NITRO PRIVACY POLICY

[Last Modified: July 29, 2024]

This privacy policy (“Privacy Policy” or “Policy”) describes how Nitro which is owned and operated by Overwolf Ltd (“Nitro”, “we”, “us”, or “our”) collect, use and disclose certain information, including your personal information and the choices you can make about that information. 

Nitro operates a real-time, data-driven automation SaaS platform (“Platform”) for digital advertising and data management, facilitating, the integration, delivery and placement of advertisements or any other promotional or interactive  content (“Ads”) on behalf of  third party advertisers (including exchange, network, agency, brands, or other demand-side partners , and collectively “Advertisers”), on websites and digital assets owned by third party publishers (“Publishers”).

This Privacy Policy which is incorporated by reference in our website Terms of Use and the Advertising Representative Agreement (together the “Terms”), governs our processing practices with regards to (i) visitors of our website (“website“), (ii) Publisher and Advertisers or ad network partner using our Services (iii) end user interacts with our Publisher’s website (“End User”). 

For the purpose of this Privacy Policy a visitor, Publisher, Advertiser, ad network partner and End User collectively shall be referred to as “you” unless the distinction is required and the Website and Platform shall be referred as the “Services”  

This Privacy Policy applies to all users worldwide. If you are a resident of California, please refer to Section 14. Additional Privacy Information for California Residents for information about the categories of Personal Information we may collect and your rights under California privacy laws. If you are a resident of Colorado, Connecticut, Florida, Montana, Nevada, Oregon, Texas, Virginia, or Utah, please refer to Section 15. Additional Privacy Information for Certain United States Residents, which includes additional information about privacy rights for residents of certain U.S. jurisdictions.

Nitro participates in the IAB Transparency & Consent Framework and complies with its Specifications and policies. Nitro CMP number within the framework is 242.

  1. CONTACT INFORMATION AND DATA CONTROLLER INFORMATION:

Nitro is owned and operated by Overwolf Ltd a company incorporated under the laws of Israel, and it is the controller of your Personal Data.

You may contact us and our DPO as follows: 

  • By Email: dpo@overwolf.com
  • By Mail: Sapir Tower, 40 Tuval St. Ramat Gan, Israel, 5252247.

Representative for data subjects in the EU, UK and Switzerland: 

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g., requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website. https://prighter.com/q/13682628040.

  1. DATA SETS WE COLLECT AND FOR WHAT PURPOSE:  

You can find here information regarding the purposes for which we process your personal data as well as our lawful basis for processing, the definition of “personal” and “non-personal” data, and how it is technically processed.  

Non-Personal Data

During your interaction with our website and Services, we may collect aggregated, non-personal non-identifiable information, which may be made available or gathered via your access to and use of the Services (“Non-Personal Data “). We are not aware of the identity of the user from which the Non-Personal Data is collected. The Non-Personal Data being collected may include your aggregated usage information and technical information transmitted by your device, such as: the type of browser or device you use, language preference, time and date stamp, country location, etc.  

Personal Data

We may also collect from you, directly or indirectly, during your access or interaction with the website or Services, individually identifiable information, namely information that identifies an individual or may, with reasonable effort, be used to identify an individual (“Personal Data”). The types of Personal Data that we collect as well as the purpose for processing and the lawfulness are specified in the table below. 

We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning a person’s health or data concerning a person’s sex life or sexual orientation (“Special Categories of Personal Data”). 

The table below details the processing of Personal Data, the purpose, lawful basis, and processing operations: 

DATA SETPURPOSE AND OPERATIONSLAWFUL BASIS
WEBSITE 
Online Identifiers and Usage Data: When you access our website, we collect certain online identifiers such as: IP address, cookie ID, agent ID, unique identifiers (“Online Identifiers”). We use tools, pixels and cookies, provided by third party analytic and marketing providers which collect online behavior data, insights and segments on website visitors so that we can detect if you are a potential partner. This data includes your click stream data, which sites your visited, which pages you viewed on our website, etc. (“Usage Data”).  The Usage Data is usually connected to an Online Identifier. Maintaining the Website, Marketing and Analytics: First party cookies are strictly necessary and are used to enable the operation of the website. Third party cookies collect the Online Identifiers to provide us with analytic and marketing services. We use Usage Data for our marketing purpose and for identifying potential partners and prospects. We process the Online Identifiers and Usage Data through third party cookies based on consent which is provided through the cookie notice and consent manager. You may withdraw consent at any time by using the cookie management platform.  First party cookies are strictly necessary and processing of Online Identifiers is subject to our legitimate interest.
Contact Information:If you voluntarily contact us, you may be required to provide us with certain information such as your name, job title, company name, email address (“Contact Information”) and any additional information you decide to share with us. We will use this data to respond to your inquiry.We process such Contact Information subject to our legitimate interest. We may keep such correspondence if we are legally required to.  
ADVERTISERS AND PUBLISHERS
Account: When the publisher uses our Service, they will create an account or be designated with an account, from which you may use the Service and review the reports. The account information includes you Contact Information, billing information, access logs and usage data (such as the time and date the account was accessed the duration).Account information is processed solely to provide the Services.Processed for the purpose of fulfilling our contract obligations with. Usage data is used to fix errors and for our legitimate interest in improving our services. 
Email Address, Invoices: we will send publishers’ invoices, materials and marketing content through the email information you provided during your onboarding.  Direct Marketing: We will use this information to keep you updated with offers and content such as updates, new capabilities and features, and to send you invoices and supporting documentation. We process such information subject to our legitimate interest. You can opt-out at any time, however certain content (such as invoices) will still be sent. 
Information Provided Through Support: If you contact us for support, we will process your Contact Information and any other information you provide us withSupport: We process the information solely to provide you with the technical support needed.Processed for the purpose of fulfilling our contract obligations with.
END USER
End User Consent & Privacy PreferenceWhen you visit a Publisher’s website and are given the option to consent to the use of profiles for personalized advertising, your decision is saved and shared with Advertisers. This ensures that the advertisements you see align with your chosen preference.The collection and processing of your consent and privacy preferences enable us to (i) verify information about the transparency, consent, or objection to certain advertiser, processing activity etc. (ii) Retrieve or pass on consent strings. (iii) Respect signals communicated by a CMP or received from a third party who forwarded the signal originating from a CMP.We process such information subject to our legitimate interest as such processing is necessary in order to enable our service and to allow third party entities to respect your privacy preferences.
End User Data: We process certain information on End Users (“End User Data”): identifiers, unique identifier that may also be generated and created by third parties, IP address, Privacy or Preference String, TCF string, the URL the End User is browsing, the interaction with the ads or the publisher assets (viewed, clicked, etc.), country level location extracted from the IP,  type of browser, language, type of device and other technical data. Deliver and display contextual content and advertising, reporting and measurements: We use the End User Data to place contextual content, which is not advertisement. We share the End User Data with the advertisers so that they can display relevant advertisement to you. We use the aggregated End User Data to provide our publishers with insights and reports regarding their campaigns, meaning aggregated measurements and reporting. We process the End User Data upon consent provided through the consent string, TCF string. Otherwise, the aggregated data is used in our legitimate interest in providing the Service, and conducting research for improving the Service, all as detailed in the Legitimate Interest Claim below.In certain aspects of our Service, we act as the “data processor” or “service provider”, in which we will rely on our publishers to obtain the necessary lawful basis for processing the end user personal data.   

In certain cases, and subject to End User consent (where applicable), based on first party session cookies and data we, using third party solutions and technologies, generate and assign End Users with a unique ID (“Unified ID“). The Unified ID will enable us to customize the Service, advertisement and content as well as enhance your experience. We may use services of Predictive Pop Inc. d/b/a Audigent; Lotame Solutions, Inc; ID5 Technology Ltd; LiveRamp UK Limited; The Trade Desk Inc; Amazon; 33Across Inc; OpenX Technologies Inc in order to generate the Unified ID. For more information, please review:  Audigent Privacy Policy; Lotame Privacy Policy, ID5 Privacy Policy, LiveRamp Privacy Policy; TradeDesk Privacy Policy; Amazon Privacy Policy, 33Across Privacy Policy, OpenX Privacy Policy

Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of personal data to third-party countries, as further detailed in the Data Transfer Section, is based on the same lawful basis as stipulated in the table above. 

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on our legitimate interests. 

We may collect different categories of Personal Data and Non-Personal Data from you, depending on the nature of your interaction with the Services provided through the website and Platform, as detailed above. If we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal Data or for as long as it remains combined. 

  1. OUR LEGITIMATE INTEREST CLAIM:

In addition to the information provided above, we want to explain our legitimate interest in processing End User Data, as it’s crucial for the services we offer to Publishers, Advertisers and other ad network partners. When our Publishers show End User personalized ads based on End User interests, we usually rely on your consent to process your Personal Data, as explained in the table above. We then share your preferences with our Publishers and Advertisers. However, we sometimes need to use certain data, including Personal Data like Online Identifiers, for other important purposes: (a) Collecting and managing your consent and privacy choices; (b) Improving our services (c) Technically delivering the ads. For these specific purposes, we process data based on our legitimate interest. This approach is essential for: (i) Maintaining our platform and services (ii) taking action to make our services and platform secure; (iii) Demonstrating our compliance with privacy laws, particularly the GDPR (Articles 5(2) and 24). We believe this type of data processing is reasonably expected by End Users. We carefully assess our legitimate interests to ensure they don’t unfairly impact your rights and freedoms. If you have any concerns or questions about this, please don’t hesitate to contact us.

  1. HOW WE COLLECT YOUR INFORMATION: 

Depending on the nature of your interaction with us, we may collect the above detailed information from you, as follows: 

  • Automatically, when you visit our website including through the use of Cookies (as detailed below) and similar tracking technologies. 
  • When you voluntarily choose to provide us with information, such as when you contact us, all as detailed in this Policy. 
  • Provided from third-parties, such as our advertisers Unified ID provider and Publishers, including through our code implemented on publisher’s website
  1. COOKIES AND SIMILAR TECHNOLOGIES:

We use “cookies” and similar tracking technologies when you access or use our Website and Services. Such tracking technologies are small text files that a website (cookie) places and stores on your device while you are viewing or using such interfaces. Such tracking technologies are very helpful and can be used for various purposes. These purposes include: (i) allowing you to navigate between pages efficiently; (ii) enabling automatic activation of certain features; (iii) remembering your preferences; and (iv) making the interaction between you and our Services quicker and easier. 

Cookie PurposePrivacy Policy 
Google AnalyticsAnalytical & Measurement  www.google.com/policies/privacy/partnershttps://policies.google.com/technologies/managing?hl=en  https://tools.google.com/dlpage/gaoptoutFor additional information regarding our use of Google products, click HERE
IntercomFunctionalhttps://www.intercom.com/legal/cookie-policy
  1. DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH:

We share your data with third parties, including our advertisers and publishers or service providers that help us provide our Services. You can find here information about the categories of such third-party recipients. 

CATEGORY OF RECIPIENTDATA THAT WILL BE SHAREDPURPOSE OF SHARING
Advertisers and ad partners End User Data End User Consent and Privacy PreferencesEnabling the advertisers to display ads or content that best suit such web-page, as a part of our Services. We currently share the data with the following ad partners: Xandr Inc; Magnite, Inc.; Google LLC.; Amazon.com, Inc; Criteo S.A.; Sovrn Holdings, Inc.; Index Exchange Inc.; TripleLift, Inc.; Media.net Advertising FZ-LLC.; OpenX Technologies, Inc.; Sharethrough, Inc.; PubMatic, Inc.; Sonobi, Inc.; Vidazoo Ltd.; Epsilon Data Management, LLC.; Blockthrough, Inc.; Unruly Group Ltd.;
PublishersAs part of our Services, we provide our publishers with reports that includes measurements data of ads and other information on how effective the campaign is, the applicable revenues, the number of views or clicks the ad generated and where, etc. 
Third Party Fraud detection providers These service providers ensure the End Users’ are actual individuals and not fraudulent traffic. 
Service Providers 
All dataWe may disclose Personal Data to our service providers, contractors and third parties, including, but not limited to, our cloud and hosting provider, analytics and marketing providers, payment processors, recruitment providers, CRM systems, Salesforce, etc., the service providers are limited by contracts which limit their use of the data, and requires implementing security measures. The service providers process the data solely to provide the needed services. These entities are prohibited from using your Personal Data for any purposes other than providing us with requested services.
Any acquirer of our businessAll dataWe may share Personal Data, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy.
Governmental agencies or authorized third parties.Subject to law enforcement authority request.We may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose.

When we share information with services providers, Publishers and Advertisers, we ensure they only have access to such information that is strictly necessary for us to provide the Services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only while ensuring compliance with all applicable data protection regulations (such service providers may use other non-personal data for their own benefit).

  1. DATA RETENTION: 

We will retain your Personal Data for as long as necessary to fulfill the purposes outlined in this Privacy Policy. This includes retaining and using your data to comply with our legal obligations (e.g., if we need to keep your data to comply with applicable laws), resolve disputes, deliver our Services, and enforce our legal agreements and policies. Additionally, we will retain Personal Data and Usage Information for internal analysis purposes. This is necessary to improve the functionality of our Services and for legitimate business interests. We may also retain this data for longer periods when required by law.

Your Personal Data collected through our Services will be retained only for the period permitted by applicable law or as necessary for the specific purposes of collection. It will be deleted or anonymized once it no longer serves these purposes, thereby ceasing to be Personal Data. We clarify that under no circumstances will the retention period exceed five years from the date of collection. After your Personal Data is deleted or anonymized, you will no longer be able to exercise rights such as access, erasure, rectification, or data portability regarding that data.

  1. SECURITY MEASURES: 

Our top priority is to ensure the privacy of your Personal Information that we collect and use for the purpose of providing you with our Services. We are considering the sensitivity of data that we are storing and processing. Our security team and developers are following common security best practices integrated into each process and system, to protect them against common security threats. Our implemented security measures combine technological, administrative, and operational security controls together to ensure optimal security of all information assets.

  1. INTERNATIONAL DATA TRANSFER: 

In the event that we need to transfer your Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Furthermore, when Personal Data that is collected within the European Economic Area (“EEA“) is transferred outside of the EEA to a country that has not received an adequacy decision from the European Commission, we will take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance with the provision of the standard contractual clauses approved by the European Union. Thus, we will obtain contractual commitments or assurances from the data importer to protect your Personal Information, using contractual protections that EEA and UK regulators have pre-approved to ensure your data is protected (known as standard contract clauses), or rely on adequacy decisions issued by the European Commission. Some of these assurances are well-recognized certification schemes.

  1. USER RIGHTS

According to data protection and privacy laws may grant you with certain rights with regards to your Personal Data, all according to your jurisdiction. The rights may include one or all of the following: (i) request to amend your Personal Data we store accessing; (ii) review and access your Personal Data that we hold; (iii) request to delete your Personal Data that we hold (as long as we do not have a legitimate reason for retaining the data); (iv) restrict or object to the process your Personal Data; (v) exercise your right of data portability (vi) contact to a supervisory authority in your jurisdiction and file a complaint; and (vii) withdraw consent (to the extent applicable). You may exercise any or all of your above rights in relation to your Personal Data by email us your request to: privacy.nitro@overwolf.com.

When you contact us and request to exercise your rights regarding your Personal Data, we will require certain information from you in order to verify your identity and locate your data and that the process of locating and deleting the data may take reasonable time and effort, as required or permitted under applicable law. Data privacy and related laws in your jurisdiction may provide you with different or additional rights related to the data we collect from you, which may also apply.

You have the right to lodge a complaint with the EU Member State supervisory authority if you are not satisfied with the way in which we handled the complaint. 

  1. OPT OUT OPTIONS 

Interest-Based Advertising (“IBA”): We do not sell your Personal Data. We may “share” your Personal Data with third parties for personalized advertising purposes. If you wish to opt-out from the sharing of your personal data with third parties for the purpose of cross-contextual interest-based advertising there are many way to do so, as further detailed below. Please note that even if you opt-out you may still see personalized ads based on information other companies and ad networks have collected about you, if you have not opted out of sharing with them.

For IBA opt out options on desktop and mobile websites, please visit: 

Further, on every Publisher’s webpage you browse there are “cookie settings” through which you may opt out. 

  1. ELIGIBILITY AND CHILDREN PRIVACY:

We appreciate the need to provide extra privacy protections to users who are children. Our Services are intended for general audiences over the age of 16 years and therefore children under the age of 16 years old (or older pursuant to applicable jurisdiction) should not download or use our Services. We do not knowingly collect personal information from children. If you believe that we may have collected personal information from a device of a child under the age of 16 years old (or otherwise as applicable), or for any other relevant reason, please send us a request for deletion and restriction of processing of Personal Data to: privacy.nitro@overwolf.com

  1. POLICY AMENDMENTS: 

We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent version of the Policy will always be posted on the website. The updated date of the Policy will be reflected in the “Last Modified” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Policy will become effective within 30-days upon the display of the modified Policy. We recommend you review this Policy periodically to ensure that you understand our most updated privacy practices.

  1. ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS

This section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”) effective November 2020, and as amended by the CPRA, effective January 1, 2023. 

Please see the CCPA Privacy Notice which discloses the categories of personal information collected, purpose of processing, source, categories of recipients with whom the personal information is shared for a business purpose, whether the personal information is sole or shared, the retention period, and how to exercise your rights as a California resident.

  1. ADDITIONAL PRIVACY INFORMATION FOR CERTAIN UNITED STATES RESIDENTS 

Residents of certain U.S. states, including Colorado, Connecticut, Florida, Montana Nevada, Oregon Texas, Virginia, and Utah, may have additional rights under applicable privacy laws and be entitled to additional disclosures. 

Sale of Personal Data: We do not sell Personal Data. We may “share” Personal Information for “interest-based advertising” or “cross-context behavioral advertising” as further detailed in our CCPA Privacy Notice.

Consumer Rights:

Residents of certain U.S. states, including Colorado, Connecticut, Florida, Montana, Nevada, Oregon Texas, Virginia, and Utah, may have additional rights under applicable privacy laws, subject to certain limitations, which may include:

  • Access. The right to confirm whether we are processing their Personal Information and to obtain a copy of their Personal Information in a portable and, to the extent technically feasible, readily usable format.
  • Delete. The right to delete their Personal Information provided to or obtained by us.
  • Correct. The right to correct inaccuracies in their Personal Information, taking into account the nature and purposes of the processing of the personal information.
  • OptOut. To opt out of certain types of processing, including: (i) to opt out of the “sale” of their Personal Information; (ii) to opt out of targeted advertising by us; and (iii) to opt out of any processing of Personal Information for purposes of making decisions that produce legal or similarly significant effects.

You may submit a request to exercise most of your privacy rights under U.S. state privacy laws online by email us to: privacy.nitro@overwolf.com. When you submit a request, we will take steps to verify your identity and your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for denial and how to remedy any deficiencies, where applicable.

Authorized agents may initiate a request on behalf of another individual by contacting us at privacy.nitro@overwolf.com; authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

If we decline to take action on your request, we shall so inform you without undue delay, within the timeframe set out under applicable law. Our notification will include a justification for declining to take action and instructions on how you may appeal. Within the timeframe set out under applicable law of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the applicable authority or Attorney General of your jurisdiction (including – Colorado AG at https://coag.gov/file-complaint/; Connecticut Attorney General at: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318; Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform).

CCPA PRIVACY NOTICE

[Last Modified: July 29, 2024]

APPLICABILITY: The California Consumer Privacy Act of 2018 (“CCPA”), the California Privacy Rights Act of 2020 effective January 1, 2023 (“CPRA”), any other California privacy laws, and this CCPA privacy notice (“CCPA Notice”) apply to visitors, employees, users, and others who are California residents (“consumers” or “you”). Any terms defined in the CCPA and CPRA have the same meaning when used in this CCPA Notice. This CCPA Notice applies to California residents’ Personal Information, which we collect directly or indirectly while using our website or in order to provide you with our Services. Further, when and if applicable, the CCPA Notice will also disclose the use of employee Personal Information and business-to-business Personal Information. 

This CCPA Notice is an integral part of our Privacy Policy, and thus, definitions used herein shall have the same meaning as defined in the Privacy Policy.

PART I: A COMPREHENSIVE DESCRIPTION OF THE INFORMATION PRACTICES:

  1. CATEGORIES OF PERSONAL INFORMATION WE COLLECT

We collect Personal Information which is defined under the CCPA as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device, all as detailed in the table below. 

Personal Information further includes Sensitive Personal Information (“SPI”) as detailed in the table below. 

Personal Information does not include Publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; De-identified or aggregated consumer information; Information excluded from the CCPA’s or CPRA’s scope, such as Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA) and the Driver’s Privacy Protection Act of 1994.

We have collected the following categories of Personal Information within the last twelve (12) months:

CATEGORYEXAMPLECOLLECTED
A. Identifiers.A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.Yes: online identifiers, IP address, unique identifiers, real name, email address, account name.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.Some personal information included in this category may overlap with other categories.Yes: Name, email address. 
C. Protected classification characteristics under California or federal law.Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).No.
D. Commercial information.Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.No.
E. Biometric information.Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.No.
F. Internet or other similar network activity.Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.Yes: All mentioned in the category. 
G. Geolocation data.Physical location, approximate location derived from IP address or movements.Yes: Approximate location.
H. Sensory data.Audio, electronic, visual, thermal, olfactory, or similar information.No.
I. Professional or employment-related information.Current or past job history or performance evaluations.No.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.No.
K. Inferences drawn from other personal information.Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.No.
L. Sensitive personal information.Government-issued identifying numbers, financial account details, genetic data, precise geolocation, race or ethnicity, religious or philosophical beliefs, union membership, mail, email, text messages, biometric data, health data, and sexual orientation or sex life.No.
  1. CATEGORIES OF SOURCES OF PERSONAL INFORMATION 
  • Directly and indirectly from activity on our Services: For example, from website usage details or your interaction with our Services collected automatically from measurement tools. 
  • Directly from you: For example, from forms you complete, contact us, etc. 
  • From third-parties: For example, from vendors who assist us in performing services for consumers, advertising networks, internet service providers, data analytics providers, social networks, and data brokers. 
  • Publicly accessible sources. 
  1. USE OF PERSONAL INFORMATION

We may use the Personal Information collected as identified above, for the following purposes: To fulfill or meet the reason you provided the Personal Information; monitor and improve our Services; provide the supporting services for our Platform; market our Services; analyze your use of our Services; respond to law enforcement; or otherwise as detailed in our Privacy Policy. 

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice. 

  1. DISCLOSURES OF PERSONAL INFORMATION FOR A BUSINESS PURPOSE

We may disclose your Personal Information to a contractor or service provider for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract, we further restrict the contractor and service provider from selling or sharing your Personal Information. In the preceding twelve (12) months, we disclosed the following categories of Personal Information for a business purpose: 

Category (corresponding with the table above)Category of RecipientBusiness Purpose 
1Category ACategory BCategory FCategory GCloud computing, infrastructure, and storage vendors.Storage, hosting. 
2Government Entities and Law Enforcement.Subject to a law request.
3Operating systems, functionalities of the Services, and payment processors.Operating the Services, and for payment processing.
4Category A Category BCategory FCategory GProgrammatic systems.Measurement and Reporting. BizDev and internal development purposes. 
5Category A Category FCategory GData analysis providers.
Providing analytic data on the use of our Services. We limit the provider’s ability to share such information, as detailed above.
6Category A Category FCategory GMarketing & promotions providers, CRM providers, social networks, advertising networks.Marketing which is not cross-contextual, ad delivery.  For example, performance marketing such as email marketing, direct marketing, contextual ads and campaigns.  
7Category A Category BCategory FCategory GSecurity service providers and tools providers of debugging, error tracking and fixing, and fraud prevention. Security of the Services, as well as error fixing and debugging; andFraud prevention.
8Category A Category BCategory FCategory GDeveloping Services providers. Improving the Services, development, and optimization.
9Category A Category BCustomer support providers, and affiliated companies. Customer and technical support.
  1. SALE OR SHARE OF PERSONAL INFORMATION 

In the preceding twelve (12) months, we do not “sell” information as most people would commonly understand that term, we do not, and will not, disclose your Personal Information in direct exchange for money or some other form of payment.  

The CCPA defines “sharing” as “communicating orally, in writing, or by electronic or other means, a consumer’s personal information” to “a third party for cross-context behavioral advertising, whether or not for money or other valuable consideration”. In other words, we may share your Personal Information with a third party to help serve personalized content or ads that may be more relevant to your interests and to perform other advertising-related services such as enabling our partners to serve such personalized content.  

In the preceding twelve (12) months, we “sell” or “share” the following categories of Personal Information for a business purpose: 

CATEGORY (CORRESPONDING WITH THE TABLE ABOVE)CATEGORY RECIPIENTPURPOSE OF SALE OR SHARE
Category ACategory FCategory Gmarketing and analytic tools.Share for targeted advertising. 
  1. CHILDREN UNDER AGE 16

We do not knowingly collect information from children under the age of 16.

  1. DATA RETENTION

In general, we retain the Personal Information we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to opt-out, where applicable. 

The retention periods are determined according to the following criteria:

  1. For as long as it remains necessary to achieve the purpose for which the Personal Information was initially processed. For example: if you contact us, we will retain your contact information for at least until we address your inquiry.
  2. To comply with our regulatory obligations. For example: transactional data will be retained for up to seven years (or even more under certain circumstances) for compliance with our bookkeeping obligations purposes.
  3. To resolve a claim we might have or a dispute with you, including any legal proceeding between us, until such dispute is resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods.

Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice of our intention to do so.

UPDATES:

This notice was last updated on July 24, 2024. As required under the CCPA, we will update our CCPA Notice every 12 months. The last revision date will be reflected in the “Last Modified” heading at the top of this CCPA Notice.

PART II: EXPLANATION OF YOUR RIGHTS UNDER THE CCPAAND HOW TO EXERCISE THEM

  1. YOUR RIGHTS UNDER THE CCPA 

If you are a California resident, you may exercise certain privacy rights related to your Personal Information. You may exercise these rights free of charge except as otherwise permitted under applicable law. We may limit our response to your exercise of these privacy rights as permitted under applicable law, all as detailed herein and in the Privacy Policy.

CALIFORNIA PRIVACY RIGHTDETAILS 
The right to know what Personal Information the business has collected. The right to know what Personal Information the business has collected about the consumer, including the categories of personal information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom the business discloses Personal Information and the specific pieces of Personal Information the business has collected about the consumer.
Deletion Rights.The right to delete Personal Information that the business has collected from the consumer, subject to certain exceptions. 
Correct Inaccurate InformationThe right to correct inaccurate Personal Information that a business maintains about a consumer.
Opt-Out of Sharing for Cross-Contextual Behavioral AdvertisingYou have the right to opt out of the “sharing” of your Personal Information for “cross-contextual behavioral advertising,” often referred to as “interest-based advertising” or “targeted advertising.”
Opt-out from Selling You have the right to opt out of the sale or sharing of Personal Information by the business.
Limit the Use or Disclosure of SPIUnder certain circumstances, If the business uses or discloses SPI, the right to limit the use or disclosure of SPI by the business. 
Opt-Out of the Use of Automated Decision MakingIn certain circumstances, you have the right to opt out of the use of automated decision-making concerning your Personal Information. 
Non-DiscriminationThe right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicant’s, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights, denying a consumer goods or services, charging different prices or rates for goods or services, providing you a different level or quality of goods or services, etc. We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by your Personal Information.
Data PortabilityYou may request to receive a copy of your Personal Information, including specific pieces of Personal Information, including, where applicable, to obtain a copy of the Personal Information you provided to us in a portable format.

To learn more about your California privacy rights, please visit https://oag.ca.gov/privacy/privacy-laws.

  1. HOW CAN YOU EXERCISE THE RIGHTS?

We provide the option to opt out of Sharing for Cross-Contextual Behavioral Advertising or Selling Personal Information by using the following opt-out options: 

Otherwise please submit a request to exercise your rights to privacy.nitro@overwolf.com.  

To opt-out of the sale or sharing of Personal Information, you may also directly opt-out from third-party retargeting cookies or other ad-technology trackers through self-regulatory services. For more information, please visit:

  • Digital Advertising Alliance (US) HERE 
  • Digital Advertising Alliance (Canada) HERE 
  • Digital Advertising Alliance (EU) HERE  
  • Network Advertising Initiative HERE 
  • Digital Advertising Alliance AppChoices HERE
  • You can also opt out of interest-based advertising with some of the service providers we use, such as Google HERE, and Google Analytics HERE.  
  • To learn even more about how to affect advertising choices on various devices and different versions, please look at the information available HERE.
  1. AUTHORIZED AGENTS 

“Authorized agents” may submit opt-out requests on a consumer’s behalf. If you have elected to use an authorized agent, or if you were an authorized agent who would like to submit requests on behalf of a consumer, the following procedures will be required prior to acceptance of any requests by an authorized agent on behalf of a California consumer. Usually, we will accept requests from qualified third parties on behalf of other consumers, regardless of either the consumer or the authorized agent’s state of residence, provided that the third party successfully completes the following qualification procedures:

  1. When a consumer uses an authorized agent to submit a request to know or a request to delete, a business may require that the consumer do the following:
    1. Provide the authorized agent signed permission to do so or power of attorney. 
    2. Verify their own identity directly with the business.
    3. Directly confirm with the business that they provided the authorized agent permission to submit the request.
  2. A business may deny a request from an authorized agent that does not submit proof that they have been authorized by the consumer to act on their behalf.
  1. Notice of Financial Incentive

We do not offer financial incentives to consumers for providing Personal Information.

PART III: OTHER CALIFORNIA OBLIGATIONS 

Direct Marketing Requests: California Civil Code Section 1798.83 permits you, if you are a California resident, to request certain information regarding the disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please email us to: privacy.nitro@overwolf.com

Do Not Track Settings: Cal. Bus. and Prof. Code Section 22575 also requires us to notify you how we deal with the “Do Not Track” settings in your browser. As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we do not respond to the Do Not Track settings. Do Not Track is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit www.donottrack.us

CONTACT US 

Nitro.

By Mail: Sapir Tower, 40 Tuval St. Ramat Gan, Israel, 5252247.

By Email: privacy.nitro@overwolf.com.   

© Overwolf. All rights reserved.