Privacy Policy

Liftoff

Privacy Policy

Effective: January 2025

Table of contents:

We recommend that you read this Privacy Policy in full to ensure that you are completely informed about your personal data. To access a particular section, you can click on the relevant link above.

I. WHO WE ARE

Liftoff Mobile, Inc. (“Company,” “we,” “us,” “our”) is a mobile advertising company that provides customers with an advertising and optimization platform and software (the “Services”).

We are the data controller of the personal information that we collect from you. The company is registered in Delaware (registration number C3511707), with registered office at 555 Bryant Street, Suite #133, Palo Alto CA 94301.

We respect your right to privacy. “You” will fall into one of four categories:

  • “Site Visitor”: accessing or browsing the www.liftoff.io site (the “Site”);
  • “Customer”: requesting the provision of Services from us;
  • “Partner”: providing services to us, to allow us to provide Services to our Customers: or
  • “Targeted End User”: using mobile apps provided to you by our Customers (acting as an “End User”).

This Privacy Policy applies to the Site and our Services. It describes how we collect, use, share and store your personal information, as well as your privacy rights and choices. Please note that this Privacy Policy does not apply to the practices of companies that we do not own or control.

You can contact us in relation to this Privacy Policy by email at [email protected] or [email protected], or using the additional contact details provided in Section XIII titled “Complaints, Questions and Suggestions”.

II. THE PERSONAL INFORMATION WE PROCESS

The type of personal information that we collect and process falls into three categories, as further detailed below:

  1. Information we collect from Customers and Partners in connection with the provision of our Services;
  2. Information we collect and use when Targeted End Users interact with our Customers’ mobile applications; and
  3. Information that we collect from Site Visitors using the Site.

We do not collect any sensitive personal information about you, such as health-related information or information about your race or ethnicity, or sexual orientation.

A. Information We Collect from Customers and Partners

If you are one of our Customers or Partners (e.g., a representative of one of our Customers or Partners), the table below describes the categories of personal information we collect from and about you, as well as the source (i.e., from whom we obtain it):

Categories of personal information

Source

Identification and Contact Data such as your name, contact information (e.g., email and telephone), account credentials and profile information.

  • Directly from you

Transaction Data such as your payment information.

  • Directly from you

Communication Data such as information you provide in your communications with us.

  • Directly from you

Device Data including technical information such as your IP address, your ISP, browser type and version, device type, operating system, generic geographic location, unique device identification numbers or other identifiers (including advertising identifiers).

  • Directly from you
  • Indirectly from you

Usage Data such as account activity and Site interaction, including information that we capture using cookies and similar technologies (see Section IV titled “Cookies and similar tracking technologies”).  This will include page views and searches, clicks, information about content viewed, time and length of visits, traffic data, and other functional information on Site performance (for example, application version information, diagnostics, and crash logs).

  • Indirectly from you

Advertising and Marketing Data including your interests based on your use of our Site and other websites and online services, your preferences in relation to receiving marketing materials from us, your communication preferences, and your preferences for particular products or services.

  • Directly from you
  • Indirectly from you
  • Third parties

Location Data from which we can identify your approximate location.

  • Indirectly from you

B. Information We Collect and Use About Targeted End Users When They Interact With Our Customers’ Mobile Applications

If you are a Targeted End User, the table below describes the categories of personal information we collect from and about you, as well as the source (i.e., from whom we obtain it).

Categories of personal information

Source

Device Data including technical information such as your IP address, Internet service provider (ISP), device information (inc. ID, make, manufacturer, operating system and language settings), browser type, generic geographic location (such as country or zip code, as well as the granular latitude and longitude coordinates), carrier, Android ID or Identifier for Advertisers (IDFA), connection speed.

Your device might be considered as likely linked to other devices that belong to you or your household (e.g., because you are logged in to the same service on both your phone and your computer, or because you may use the same Internet connection on both devices).

Characteristics specific to your device might be requested from you and used to distinguish it from other devices (such as the installed fonts or plugins, the resolution of your screen).

  • Indirectly from you
  • Third parties

Usage Data such as your activity on a Customer’s app and other websites or apps (e.g., forms you submit, content you look at) and Site interaction, including information that we capture using cookies and similar technologies (see Section IV titled “Cookies and similar tracking technologies”). This will include app usage information, referring/ exit pages, pages and content viewed, clickstream data, and date/ time stamp.

Information about your activity on a Customer’s app service may be matched and combined with other information relating to you and originating from various sources (e.g., your activity on a separate online service, your use of a loyalty card in-store, or your answers to a survey).

  • Indirectly from you

Preferences regarding the processing of your data.

  • Directly from you

Ad Engagement Data such as information regarding which advertising is presented to you and how you interact with it (e.g., whether you saw an ad, whether you clicked on it, whether it led you to buy a product or download an app, etc.)

  • Indirectly from you

Location Data from which we can identify your approximate location.

  • Indirectly from you

C. Information We Collect via Our Site

The table below describes the categories of personal information we collect from and about you when you visit our Site:

Categories of personal information

Source

Identification and Contact Data such as your name, contact information (e.g., email), account credentials and profile information.

  • Directly from you

Communication Data such as information you provide in your communications with us, and any other information that you actively provide to us via our Site

  • Directly from you

Device Data including technical information such as your IP address, your ISP, browser type and version, device type, operating system, generic geographic location (country), unique device identification numbers or other identifiers (including advertising identifiers).

  • Indirectly from you

Usage Data such as Site interaction, including information that we capture using cookies and similar technologies (see Section IV titled “Cookies and similar tracking technologies”).  This will include page views and searches, clicks, time and length of visits, traffic data, weblogs and other communication data, and other functional information on Site performance (for example, application version information, diagnostics, and crash logs).

  • Indirectly from you

Third-party Data including marketing data

We combine this data with information we already have about you to help us to update, expand and analyse our records, identify new Customers, deliver our marketing services and provide more tailored advertising, products and Services.

If you provide us with personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.

  • Third parties (including email, marketing and analytics services, as well as publicly available databases)
III. HOW WE USE YOUR PERSONAL INFORMATION (OUR PURPOSES) AND OUR LEGAL BASIS FOR PROCESSING IT

We use the personal information that we collect from and about you only for the purposes described in this Privacy Policy or for purposes that we explain to you at the time we collect your information. Depending on our purpose for collecting your information, we rely on one of the following legal bases:

  • Contract – we require certain personal information in order to provide and support the Services you request from us;
  • Consent – in certain circumstances, we may ask for your consent (separately from any contract between us) before we collect, use, or disclose your personal information, in which case you can voluntarily choose to give or deny your consent without any negative consequences to you;
  • Legitimate interests – we will use or disclose your personal information for our or a third party’s legitimate interests, but only (i) in a way that is reasonable for you to expect as part of the running of our business and which does not materially affect your rights and freedoms, and (ii) when we are confident that your privacy rights will remain appropriately protected. These interests will normally be to: (i) operate, provide and improve our business, including our Services; communicate with you and respond to your questions; (ii) improve our Site or use the insights to improve or develop marketing activities and promote our Services; (iii) detect or prevent illegal activities (for example, fraud); and/or (iv) to manage the security of our IT infrastructure, and the safety and security of our employees, customers, vendors and visitors; or
  • Legal obligation – there are instances where we must process and retain your personal information to comply with laws or to fulfil certain legal obligations.

A. Information We Collect from Customers and Partners

If you are one of our Customers or Partners (e.g., a representative of one of our Customers or Partners), the table below provides more details on our purposes for processing your personal information and the related legal bases. The legal basis under which your personal information is processed will depend on the data concerned and the specific context in which we use it.

Purpose/ activity

Categories of personal information

  • Legal basis

Provide our Services

  • Register, manage and administer your account
  • Fulfil your request for our Services
  • Service-related communications (inc. Service updates, confirmations and support)
  • Identification and Contact Data
  • Transaction Data
  • Communication Data
  • Device Data
  • Usage Data
  • Location Data
  • Performance of a contract with you

Improve our Services

Analyse metrics related to transactions and behaviour (online and offline) to assess trends and the effectiveness of our advertising and marketing campaigns (inc. our “Mobile Heroes” programme), to help us understand your needs and provide you with better service and offers, to drive customer engagement, promote our business, and inform business decisions.

  • Identification and Contact Data
  • Transaction Data
  • Communication Data
  • Device Data
  • Usage Data
  • Advertising and Marketing Data
  • Consent (where required under applicable law)
  • Otherwise, our legitimate interests (to operate, provide and improve our business)

Personalise and customise your experience including to provide targeted content, marketing, ads and other information to Customers

  • Identification and Contact Data
  • Transaction Data
  • Communication Data
  • Device Data
  • Usage Data
  • Advertising and Marketing Data
  • Location Data
  • Consent (where required under applicable law)
  • Otherwise, our legitimate interests (to operate, provide and improve our business)

To receive services from you or the business you represent (where you or your business is a Partner)

  • Identification and Contact Data
  • Communication Data
  • Performance of a contract with you

Manage compliance with our terms of service and related internal reporting

  • Identification and Contact Data
  • Device Data
  • Usage Data
  • Advertising and Marketing Data
  • Performance of a contract with you
  • Otherwise, our legitimate interests (to operate, provide and improve our business)
  • Legal obligation

Administer and maintain our Site and IT systems including monitoring, troubleshooting, data analysis, testing, system maintenance, repair and support, reporting and hosting of data

  • Identification and Contact Data
  • Device Data
  • Usage Data

Our and our third parties’ legitimate interests (to operate, provide and improve our business; to detect or prevent Illegal activities (e.g. fraud) and/or to manage the security of our IT infrastructure).

Protect our legal rights including where necessary, to share information with law enforcement and others (e.g., to defend claims against us and to conduct litigation to defend our interests)

  • Identification and Contact Data
  • Transaction Data
  • Communication Data
  • Device Data
  • Usage Data
  • Our legitimate interests to protect our business interests
  • Legal obligation

Comply with legal and regulatory obligations including our obligations to respond to your requests under data protection law

  • Identification and Contact Data
  • Transaction Data
  • Communication Data
  • Device Data
  • Usage Data

Legal obligation

Customers and Partners wishing to opt out of receiving marketing and advertising communications from Liftoff can click “UNSUBSCRIBE” in marketing emails or email us at [email protected] or [email protected].

When you provide us with personal information about your contacts, we will only use this information for the specific reason for which it is provided in order to reach out to the individual (including those individuals nominated as a mobile hero). If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at [email protected] or [email protected].

B. Information We Collect and Use About Targeted End Users When They Interact With Our Customers’ Mobile Applications

If you are a Targeted End User, the table below provides more details on our purposes for processing your personal information and the related legal bases. The legal basis under which your personal information is processed will depend on the data concerned and the specific context in which we use it.

Purpose/ activity

Categories of personal information

Legal basis

Personalise, target and deliver advertising including to create an advertising profile of you

  • We build or improve a profile about you to present advertising that appears more relevant based on your possible interests.
  • To ensure the technical compatibility of the content or advertising, and to facilitate the transmission of the content or ad to your device.
  • Device Data
  • Usage Data
  • Preferences
  • Location Data

Consent

Measuring advertising performance

To determine how well an advert has worked for you or other users, understand the impact of advertising campaigns and determine which target audiences are more receptive to an ad campaign or to certain contents.

  • Usage Data
  • Ad Engagement Data
  • Location Data

Our legitimate interests (to operate, provide and improve our business).

Developing and improving services

Information about your activity on a Customer’s app, such as your interaction with ads or content, can be used to improve or build new products and services. This specific purpose does not include the development or improvement of user profiles and identifiers.

  • Usage Data
  • Ad Engagement Data

Our legitimate interests (to operate, provide and improve our business; to detect or prevent Illegal activities (e.g. fraud) and/or to manage the security of our IT infrastructure).

Security

Ensuring security, preventing and detecting fraud (for example, regarding advertising, ad clicks by bots), and fixing errors (e.g., to correct any problems you, the publisher or the advertiser may encounter in the delivery of content and ads and in your interaction with them).

  • Device Data
  • Usage Data
  • Ad Engagement Data

Our and our third parties’ legitimate interests. It is in the interests of us, our clients, and you to ensure that ads are served in a safe and error free manner and that fraudulent third parties do not distort the true price to be paid for showing you ads.

Comply with legal and regulatory obligations including our obligations to respond to your requests under data protection law.

  • Device Data
  • Usage Data
  • Preferences
  • Ad Engagement Data

Legal obligation

Our Privacy Principles for the use of data about Targeted End Users

  • Liftoff’s systems aggregate events/data at granularities that cover many users, as opposed to a specific user, unless the user consents. For instance: users with iPhone X’s in San Francisco have clicked on ads in app A 100 times and installed app B 50 times.
  • Liftoff does not tie together events/data across apps in a user-specific way, without the user’s consent. For instance: we do not track that a person did X in app A and also Y in app B from a different publisher, if the person opts-out of interest-based advertising.
  • Instead, Liftoff only ties events/data from a given specific user within the context of a given app. E.g. user with app-local ID 123 installed app A, then finished the tutorial, then made a purchase.
  • This allows Liftoff to understand the conversion rates from one event to another within an app, but not track the activities of a user across different apps.
  • Liftoff does not record or store personal information that the user cannot easily revoke, such as email address, physical address, photographs or phone number to personalize our advertising. Liftoff relies upon device IDs to uniquely identify a user, and Liftoff solely relies upon the user’s consent in allowing Liftoff to access this information.
  • Liftoff does not export per-user data outside of Liftoff, except for validation purposes to a company that already has access to that data
  • Details of how to opt-out of interest-based advertising from us can be found at: https://liftoff.cn/opt-out/.

C. Information We Collect via Our Site

The table below provides more details on our purposes for processing your personal information and the related legal bases. The legal basis under which your personal information is processed will depend on the data concerned and the specific context in which we use it.

Purpose/ activity

Categories of personal information

Legal basis

Provide access to our Site

  • Identification and Contact Data
  • Communication Data
  • Device Data
  • Usage Data

Performance of a contract with you.

Communicate with you including to deal with and respond to enquiries

  • Communication Data

Legitimate interests (to operate, provide and improve our business; to communicate with you).

Analyse how our Site is used and to improve our Site including managing our use of cookies and other tracking technologies (including enabling you to manage your cookie preferences) and analyse collected data to learn about our Site, to improve our Site, and to develop new products and services.

  • Communication Data
  • Device Data
  • Usage Data
  • Consent (where required under applicable law)
  • Otherwise our legitimate interests (to operate, provide and improve our business)

Send you marketing communications

We combine Third-Party Data with information we already have about you to help us to update, expand and analyse our records, identify new Customers, deliver our marketing services and provide more tailored advertising, products and Services.

  • Identification and Contact Data
  • Communication Data
  • Third-party Data
  • Consent (where required under applicable law)
  • Otherwise our legitimate interests (to operate, provide and improve our business)

Manage compliance with our terms of service and related internal reporting

  • Identification and Contact Data
  • Device Data
  • Usage Data
  • Advertising and Marketing Data
  • Performance of a contract with you
  • Otherwise, our legitimate interests (to operate, provide and improve our business)
  • Legal obligation

Administer and maintain our Site and IT systems including monitoring, troubleshooting, data analysis, testing, system maintenance, repair and support, reporting and hosting of data

  • Identification and Contact Data
  • Device Data
  • Usage Data

Our and our third parties’ legitimate interests (to operate, provide and improve our business; to detect or prevent Illegal activities (e.g. fraud) and/or to manage the security of our IT infrastructure)

Protect our legal rights including where necessary, to share information with law enforcement and others (e.g., to defend claims against us and to conduct litigation to defend our interests)

  • Identification and Contact Data
  • Communication Data
  • Device Data
  • Usage Data
  • Our legitimate interests to protect our business interests
  • Legal obligation

Comply with legal and regulatory obligations including our obligations to respond to your requests under data protection law

  • Identification and Contact Data
  • Communication Data
  • Device Data
  • Usage Data

Legal obligation

IV. COOKIES AND SIMILAR TRACKING TECHNOLOGIES

We use cookies and similar technologies (collectively, “Cookies”) to analyse trends, administer the Site, track users’ movements around our Site, to gather demographic information about our user base, and to serve interest based advertising. For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Cookie Policy.

You can control the use of Cookies at the individual browser level, but if you choose to disable Cookies, it may limit your use of certain features or functions on our Site or Services.

V. INTERNATIONAL TRANSFERS

Your personal information may be collected, transferred to, and processed in, countries other than the country in which you are located, including the United States and other countries where we or our group companies or service providers (among others) maintain facilities. Our group affiliates and our third-party service providers and partners operate around the world. We maintain primary data centers in the United States, Singapore, Japan and Germany. These countries may have data protection laws that are different to the laws of your country and may not provide for the same level of data protection as your jurisdiction. We take steps designed to ensure that the data we collect under this Privacy Policy is processed as described in this Privacy Policy and according to applicable law.

We have implemented appropriate safeguards to ensure that the recipient of your personal information offers an adequate level of protection, including by entering into the standard contractual clauses for the transfer of personal information, or where required, we will ask you for your prior written consent for such international data transfers.

Where we transfer your personal information to countries and territories outside of the EEA, UK and Switzerland which have been formally recognized as providing an adequate level of protection for personal information, we rely on the relevant “adequacy decisions” and “adequacy regulations” from the European Commission, Swiss and UK authorities.

Where the transfer is not subject to an adequacy decision, we take appropriate safeguards to ensure that your personal information will remain protected in accordance with this Privacy Policy and applicable laws. These safeguards include implementing the European Commission’s Standard Contractual Clauses as issued on 4 June 2021 under Article 46(2) GDPR for transfers originating in the EEA, UK and Switzerland; and the UK Addendum under Article 46(2) of the UK GDPR for the transfer of data originating in the UK.

Our Standard Contractual Clauses entered into by our group companies and with our third-party service providers and partners can be provided on request. Please note that some sensitive commercial information will be redacted. If you have any questions or concerns related to international data transfers, please contact us via the contact details set out below.

Data Privacy Framework

Liftoff Mobile, Inc. complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK Extension”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce.  We have certified to the U.S. Department of Commerce that we adhere to (i) the EU-U.S. Data Privacy Framework Principles  with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the UK (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF, and (ii)the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF (collectively, the “DPF Principles”).  If there is any conflict between the terms in this Privacy Policy and the DPF Principles, the DPF Principles shall govern.  To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

The types of personal information we receive in the U.S., as well as the purposes for which we collect and use it, are set out in Sections II and III titled “The personal information we process” and “How we use your personal information (our purposes) and our legal basis for processing it”. We will give you an opportunity to opt out where personal information we control about you is to be disclosed to an independent third party, or is to be used for a purpose that is materially different from those set out in this Privacy Policy. If you otherwise wish to limit the use or disclosure of your personal information, please contact us via the contact details set out below.

Information about the types of third parties to which we disclose personal information and the purposes for which we do so is described in Section VI titled “How we share your personal information and who we share it with”.

If we have received your personal information in the U.S. and subsequently transfer that information to a third party acting as an agent, and such third-party agent processes your personal information in a manner inconsistent with the DPF Principles, we will remain liable unless we can prove we are not responsible for the event giving rise to the damage.

If you are located in the EEA, UK (inc. Gibraltar) or Switzerland, you have the right to request access to the personal information that we hold about you and request that we correct, amend, or delete it if it is inaccurate or processed in violation of the DPF Principles. If you would like to exercise these rights, please contact us via the contact details provided below. We may request specific information from you to confirm your identity and we will respond to your request in accordance with the DPF Principles and applicable data protection laws. You may also opt-out of receiving marketing and advertising communications from us by writing to us at the contact details provided below or by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you.

In compliance with the EU-U.S. DPF, the UK Extension and the Swiss-U.S. DPF, we commit to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal information received in reliance on the EU-U.S. DPF, UK Extension and the Swiss-U.S. DPF should first contact Liftoff Mobile, Inc. at: [email protected]. We will investigate and attempt to resolve any DPF-related complaints or disputes within forty-five (45) days of receipt.

We commit to refer unresolved complaints concerning our handling of personal information received in reliance on the EU-U.S. DPF, the UK Extension and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolutionfor more information or to file a complaint.  The services of JAMS are provided at no cost to you. If your complaint is not resolved by us or by JAMS, you may, under certain conditions, invoke binding arbitration for complaints regarding compliance with the EU-U.S. DPF, the UK Extension and the Swiss-U.S. DPF. Please see here for additional information.

The Federal Trade Commission has jurisdiction over our compliance with the EU-U.S. DPF, the UK Extension and the Swiss-U.S. DPF. We may be required to disclose personal information we handle under the EU-U.S. DPF, the UK Extension and the Swiss-U.S. DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We reserve the right to amend this section from time to time consistent with the EU-U.S. DPF, the UK Extension and the Swiss-U.S. DPF requirements.

VI. HOW WE SHARE YOUR PERSONAL INFORMATION AND WHO WE SHARE IT WITH

We do not sell your personal information in personally identifiable form to anyone. However, we do share your personal information with third parties as described below. If you have consented to us sharing your personal information but later change your mind, you may contact us and we will cease any such activity.

Affiliated Businesses and Third Party Websites We Do Not Control

In certain situations, businesses or third party websites we’re affiliated with may sell items or provide services to you through the Services (either alone or jointly with us). You will be able to recognize when an affiliated business is associated with such a transaction or service, and we will share your personal information with that affiliated business only to the extent that it is necessary and related to such transaction or service. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to an affiliated website or business, please review all such business’ or websites’ policies. This Privacy Policy applies only to personal information that we collect through the Site and Services. If you have any questions about these practices, please contact us at [email protected] or [email protected].

Service Providers

We employ third party companies and people, for example cloud service providers (“Third Party Service Providers”), such as Amazon Web Services, Dropbox, Salesforce and Unity Technologies to perform tasks e.g., provide computer and network infrastructure services on our behalf or as advertising exchange partners and we may need to share your information with them to provide products or Services to you. We only share your personal information with Third Party Service Providers to the extent necessary for them to assist us and they do not have any right to use your personal information we share with them beyond what is necessary to assist us. We may also work with Google to deliver the best advertising opportunities to its clients through the use of remarketing tags. Traffic Clients and other data subjects can consult Google’s policies to learn more about Google’s processing policies here.

Third Party Digital Advertising Partners

If you are a Targeted End User, we will share data about you with Partners, to be used by those Partners for advertising-related purposes, including establishing (on behalf of advertisers) whether to bid on the opportunity to show you ads. When we share data in this manner, we will also share with the relevant Partner details about whether you have consented to, or objected to, the use of your data by the Partner for specified purposes.  

Group Companies

We may provide your personal information to our subsidiaries or affiliated companies for the purpose of processing personal information on our behalf to provide the Site and the Services to you. These parties are required to process such information based on our instructions and in accordance with this Privacy Policy. They do not have any independent right to share this information.

Compliance with laws and legal proceedings

We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Merger or Acquisition

If Liftoff Mobile, Inc. or any of its subsidiaries are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Site of any change in ownership, uses of your personal information, and choices you may have regarding your personal information. We may also disclose your personal information to any other third party with your prior consent.

VII. SECURITY

The security of your personal information is important to us.  Whilst we take appropriate technical and organisational measures to safeguard the personal information that you provide to us, no transmission over the Internet can ever be guaranteed secure. Consequently, please note that we cannot guarantee the security of any personal information that you transfer over the Internet to us

We take appropriate steps to pseudonymize your personal information. For Targeted End Users, the advertising device IDs (which are the only per-user identifiers that we track, and can be reset by the user at any time) are SHA1-hashed before insertion. Since SHA1 is a one-way hashing algorithm, the original raw advertising device ID cannot be reverse-engineered from the hashed version.

If you have any questions about the security of your personal information, you can contact us at [email protected] or [email protected].

VIII. DATA RETENTION

If you have provided us with personal information for the purposes of holding an account with us, we will retain your information (including personal information) for as long as your account is active or as needed to provide you Services.

If we hold information about you through any other means we shall only process this information for as long as is necessary for the purpose and in any event for no longer than 28 days.

Information relating to Targeted End Users is retained for 30 days in pseudonymized form before it is automatically deleted from our active database. Backups are stored indefinitely.

We will delete it after the timescales stated above, except we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

IX. AUTOMATED DECISION-MAKING

We perform the following automated decision-making processes using your personal information:

  • To build lookalike targeting models to target users who are similar to the Customer’s existing users. Our Machine Learning does this automatically for every Customer. The more upfront device IDs Liftoff has, the more beneficial this is.
  • For power predictive ML features e.g. users who have purchased in the past are much more likely to purchase again in the future
  • To exclude existing users from User Acquisition campaigns, and power targeting rules for re-engagement campaigns e.g. target users who have registered but not purchased.

We have implemented measures to safeguard the rights and interests of individuals whose personal data is subject to automated decision-making. Our technical and organizational security measures can be provided on request.

When we make an automated decision about you, you have the right to contest the decision, to express your point of view, and to require a human review of the decision. You can exercise this right by contacting us using the contact details provided under Section IV titled “Complaints, Questions and Suggestions”.

X. YOUR RIGHTS

Opting-out of interest-based advertising from Liftoff

As described in this Privacy Policy, third parties may use cookies and similar tracking technologies to collect information and infer your interests for interest-based advertising purposes. If you would prefer to not receive personalized ads based on, for example, your browser or device usage, you may generally express your opt-out preference to no longer receive tailored advertisements by clicking here (or if located in the EEA, click here). Please note that you will continue to see advertisements, but they will no longer be tailored to your interests.

Refer to our opt out page for instructions on how to opt-out of interest-based advertising when you are a Targeted End User.

Data Subject Rights

You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact us via email at [email protected] at any time. You have the following rights:

  1. Right of access.  You have a right of access to any personal information we hold about you.  You can ask us for a copy of your personal information; confirmation as to whether your personal information is being used by us; details about how and why it is being used; and details of the safeguards which are in place if we transfer your information outside of the UK or EEA.
  2. Right to correct or update your personal information.  You have a right to request a correction or update to any of your personal information which is out of date or incorrect.
  3. Right to request deletion of your personal information.  You have a right to ask us to delete any personal information which we are holding about you in certain specific circumstances.  You can ask us for further information on these specific circumstances by contacting us by email.
  1. Right to restrict use of your information. You have a right to ask us to restrict the way that we process your personal information in certain specific circumstances.  You can ask us for further information on these specific circumstances by contacting us by email.  
  2. If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  1. Right to opt-out or stop marketing communications. You have a right to ask us to stop using your personal information for direct marketing purposes.  You may contact us using the contact details provided below or by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. If you exercise this right, we will stop using your personal information for this purpose but we will still send you non-promotional emails (as applicable), such as emails about your account or our ongoing business relations.
  2. Right to data portability. You have a right to ask us to provide your personal information to a third party provider of services. This right only applies where we use your personal information on the basis of your consent or performance of a contract; and where our use of your information is carried out by automated means.
  3. Right to object.  You have a right to ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our or another person’s legitimate interest.  

We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request unless we tell you we are entitled to a longer period under applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims.  

  1. You have the right to complain to a supervisory authority about our collection and use of your personal information. For more information, please contact your local supervisory authority. Contact details for supervisory authorities in the EEA are available here and for the UK here.  Certain supervisory authorities will require that you exhaust our own internal complaints process before looking into your complaint.

If an exception applies, we will tell you this when responding to your request.  We may request you provide us with information necessary to confirm your identity before responding to any request you make.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

XI. CHILDREN’S PRIVACY

We do not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow such persons to register for the Services (as that term is defined in our Terms of Use). If you are under 16, please do not attempt to use the Site or register for the Services or send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 16 may provide any personal information to us or use the Site or the Services. In the event that we learn that we have collected personal information from a child under age 16, we will delete that information as quickly as possible unless your parent or guardian has provided us with their consent for your use of our Site or Services. If you believe that we might have any information from or about a child under 16, please contact us at [email protected] or [email protected].

XII. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

XIII. COMPLAINTS, QUESTIONS AND SUGGESTIONS

We have a Data Protection Officer to assist with all queries regarding our processing of personal information who can be contacted at [email protected]. If you have complaints about our Site or Services, please contact us at: [email protected] or [email protected].

In the EEA/ UK, you may contact our representatives:

Jurisdiction

Representative

EEA

Attn: Legal Department

Liftoff GmBH

Torstrabe 146/Linienstrabe 86, 10119, Berlin, Germany

UK

Attn: Legal Department

Liftoff Mobile Limited

Drapers House, 76-78 Clerkenwell Road, EC1M 5QA, London, UK

You may also make a compliant to the appropriate data protection authority for data protection matters or seek a remedy through local courts if you believe your rights have been breached.