Last Updated: 10/03/2019
Bombora, Inc., its global subsidiaries (collectively, “Bombora”, “we”, “us”, or “our”) value the privacy of the persons (“you” or “your”) whose information we collect or receive. This privacy notice (“Notice“) explains who we are, how we collect, use and share personal information about you, and how you can exercise your privacy rights.
The Notice covers personal information we collect:
a) When providing information to the Bombora hosted platform and related analytics products, including Company Surge® Analytics , Audience Solutions and Visitor Insights (the “Services“) (see ‘privacy for our services’).
b) When you visit one of our corporate websites (such as https://bombora.com/) (“Website“) and/or over the usual course of our business practices, such as in connection with our events, sales and marketing activities (see ‘privacy for our websites’).
We recommend that you read this Notice completely to ensure you are fully informed. However, to make it easier for you to review those parts of this Notice which apply to you, we have divided up the document into the following sections:
1. Who we are
Bombora provides a hosted platform and related analytics products including Company Surge® Analytics , Audience Solutions and Visitor Insights (the “Services“) to publishers, agencies and marketers (our “Clients“). Through the services, Bombora provides business-to-business demographic, firmographic and Intent data to our Clients to help them better connect and target organizations they want to reach (we refer to the individuals in those organizations as “End Users“).
Bombora and its partners engage in tracking End Users’ interactions with business-to-business content across various digital properties like web registration forms, widgets, websites and webpages (whether accesses via computer, mobile or tablet device or other technologies) (“Digital Properties“). We than take this data and aggregate the information collected into demographic segments, such as company revenue and size, functional area, industry, professional group, and seniority. This helps Clients customize engagement based on topics that organizations are interested in and the intensity of that consumption.
2. Privacy for our services
This section describes how we collect and use information we receive or collect from End Users through the Services (we refer to this collectively as “Service Information“). This includes details about the type of information we collect automatically, the types of information we receive from other sources and the purposes of those collections.
2.1 What information do we collect and why?
Information we collect automatically
We use and deploy various cookies and similar tracking technologies (see ‘cookies and similar technologies’ ) to automatically collect certain information about your device when you interact with Digital Properties that use our technology. Some of this information, including your IP address and certain unique identifiers, may identify a particular computer or device and may be considered “personal data” in certain jurisdictions including in the European Economic Area (“EEA“). However, Bombora does not collect any information that enables us to identify you personally such as your name, mailing address or email address.
We collect this information by assigning a random unique identifier (“UID“) to your device the first time you interact with a Digital Property that uses our technology. This UID is then used to associate you with information we collect about you.
The information we automatically collect may include:
- Information about your device such as the type, model, manufacturer, operating system (e.g. iOS, Android), carrier name, time zone, network connection type (e.g. Wi-Fi, cellular), IP address and unique identifiers assigned to your device such as its iOS Identifier for Advertising (IDFA) or Android Advertising ID (AAID or GAID).
- Information about your online behavior such as information about the activities or actions you take on Digital Properties we work with. This may include time spent on a web page, whether you scroll or click on an ad or a web page, session start/stop time, time zone, your referring website address, and geo-location (including city, country, zip code and potentially geographic co-ordinates if you have enabled location services on your device) pages and times visited.
- Information about ads served, viewed, or clicked on such as the type of ad, where the ad was served, whether you clicked on it and the number of times you have seen the ad.
Information we receive from other sources
We may also combine, merge, and/or enhance the information we collect about you. This can include the information we collect about you with information collected from third parties such as other web-based and mobile networks, exchanges and websites (“Partners“) or our Clients (for example, they may upload certain “offline” data into the Services). View a list of our current partners. In addition, the Service Information we automatically collect may be combined and associated with business profile information that we infer about you.
This information may include hashed identifiers derived from other information such as email addresses, mobile device IDs, demographic or interest data (like your industry, employer, company size, job title or department) and content viewed or actions taken on a Digital Property.
We use the Services Information as follows:
- To provide the services to our Clients. Generally we use the Service Information to help Clients better understand their current and prospective customers and market trends. This enables Clients to better target and customize websites, content, other general marketing efforts and to measure and optimize the performance of their marketing.
- To build various inferenced data segments (“Data Segments”). We may use the Service Information to build Data Segments related to, for instance, the industry you are in or the type of content you or the organization you work for appear to be interested in. We use these Data Segments to help our Clients understand their own customers, evaluate customer and market trends and create reports and scoring regarding their customer’s behavior. The Data Segments also may be associated with UIDs, cookies and/or mobile device advertising IDs.
- To do “interest-based advertising”. We sometimes use or work with Clients and Partners that use UIDs or other information derived from information such as email hashes. This information in turn may be associated with cookies and may be used to target ads to you that are based on “offline” interest-based segments – such as your interests, transactions or demographic information – or used by Clients that target and analyze such ads. This is often known as “interest-based advertising.” You can find out more about this type of advertising at the DAA’s website.
- To do cross-device tracking. We (or our Partners and Clients we work with) may use the Service Information (e.g. the IP addresses and UIDs) to try to locate the same unique users across multiple browsers or devices (e.g. smartphones, tablets or other devices), or work with providers that do this in order to better target ad campaigns to common sets of End Users. For example, a brand may wish to target customers that it usually recognizes on web browsers through mobile apps.
- To do “user matching”. We (or our Partners) may use the Services Information, in particular various UIDs, to sync cookies and other identifiers with other Partners and Clients (i.e. to do “user matching“). For example, in addition to the UID’s an End User has been assigned in our system, we may also receive a list of UIDs our Partners or Clients have assigned to an End User. When we identify matches, we then let our Clients and Partners know in order to help them do any of the above, including enhancing their own data and Data Segments, to do interest-based advertising or provide insights to other customers. For instance, we use Facebook Custom Audiences to do user matching
- As we believe to be necessary or appropriate:
a) under applicable law including laws outside your country of residence
b) to comply with legal processes
c) to respond to requests from public and government authorities including authorities outside your country of residence
d) to enforce our terms and conditions
e) to protect our operations or those of any of our affiliates
f) to protect yours, our affiliates and/or our rights, privacy, safety or property
g) to allow us to pursue available remedies or limit the damages that we may sustain.
- To evaluate, operate or improve the Services.
2.2 Cookies and similar technologies
Our Partners, our Clients and we use various UIDs, cookies and similar tracking technologies to automatically collect information from End Users across various Digital Properties (as previously described above). Please review our Cookie Statement for further information.
2.3 Legal basis for processing personal information (EEA residents only)
If you are an individual from the EEA, our legal basis for collecting and using personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we normally rely on our legitimate interests to collect personal information from you, except where such interests are overridden by your data protection interests or fundamental rights and freedoms. Where we rely on our legitimate interests to process your personal information, they include the interests described in the ‘what information do we collect and why’ section above.
In some cases, we may rely on our consent or have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person. If we rely on consent to collect and/or process your personal information, we will obtain such consent in compliance with applicable laws.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the ‘contact us section below.
3. Privacy for our websites
This section describes how we collect and use information from users of our Websites, visitors to our Websites and in the usual course of our business in connection with our events, sales and marketing activities.
3.1 Information we collect
3.2 Information you provide to us
Certain parts of our Websites may ask you to provide personal information voluntarily. For example, we collect personal information when you register for a Bombora account, apply for a job at Bombora, request a demo, express an interest in obtaining additional information about Bombora or our Services, subscribe to marketing emails or otherwise contact us.
The personal information we collect may include contact information (e.g. your name, mailing address, telephone number or email address) and contact preferences. It may also include professional information (e.g. your job title, department or job role) as well as the nature of your request or communication.
3.3 Information we collect automatically
When using our Website, we may automatically collect certain information from your device. In some countries including countries in the EU, this information may be considered personal data under data protection laws. The information we collect automatically may include your IP address, your operating system, your browser ID, your browsing activity and other
3.4 Information we collect from third party sources
We may partner with certain third parties to collect information on our Websites to engage in analysis, auditing, research, reporting and to deliver advertising that we believe may interest you based on your activity on our Websites and other websites over time. These third parties may set and access cookies on your computer or other device and may also use pixel tags, web logs, web beacons, or other similar technologies. For more information about these practices and how to opt out, please see our Cookie Statement.
3.5 How we use the information we collect
We will use your personal information for the following purposes:
- To respond to or provide you with information you request
- To provide and support our Websites and Services
- If you have an account with Bombora, to send administrative or account related information to you
- If you have applied for a role with Bombora, for recruitment related purposes
- To post testimonials with your prior consent
- To communicate with you about our events or our partner events
- To provide you with marketing and promotional communications (where this is in accordance with your marketing preferences). For more information about managing your marketing preferences, please see ‘your data protection rights’ below.
- To comply with and enforce applicable legal requirements, agreements and policies
- To prevent, detect, respond and protect against potential or actual claims, liabilities, prohibited behavior and criminal activity
- For other business purposes such as data analysis, identifying usage trends, determining the effectiveness of our marketing and to enhance, customize and improve our Websites and Services
4. General information
This section describes how your information is shared, details about cookies and other tracking technologies, your data protection rights and other general information.
4.1 How do we share your information
Your personal information collected from our Services and Websites may be disclosed as follows:
- Clients and Partners. If you are an End User, we share Service Information with Clients and Partners for purposes relevant to our business relationship with them and for purposes described in this Notice. Our Clients and Partners are obligated to use the information they receive in compliance with applicable laws.
- Vendors, consultants and service providers. We also share the Service Information with a variety of third party service providers to help us to operate, secure, monitor, operate and evaluate the Services. Examples of this include to assist with technical, operational, or hosting support, software and security services or to enable other services that we offer.
- Website advertising partners. We may partner with third party advertising networks and exchanges to display advertising on our Websites, or to manage and serve our advertising on other sites and may share your personal information with them for this purpose.
- Vital interests and legal rights. We may disclose information about you if we believe it necessary to protect the vital interests or legal rights of Bombora, you or any other person.
- Corporate affiliates and transactions. We may provide your information to our affiliates (meaning any subsidiary, parent company or company under common control with Bombora). Our affiliates will use your information only for the purposes described in this Notice.
- Potential acquirers of our business. If Bombora is involved in a merger, acquisition or sale of all or a portion of its assets, your information may be shared or transferred as part of that transaction with the relevant potential buyer, its agents and advisors, as permitted by law. Please note that any potential buyer will be informed that they should use your information only for the purposes disclosed in this Notice.
- Compliance with laws. We may disclose your information to any competent law enforcement body, regulator, government agency court or other third party where we believe disclosure is necessary:
i) as a matter of applicable law or regulation
ii) to exercise, establish or defend our legal rights
iii)to protect your vital interests or those of any other person.
4.2 Cookies and other tracking technologies
4.3 Data subject requests and your data protection rights
Please complete the below data subject request form to request a copy of your Platform and/or Business data from Bombora. The information you supply in this form will only be used to identify the platform and/or business data you are requesting and responding to your request. Once you submit a subject access request form we will endeavor to respond to you within 72 hours of receipt of your request. Please allow Bombora 40 days to process your request. You can also email email@example.com with any questions or queries you have regarding your data.
You have the following data protection rights:
- You can request access to, or that we change, update or delete your personal information, at any time by completing the above form. Please note that we may impose a small fee for access and disclosure of your personal information where permitted under applicable law which will be communicated to you.
- In addition, if you are a resident of the European Economic Area, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. To exercise these rights please complete the above form.
- You can opt-out of receiving promotional emails from us by clicking the “unsubscribe” link in the email or by completing the above form. Please see ‘your choices’ below for further information about your opt-out choices. If you choose to no longer receive marketing information, we may still communicate with you regarding your security updates, product functionality, responses to service requests, or other transactional, non-marketing, or administrative related purposes.
- If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds
other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. Click here to access contact details for data protection authorities in the EEA.
Please note that because most of the information we store can only identify a particular browser or device, and cannot identify you individually, you will need to provide us with some additional information to enable us to identify the personal information we hold about you and ensure that we accurately fulfill your request.
4.4 Your choices
Opting-out of Bombora cookies
If you wish to opt-out of being tracked by us using cookies (including to opt-out of receiving interest-based advertising from us), please go to our opt-out page.
Opting-out of interest-based advertising from cookies
You may opt-out of interest-based advertising from numerous companies that enable such advertising on those associations’ websites. Please access the DAA’s opt-out portal to do this. You may also opt-out of some of the interest-based advertising Partners that we work with by going to the Network Advertising Initiative (NAI) consumer choice page.
You may opt-out of ad targeting that is based on your activities across mobile applications and over time, through your device ‘settings’.
Opting-out of interest-based advertising in mobile applications
Our Clients and Partners may display interest-based advertising to you in mobile applications based on your use of these over time and across non-affiliated apps. To learn more about these practices and how to opt out, please visit http://www.aboutads.info/appchoices, download the DAA’s AppChoices mobile app and follow the instructions provided in the AppChoices mobile app.
4.5 Data security
Bombora takes precautions to protect data and information under its control from misuse, loss or alteration. Bombora has put in place appropriate technical and organizational measures to protect the information it collects through its Services and Websites. Bombora’s security measures include technology and equipment to help protect our information, and Bombora maintains security measures regarding who may and may not access our information. Of course, no system or network can ensure or guarantee complete security, and Bombora disclaims
any liability resulting from use of the Service or from third party hacking events or intrusions.
Our Websites and Services are not intended for children under 13 years old. If you are aware of personal information we have collected from a child under 13, we ask that you ‘contact us’ located in the below section.
4.7 Other websites
The Services or Websites may contain links to or integrations with other sites that Bombora does not own or operate. This includes links from Clients and Partners that may use the Bombora logo in a co-branding agreement, or websites and web services that we work with in order to provide the Services. For example, we might sponsor an event, or provide services in conjunction with other businesses. Bombora does not control, is not responsible for these parties’ sites, services, content, products, services, privacy policies or practices.
Likewise, if you permit Service Information to be collected and used through a website using the Services, you are choosing to disclose information to both Bombora and the third party with whose brand the website is associated. This Privacy Notice only governs Bombora’s use of your Service Information not the use of any information by any other party.
4.8 International data transfers
Our servers and facilities that maintain our Websites, Services and the information we collect are operated in the United States. With that said, we are an international business, and our use of your information necessarily involves the transmission of data on an international basis. If you are located in the European Union, Canada or elsewhere outside of the United States, please be aware that information we collect may be transferred to and processed in the United States and other applicable territories in which the privacy laws may not be as comprehensive as or equivalent to those in the country where you reside and/or are a citizen.
However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Notice. This includes implementing the European Commission’s Standard Contractual Clauses for transfers of personal information between our group companies, which require all group companies to protect personal information they process from the EEA in accordance with European Union data protection law. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards with our third party service providers and partners and further details can be provided upon request.
4.9 Data retention and deletion
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (e.g. to comply with applicable legal, tax or accounting requirements, to enforce our agreements or comply with our legal obligations).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it. If this is not possible (e.g. because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
4.10 Changes to our Privacy Notice
We may revise this Privacy Notice from time to time to reflect changes in our practices or in the applicable law. When such changes are material in nature we will notify you either by prominently posting a notice of such changes prior to implementing them or by directly sending you a notification. We encourage you to review this Privacy Notice periodically. We will always show the date of the latest modification date of the Privacy Notice at the top of the page so you can tell when it has last been revised.
4.11 Contact us
If you have any questions about this Notice or Bombora’s privacy practices, please contact our Data Protection Office by submitting the above form, or by mail using the details provided below:
|US and EEA Residents|
|Attn: Havona Madama, Chief Privacy Officer
257 Park Avenue South, Floor 6
New York, NY, United States 10010
If you are resident in the EEA, your data controller is Bombora, Inc.
Back to top
5.0 IAB Europe Transparency & Consent Framework
Bombora participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. Bombora’s identification number within the framework is 163.