providers (“ESPs”)) End Users’ names and e-mail addresses, in order to offer our Clients personalized messaging services when using our Services.
    • Technical Information: We may also collect Personal Information from End Users’ device, when End Users access or visit Clients’ websites (the “Websites”). Such information includes IP addresses, geolocation data and other devices’ unique identifiers.
  • Non-personal Information. We collect un-identified and non-identifiable information pertaining to End User(s), which may be made available to us or gathered via End User’s use of the Websites (“Non-personal Information”). We are not aware of the identity of the individual from which the Non-personal Information was collected. Non-personal Information which is being collected may include the following:
    • End User’s Activity. We and our technology providers may automatically collect Information when End Users visit or access the Websites, including your referring URL; time stamp; browser type and language; operating system; screen height; screen width; color depth; whether your computer is Java enabled; Internet connection type; whether or not your browser accepts cookies; pages viewed on the Websites; products viewed, placed in the cart, and purchased on the Websites; quantity, price, and purchase ID of products placed in cart or purchased on the Websites; and custom page data, as defined by our Clients.
    • Inferred Information. Based on the information we collect from End Users’ Website activity, search terms entered through End User’s browser, and information gleaned from previous DY cookies and local storage (as detailed below), we may infer other information, such as zip code, country, state, time zone, weather, temperature, heat index, wind chill, or proximity to a shipping location.

If we combine Personal Information with Non-personal Information, the combined information shall be treated by us as Personal Information for as long as it remains combined.

Cookies and JavaScript Tags

We collect information using “cookie” technology, JavaScript tags and other technologies when End Users access the Websites.

Cookies are small packets of data that a website stores on your computer’s hard drive so that your computer will “remember” information about your visit. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to help us collect information and to enhance your experience using the Websites. If you do not want us to place a cookie on your hard drive, you may be able to turn that feature off on your computer. Please consult your Internet browser’s documentation for information on how to do this and how to delete persistent cookies. However, if you decide not to accept cookies from us, the Websites may not function properly.

We also use JavaScript tags to trigger a sequence of events that includes viewing a first-party cookie (or setting that cookie if it does not already exist) and to help us and our Clients tailor, analyze, manage, report, and optimize your experience on the Websites.

How we Use End User’s Personal Information

We use and share Personal Information in the manners described in this Privacy Policy. In addition to the purposes listed above, we collect information, which may include your Personal Information, for the following purposes,

  • To provide Services to our Clients. For example, when we receive your Personal Information (e.g. email address), we may analyze such data and may instruct our Clients or their ESPs what content to insert into marketing or other communications which are directed to you. We, our Clients or their ESPs, as applicable, will then send you a tailored e-mail based on our suggestions.
  • To send to our Clients relevant information and updates related to the Services;
  • To generally understand the needs and interests of our Clients and their End Users;
  • To conduct anonymous analytics in order to improve and customize our Services and Platform.
  • To support and troubleshoot our Services;
  • To investigate and resolve disputes in connection with our Services;
  • To investigate violations and enforce our policies, and as required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process or respond to a government request; and
  • To monitor system performance and network capacity, test and fix systems, and develop and implement upgrades to systems.

With whom we Share Personal information we Collect

We do not rent, sell, or share your Personal Information with third parties except as described in this Privacy Policy.

We may share Personal Information with the following recipients: (i) our subsidiaries any of our parent companies, affiliates, joint ventures, or other companies under common control with us; (ii) the Client you interact with directly; (iii) subcontractors and other third party service providers, such as cloud computing service provides; (iv) auditors or advisers of our business processes; and (v) any potential purchasers or investors in DY.

We will not share without your consent your Personal Information except as required by law, such as to comply with a subpoena, court orders and regulations or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud or respond to a government request.

End Users’ Rights and Data Retention

We value our End Users privacy and control over their Personal Information. In cases where we are required under the applicable law, an End User may request that we will correct errors with regard to his Personal Information and allow him to receive certain details with regard to his Personal information. You can contact us at privacy@dynamicyield.com with “PRIVACY POLICY” in the subject line.

If you would like to opt-out of DY’s collection of information about you using cookies or JavaScript tags, please follow the instructions found on our Clients’ Websites. We will use commercially reasonable efforts to process such requests in a timely manner. Alternatively, you may use a third party tag management service to disable DY’s tag on our Client’s Websites. You may also opt out/in of Dynamic Yield services by clicking this button:

Opt Out

We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.

We will retain the information we collect for as long as needed to provide our Services and to comply with our legal obligations.

How we Protect the Information

The security of your personal information is important to us. We take commercially reasonable steps to protect the information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the absolute security of our databases, nor can we guarantee that the information that you supply will not be intercepted while being transmitted to and from us over the Internet.

In addition, we perform an internal screening process to our subcontractors who may have access to your Personal Information prior to our engagement with them, and require such subcontractors to take all reasonable measures in order to safeguard your Personal Information.

If you have any questions about security on our Platform, you can contact us at privacy@dynamicyield.com with “PRIVACY POLICY” in the subject line.

Children’s Personal Information and COPAA

DY does not knowingly collect Personal Information from children in the EU who are under the age of sixteen (16) through the Platform. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without his/her consent, then he or she should contact us at privacy@dynamicyield.com. If we become aware that a child under the age of 16 has provided us with Personal Information, we will delete such information from our files.

The Children’s Online Privacy Protection Act (“COPPA”) requires parental consent for collection of Personal Information from children younger than the age of 13 years old in the U.S. DY complies with COPAA and does not collect Personal Information of children, unless it is necessary to support the internal operations (as defined in 16 C.F.R. 312.2,) of Client’s Website. Please consult our Client’s websites to determine their compliance with COPPA. For tips on protecting children's privacy online, generally, please view the FTC's website at http://www.ftc.gov/privacy/privacyinitiatives/childrens.html

Important Notices to Non-U.S. Residents/Privacy Shield Certification

DY complies with the EU-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. DY has certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Privacy Shield program, and to view DY’s certification, please visit https://www.privacyshield.gov/US-Businesses.

However, it is important to note that the Platform and its servers are operated in the United States and elsewhere. If you are located outside of the United States, please be aware that any information will be transferred to, processed, and used in the United States and elsewhere. By using the Platform, you irrevocably and unconditionally consent to such transfer, processing, and use of the information in accordance with the EU-US Privacy Shield and this Platform Privacy Policy. DY accepts full accountability and responsibility for the protection of your Personal Information, according to the applicable privacy legislation and this Privacy Policy, during the course of these onward transfers to third parties.

In order to comply with the Privacy Shield framework, DY commits to the resolution of complaints about your privacy and our collection or use of your information. We have also committed to resolve any complaints pursuant to the Privacy Shield Privacy Principles by European Union citizens, relating to this Platform Privacy Policy and which cannot be resolved directly with our company, through a panel established by the EU Data Protection Authorities (“EU DPAs”) as our Independent Recourse Mechanism (“IRM”).

If you have any questions regarding this Platform Privacy Policy, please contact us as described in the “How to Contact Us” section below. We will investigate your question, respond to your inquiry, and attempt to resolve any concerns regarding your privacy question. If you do not receive acknowledgement of your complaint or, if your complaint is not satisfactorily addressed by DY, then please contact us to be directed to the relevant DPA contacts. As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. We have registered with the United States Council for International Business to cover the operating costs of the EU DPAs’ Dispute resolution panel. DY is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Corporate Transaction

We may share information which relates to End Users, including Personal Information, in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale) of DY. In this event, the acquiring company will assume the rights and obligations as described in this Privacy Policy.

Changes to this Privacy Policy

We may change this Platform Privacy Policy from time to time. By accessing or using the Websites after we make any such changes to this Platform Privacy Policy, you are deemed to have accepted such changes. Please be aware that, to the extent permitted by applicable law, our use of the information is governed by the Platform Privacy Policy in effect at the time we collect the information. Please refer back to this Platform Privacy Policy on a regular basis.

How to Contact Us

If you have questions about this Platform Privacy Policy, please contact DY via e-mail at privacy@dynamicyield.com with “PRIVACY POLICY” in the subject line or mail at the following address:
Dynamic Yield, Inc.
Attn: Security Officer
6 W 18th Street
New York, New York
10011