Last updated: June 10, 2021
Bombora, Inc. and its global subsidiaries (collectively, “Bombora”, “we”, “us”, or “our”) value the privacy of each person (“you” or “your”) whose information we collect or receive. This privacy notice (“Privacy Notice“) explains who we are, how we collect, use and share personal information about you, and how you can exercise your privacy rights.
The Privacy Notice covers personal information we collect:
- a) When you provide information to the Bombora hosted platform and related analytics products.
- b) When you visit one of our corporate websites (such as https://bombora.com, https://www.signal-hq.com/, https://www.netfactor.com/) (“Website“) and/or provide information to Bombora over the usual course of our business practices, such as in connection with our events, sales and marketing activities (see ‘privacy for our websites’).
We recommend that you read this Privacy Notice completely to ensure you are fully informed. However, to make it easier for you to review those parts of this Privacy Notice which may apply to you, we have divided up the Privacy Notice into the following sections:
1. Who we are
One of the primary ways Bombora collects data is from a proprietary data cooperative (“Data Co-op”). The Data Co-op consists of business to business (“B2B”) websites of publishers, marketers, agencies, technology providers, and research and event firms that contribute content consumption data to a massive pooled data set that details the buying intent of a company.
Co-op members provide consent-based brand-anonymous data, including Unique IDs (including Cookie IDs), IP address, page URL and referrer URL, browser type, operating system, browser language, and engagement data (including dwell time, scroll velocity, scroll depth and time between scrolls) (collectively, “Event Data”). Engagement data validates You are actually consuming content and not quickly bouncing from the website. The full data set is refreshed weekly.
Bombora collects the Event Data, analyses the content You consumed on the website, and assigns the content topics using the Bombora topic taxonomy (“Topics”).
When Bombora is able to identify from Your Event Data which company You represent (“Company Name/URL”), Bombora aggregates the Topics and Company Name/URL to a company profile, including all events of other employees from the same Company Name/URL.
The tag collects your actions but the actions are assigned to a company.
Bombora provides the following hosted platform and related analytics products (collectively the “Services”) to its clients (“Subscribers”):
1.1 Company Surge® Analytics
An analytics report listing company name, topic and Company Surge® score. To create the score Bombora collects, stores, organizes, uses and erases data which is anonymized and aggregated such that no personal data exists. Bombora will not disclose any data to a company other than company name, topics searched, and Company Surge® score. These reports are created by collecting data from tags on publisher websites. The Bombora Tag (defined below) collects IP address (which is anonymous and converted to company URL), engagement metrics, and topics (which are determined by real time algorithm). The topics (based on Bombora’s B2B taxonomy) are attributed to company name. Our proprietary algorithm compares topic interest over 30 Billion interactions to create a score. That score is the company’s interest level in the topics, compared over time.
1.2 Audience Solutions
Audience Solutions is a data product that supports the process of digital ad buying or ad targeting by our customers. Audience Solutions and Measurement Products append data to, and share, a Cookie ID. Bombora appends firmographic and demographic data to the Cookie ID, only at the domain (name of website) and at the company level.
The firmographic and demographic data may include industry, functional area, professional group, company revenue, company size, seniority, decision maker and predictive signals. Bombora does not share any data which could be used to identify You, an individual data subject.
- Facebook integration: As fully described in ‘‘what we do and collect and why’, through the Bombora integration with Facebook, Bombora uploads audiences derived from hashed emails associated with domains into Facebook. Facebook matches these hashed emails against their database of users to create a custom audience for targeting.
- LinkedIn integration: Through the LinkedIn Marketing Developer Platform API, Bombora sends Company Surge® Intent data as a list of domains (e.g., companyx.com) into LinkedIn. LinkedIn matches its users to domains to create a matched audience for targeting within the LinkedIn Ad Platform.
1.3 Measurement Products
- Audience Verification: With our Audience Verification product, a Subscriber places a tag on their campaign creative. The audience verification tag is able to collect the following data insights when You click the advertisement: Unique IDs (including Cookie IDs), IP address and information derived such as geography, User agent, browser type and operating system (OS).
- Visitor Insights: With our Visitor Insights product, a Subscriber places a tag on their website. (We also have placed the Bombora Tag on our Websites). The visitor insights tag collects insights about website visitors, including but not limited to the following data: (i) overall visitor engagement segmented by high, medium, and low percentages; (ii) overall visitor engagement compared to previous date ranges; (iii) total companies, unique users, sessions and page views; (iv) total companies, unique users, sessions and page views compared to previous date ranges; (v) engagement by company domain segmented by high, medium, and low and (vi) unique users, sessions, and page views by company domain. This data can be delivered through the Bombora user interface, from a daily feed, or directly from the Google Analytics platform.
Through the Services, Bombora provides data to our Subscriber to help them better connect and target organizations they want to reach (we refer to the individuals in those organizations as “End Users”). Bombora and its partners engage in tracking End Users’ interactions with business-to-business content across various digital properties like web registration forms, widgets, websites and webpages (whether accesses via computer, mobile or tablet device or other technologies) (“Digital Properties”). We then take this data and aggregate the information collected into demographic segments, such as company revenue and size, functional area, industry, professional group, and seniority. This helps Subscribers customize engagement based on topics that organizations are interested in and the intensity of their consumption.
2. Privacy for our services
This section describes how we collect and use information we receive or collect from End Users through our Services (we refer to this collectively as “Service Information“). This includes details about the type of information we collect automatically, the types of information we receive from other sources and the purposes of those collections.
2.1 What information do we collect and why?
Information we collect automatically:
We use and deploy various cookies and similar tracking technologies (see ‘cookies and similar technologies’ ) to automatically collect certain information about your device when you interact with Digital Properties that use our technology. Some of this information, including your IP address and certain unique identifiers, may identify a particular computer or device and may be considered “personal data” in certain jurisdictions including in the European Economic Area (“EEA“) and the United Kingdom (“U.K.”). However, for its Services
For the services that we provide, Bombora does not collect any information that we reverse engineer to enable us to identify you personally such as your name, mailing address or email address. The information we collect is not used to identify you as an individual.
We collect this information by assigning a random unique identifier (“UID“) to your device the first time you interact with a Digital Property that uses our technology. This UID is then used to associate you with information we collect about you.
The information we automatically collect may include:
- Information about your device such as the type, model, manufacturer, operating system (e.g. iOS, Android), carrier name, time zone, network connection type (e.g. Wi-Fi, cellular), IP address and unique identifiers assigned to your device such as its iOS Identifier for Advertising (IDFA) or Android Advertising ID (AAID or GAID).
- Information about your online behavior such as information about the activities or actions you take on Digital Properties we work with. This may include time spent on a web page, whether you scroll or click on an ad or a web page, session start/stop time, time zone, your referring website address, and geo-location (including city, metro area, country, zip code and potentially geographic co-ordinates if you have enabled location services on your device) pages and times visited.
- Information about ads served, viewed, or clicked on such as the type of ad, where the ad was served, whether you clicked on it and the number of times you have seen the ad.
Information we receive from other sources
We may also combine, merge, and/or enhance the information we collect about you (collectively “Service Information’). This can include the information we collect about you with information collected from third parties such as other web-based and mobile networks, exchanges and websites (“Partners“) or our Subscribers (for example, they may upload certain “offline” data into the Services). Here is a list of our current partners. In addition, the Service Information we automatically collect may be combined and associated with business profile information that we infer about you, such as: age, domain, functional area, household income, income status and changes, language, seniority, education, manufacturing, professional group, industry, company revenue, and net-worth.
This information may include hashed identifiers derived from other information such as email addresses, mobile device IDs, demographic or interest data (like your industry, employer, company size, job title or department) and content viewed, or actions taken on a Digital Property.
We use the Services Information as follows:
- To provide the services to our Subscribers. Generally, we use the Service Information to help Subscribers better understand their current and prospective customers and market trends. This enables Subscribers to better target and customize websites, content, other general marketing efforts and to measure and optimize the performance of their marketing.
- To build various inferenced data segments (“Data Segments”). We may use the Service Information to build Data Segments related to, for instance, the industry you are in or the type of content you or the organization you work for appear to be interested in. We use these Data Segments to help our Subscribers understand their own customers, evaluate customer and market trends and create reports and scoring regarding their customer’s behavior. The Data Segments also may be associated with UIDs, cookies and/or mobile device advertising IDs.
- To do “interest-based advertising”. We sometimes use or work with Subscribers and Partners that use UIDs or other information derived from information such as email hashes. This information in turn may be associated with cookies and may be used to target ads to you that are based on “offline” interest-based segments – such as your interests, transactions or demographic information – or used by Subscribers that target and analyze such ads. This is often known as “interest-based advertising.” You can find out more about this type of advertising at the DAA’s website.
- To do cross-device tracking. We (or our Partners and Subscribers we work with) may use the Service Information (e.g. the IP addresses and UIDs) to try to locate the same unique users across multiple browsers or devices (e.g. smartphones, tablets or other devices), or work with providers that do this in order to better target ad campaigns to common sets of End Users. For example, a brand may wish to target customers that it usually recognizes on web browsers through mobile apps.
- To do “user matching”: We (or our Partners) may use the Services Information, in particular various UIDs, to sync cookies and other identifiers with other Partners and Subscribers (i.e. to do “user matching“). For example, in addition to the UID’s an End User has been assigned in our system, we may also receive a list of UIDs our Partners or Subscribers have assigned to an End User. When we identify matches, we then let our Subscribers and Partners know in order to help them do any of the above, including enhancing their own data and Data Segments to do interest-based advertising or provide insights to other customers. For instance, we use Facebook Custom Audiences to match users.
- As we believe to be necessary or appropriate under applicable law including laws outside your country of residence:
- to comply with legal processes
- to respond to requests from public and government authorities including authorities outside your country of residence
- to enforce our terms and conditions
- to protect our operations or those of any of our affiliates
- to protect yours, our affiliates and/or our rights, privacy, safety or property
- to allow us to pursue available remedies or limit the damages that we may sustain.
- To evaluate, operate or improve the Services.
2.2 Cookies and similar technologies
Our Partners and our Subscribers use various UIDs, cookies and similar tracking technologies to automatically collect information from End Users across various Digital Properties (as previously described above). Please review our Cookie Statement for further information.
2.3 Legal basis for processing personal information (EEA residents only)
If you are an individual from the EEA or the U.K., our legal basis for collecting and using personal information described herein will depend on the personal information concerned and the specific context in which we collect it. However, we normally rely on our legitimate interests to collect personal information from you, except where such interests are overridden by your data protection interests or fundamental rights and freedoms. Where we rely on our legitimate interests to process your personal information, they include the interests described in the ‘what information do we collect and why’ section above. Bombora participates in the IAB Transparency and Consent Framework (TCFv2.0) and uses legitimate interest as our basis for collecting data for the following purposes:
- Measure ad performance (Purpose 7)
- Apply market research to generate audience insights (Purpose 9)
- Develop and improve products (Purpose 10)
In some cases, we may rely on our consent or have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person. If we rely on consent to collect and/or process your personal information, we will obtain such consent in compliance with applicable laws.
Under the IAB’s TCFv2 Bombora uses Consent as our basis for collecting data for the following purposes:
- Store and/or access information on a device (Purpose 1)
- Create a personalized ads profile (Purposes 3)
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided below or complete the ‘contact us’ form.
3. Privacy for our websites
This section describes how we collect and use information from users of our Websites, visitors to our Websites and in the usual course of our business in connection with our events, sales and marketing activities.
3.1 Information we collect
Certain parts of our Websites may ask you to provide personal information voluntarily.
3.2 Information you provide to us
- For Marketing Purposes such as requesting a demo, expressing an interest in obtaining additional information about Bombora or our Services, subscribe to marketing emails. The personal information we collect may include:
- first and last name
- business email
- phone number
- professional information (e.g. your job title, department or job role) as well as the nature of your request or communication.
- When applying for a job on our career page by submitting an application, the personal information we collect may include:
- first name and last name
- mailing address
- telephone number
- employment history and details
- email address
- contact preferences
- professional information (e.g. your job title, department or job role) as well as the nature of your request or communication
- voluntarily asking you to provide U.S. Equal Opportunity Employment Information
- voluntarily asking you to provide your disability status
3. When you register for an account to gain access to Bombora’s User Interface, the personal information we collect may include:
- First name and last name
You may also provide us with personal information by contacting us via email or completing a contact form on our website.
3.3 Information we collect automatically
3.4 Information we collect from third party sources
We may partner with certain third parties to collect information on our Websites to engage in analysis, auditing, research, reporting and to deliver advertising that we believe may interest you based on your activity on our Websites and other websites over time. These third parties may set and access cookies on your computer or other device and may also use pixel tags, web logs, web beacons, or other similar technologies. For more information about these practices and how to opt out, please see our Cookie Statement.
3.5 How we use the information we collect
We will use your personal information for the following purposes:
- To respond to or provide you with information you request
- To provide and support our Websites and Services
- If you have an account with Bombora, to send administrative or account related information to you
- If you have applied for a role with Bombora, for recruitment related purposes
- To post testimonials with your prior consent
- To communicate with you about our events or our partner events
- To provide you with marketing and promotional communications (where this is in accordance with your marketing preferences). For more information about managing your marketing preferences, please see ‘your data protection rights’ below.
- To comply with and enforce applicable legal requirements, agreements and policies
- To prevent, detect, respond and protect against potential or actual claims, liabilities, prohibited behavior and criminal activity
- For other business purposes such as data analysis, identifying usage trends, determining the effectiveness of our marketing and to enhance, customize and improve our Websites and Services
4. General information
This section describes how your information is shared, details about cookies and other tracking technologies, your data protection rights and other general information.
4.1 How do we share your information
Your personal information collected from our Services and Websites may be disclosed as follows:
- Subscribers and Partners. If you are an End User, we share Service Information with Subscribers and Partners for purposes relevant to our business relationship with them and for purposes described in this Privacy Notice. Our Subscribers and Partners are obligated to use the information they receive in compliance with applicable laws and the agreements with our Subscribers.
- Vendors, consultants and service providers. We also share the Service Information with a variety of third-party service providers to help us to operate, secure, monitor, operate and evaluate the Services. Examples of this include to assist with technical, operational, or hosting support, software and security services or to enable other services that we offer. For Instance, the information that we collect for employment applications is shared with Greenhouse Software, Inc. The software that we use for recruiting management. We also use GoodHire to conduct background checks on employee candidates.
- Website advertising partners. We may partner with third party advertising networks and exchanges to display advertising on our Websites, or to manage and serve our advertising on other sites and may share your personal information with them for this purpose.
- Vital interests and legal rights. We may disclose information about you if we believe it necessary to protect the vital interests or legal rights of Bombora, you or any other person.
- Corporate affiliates and transactions. We reserve the right provide your information to our affiliates (meaning any subsidiary, parent company or company under common control with Bombora).
- Potential acquirers of our business. If Bombora is involved in a merger, acquisition or sale of all or a portion of its assets, your information may be shared or transferred as part of that transaction with the relevant potential buyer, its agents and advisors, as permitted by law. Please note that any potential buyer will be informed that they should use your information only for the purposes disclosed in this Privacy Notice.
- Compliance with laws. We may disclose your information to any competent law enforcement body, regulator, government agency court or other third party where we believe disclosure is necessary:
i) as a matter of applicable law or regulation
ii) to exercise, establish or defend our legal rights
iii)to protect your vital interests or those of any other person.
If you are resident of the EEA and to the extent we are allowed to do so, we will provide your data with adequate protection and provide you prior written notice of any request to provide information to any competent law enforcement body, regulator, government agency court or other third party in the United States so that you can appeal and stop the disclosure of your information.
When Bombora provides its Services, the data that we collect is attributed to a company and we do not reverse engineer the data to personally identify you so we may be unable to provide you with such notice.
4.2 Cookies and other tracking technologies
5. Managing your personal information with us
We strive to be as transparent as possible this section describes your data protection rights. It’s important to us that you know that you have the right to access, manage the data that we may have collected about you from third parties.
You have the right to access this data at any time. It’s important that we provide you with tools to object and, restrict the sale of your data, or withdraw consent (where applicable) for the use of the data that we may have on you. Please note, to help protect your privacy and maintain security, we take steps to verify your identify through OneTrust. OneTrust is the secure administrative software that we use to manage privacy request.
5.1 Data subject requests and your data protection rights
Please complete the data subject request form to request a copy of your platform and/or business data from Bombora. The information you supply in this form will only be used to identify the platform and/or business data you are requesting and responding to your request. Once you submit a subject access request form we will endeavor to respond to you within 72 hours of receipt of your request. Please allow Bombora 27 days to process your request. You can also email email@example.com with any questions or queries you have regarding your data.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer requests. The response we provide will also explain the reasons we cannot comply with a request, if applicable. Please note that because most of the information we store can only identify a particular browser or device, and cannot individually identify you. To help protect your privacy and maintain security, we take steps to verify your identify in OneTrust. Making a verifiable consumer request does not require you to create an account with us. Before granting you access to your personal information or complying with deletion, portability, or other related requests, you will need to provide us with some additional information to enable us to identify the personal information we hold about you and ensure that we accurately fulfill your request.
You have the following data protection rights:
- You can request access to, or that we change, update or delete your personal information, at any time by completing the above form. Please note that we may impose a small fee for access and disclosure of your personal information where permitted under applicable law which will be communicated to you.
- In addition, if you are a resident of the EEA, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. To exercise these rights please complete the above form.
- You can opt-out of receiving promotional emails from us by clicking the “unsubscribe” link in the email or by completing the above form. Please see ‘your choices’ for further information about your opt-out choices. If you choose to no longer receive marketing information, we may still communicate with you regarding your security updates, product functionality, responses to service requests, or other transactional, non-marketing, or administrative related purposes.
- If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. Click here to access contact details for data protection authorities in the EEA. If you are a consumer and wish to open an Swiss-U.S. Privacy Shield case, please click here to file a claim.
Opting-out of the sale of personal information
In addition to the data protection rights grated in this Privacy Notice, if you are a California resident, the California Consumer Privacy Act of 2018 (“CCPA”) provides California residents with the right to opt-out of the sale of their personal information, view the data Bombora may have collected over the past 12 months, and to know the following:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information is collected;
- The business or commercial purpose for collecting your personal information;
- The categories of third parties with whom we have shared your personal information;
- The specific pieces of personal information we have collected about you.
In accordance with the Website, these are the categories of information we may have collected on you and the purposes we may have used. The categories of personal information we may have collected about you or your use of our Website over the past twelve (12) months:
- Identifiers such as a real name, unique personal identifier, online identifier; Internet Protocol address, email address, job position, and company name;
- Personal: such as a name, education, employment information;
- Protected classification characteristics such as age and gender;
- Internet or other similar network activity such as browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement;
- Geo location data such as metro area, country, zip code and potentially geographic co-ordinates if you have enabled location services on your device.
For Employment and Job Application Purposes:
- Identifiers: such as name and address home address, telephone number, and email address;
- Protected classification characteristics under CA Law: such as age, gender and disability status;
- Personal Information: name and address home address, telephone number, email address, education, employment, employment history;
- Professional or employment-related information: such as your job application, resume or CV, cover letter, references, education history, employment history, whether you are subject to prior employer obligations, and information that referrers provide about you, references, language proficiencies, education details, and information you make publicly available through job search or career networking sites;
You can obtain more information on the categories of personal information in ‘what we do and collect and why’.
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete [information you provide];
- Indirectly from you. For example, from observing your actions on our Website;
- From third party sources as set-forth in the [Information we collect from 3rd Party sources]
For employment purposes
- Job board websites you may use to apply for a job with us;
- Prior employers that provide us with employment references
You can obtain more information on the sources of personal information in ‘information we collect’. These are the business or commercial purposes for which the personal information was collected:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a demo, quote or ask a question about our products or services, we will use that personal information to respond to your inquiry.
- To provide, support, personalize, and develop our Website, products, and Services.
- To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email (with your consent, where required by law)
- For testing, research, analysis, and product development, including to develop and improve our Website, products, and Services.
You can obtain more information on the Business or Commercial purposes for which the personal information is collected in the sections, ‘what we do and collect and why’ and ‘how we use the information we collect’.
These are categories of third parties with whom we have shared your personal information:
- Data aggregators.
- Recruitment practices
You can obtain more information on the third parties with whom we have shared your data with in ‘how do we share your information’. In the previous (12) months, Bombora may have sold the following categories of personal information:
- Protected classification characteristics
- Internet or another similar network activity
- Geo location
You have the right to request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the preceding calendar year. This request is free. You also have the right not to be discriminated against for exercising any of the rights listed.
California residents may also designate an agent to make requests to exercise your rights under CCPA. As noted above Bombora will take steps both to verify the identity of the person seeking to exercise their rights, and to verify that your agent has been authorized to make a request on your behalf through providing us with a signed Power of Attorney. You may only make a verifiable consumer request for access or data portability twice within a calendar year.
California residents may exercise your rights described in this section by visiting a privacy request form to exercise and the right to know the data we may have on you. The right to request the deletion of the data we may have on you. Click here to opt-out of the sale of your personal information. You can also exercise these rights by emailing firstname.lastname@example.org with the subject “CA Privacy Rights”.
5.2 Your choices
Opting-out of Bombora cookies
If you wish to opt-out of being tracked by us using cookies (including to opt-out of receiving interest-based advertising from us), please go to our opt-out page.
Opting-out of interest-based advertising from cookies
You may opt-out of interest-based advertising from numerous companies that enable such advertising on those associations’ websites. Please access the DAA’s opt-out portal to do this. You may also opt-out of some of the interest-based advertising Partners that we work with by going to the Network Advertising Initiative (NAI) consumer choice page.
You may opt-out of ad targeting that is based on your activities across mobile applications and over time, through your device ‘settings’.
Opting-out of interest-based advertising in mobile applications
Our Subscribers and Partners may display interest-based advertising to you in mobile applications based on your use of these over time and across non-affiliated apps. To learn more about these practices and how to opt out, please visit https://youradchoices.com/, download the DAA’s AppChoices mobile app and follow the instructions provided in the AppChoices mobile app.
6. Other important information
6.1 Data security
Bombora takes precautions to protect data and information under its control from misuse, loss or alteration. Bombora has put in place appropriate technical and organizational measures to protect the information it collects through its Services and Websites. Bombora’s security measures include technology and equipment to help protect our information, maintains security measures regarding who may and may not access our information. Of course, no system or network can ensure or guarantee complete security, and Bombora disclaims any liability resulting from use of the Service or from third party hacking events or intrusions.
Our Websites and Services are not intended for children under 18 years old. If you are aware of personal information we have collected from a child under 18, we ask that you contact us via one of the methods listed in the ‘contact us’ section. If you are 16 years of age or older and a California Resident, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”). We do not collect, store or sell the personal information of consumers we actually know are less than 16 years of age.
6.3 Other websites
The Services or Websites may contain links to or integrations with other sites that Bombora does not own or operate. This includes links from Subscribers and Partners that may use the Bombora logo in a co-branding agreement, or websites and web services that we work with in order to provide the Services. For example, we might sponsor an event, or provide services in conjunction with other businesses. Bombora does not control and is not responsible for these parties’ sites, services, content, products, services, privacy policies or practices.
Likewise, if you permit Service Information to be collected and used through a website using the Services, you are choosing to disclose information to both Bombora and the third party with whose brand the website is associated. This Privacy Notice only governs Bombora’s use of your Service Information not the use of any information by any other party.
6.4 International data transfers
Our servers and facilities that maintain our Websites, Services and the information we collect are operated in the United States. With that said, we are an international business, and our use of your information necessarily involves the transmission of data on an international basis. If you are located in the U.K. European Union, Canada or elsewhere outside of the United States, please be aware that information we collect may be transferred to and processed in the United States and other applicable territories in which the privacy laws may not be as comprehensive as or equivalent to those in the country where you reside and/or are a citizen.
However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice. This includes implementing the European Commission’s Standard Contractual Clauses for transfers of personal information between our group companies, which require all group companies to protect personal information they process from the EEA in accordance with European Union data protection law. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.
6.5 Data retention and deletion
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (e.g. to comply with applicable legal, tax or accounting requirements, to enforce our agreements or comply with our legal obligations).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it. If this is not possible (e.g. because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
California “Do Not Track”
California law requires that operators of websites and online services disclose how they respond to a Do Not Track signal. Because there is not yet a common understanding of how to interpret Do Not Track signals, we do not currently respond to Do Not Track signals. However, we provide you with the ability to opt-out of the use of tracking technologies used to send you interest-based advertising as described above.
6.6 Changes to our Privacy Notice
We may revise this Privacy Notice from time to time to reflect changes in our practices or in the applicable law. When such changes are material in nature we will notify you either by prominently posting a notice of such changes prior to implementing them or by directly sending you a notification. We encourage you to review this Privacy Notice periodically. We will always show the date of the latest modification date of the Privacy Notice at the top of the page so you can tell when it has last been revised.
6.7 Contact us
If you have any questions about this Privacy Notice or Bombora’s privacy practices, please contact our Data Protection Office by submitting the ‘contact us’ form, or by mail using the details provided below:
US and EEA Residents
Attn: Havona Madama, Chief Privacy Officer – 419 Park Avenue South, Floor 12 New York, NY 10016
7. IAB Europe Transparency & Consent Framework
Bombora participates in the IAB Europe Transparency & Consent Framework (TCFv2) and complies with its Specifications and Policies. Bombora’s identification number within the framework is 163.