Last updated: March 27th, 2024
Introduction
This Privacy Policy describes the types of Personally Identifiable Information (“PII”) that PebblePost, Inc., (the “Company”, “we”, “us” or “our”) collects, the purposes for which we collect PII, the other parties with whom we may share PII, and the measures we take to protect the security of PII. It also tells you about your rights and choices with respect to your PI, and how you may contact us about our privacy practices.
Please note that this Privacy Policy describes the practices related to our web site, www.pebblepost.com (“Site”) and to data that we collect through our Programmatic Direct Mail® (PDM®) services and products (“PDM Services”) which we offer to our corporate clients (“Brand Partners”). This Privacy Policy does not apply to data collected or provided by our Brand Partners who use the PDM Services.
For more information about how users with disabilities can access this Privacy Policy in an alternative format, please contact us at privacy@pebblepost.com.
This Privacy Policy consists of the following sections:
- Definition of PII
- Information for Users of PebblePost’s Site
- Information Relating to PII Obtained When Brand Partners Use PDM Services
- How PII Is Secured and Retained
- Your Rights Regarding PII
- Notices
1. Definition of PII
“Personally Identifiable Information ” or “PII” means any information identifying, relating to, describing, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable individual or household. Specific categories of PIII we collect or receive are described in more detail below. In addition, we may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, and is not PII. To the extent this data is stored or associated with PII, it will be treated as PII; otherwise, the data is not subject to this Privacy Policy.
As described below in this Privacy Policy, the types of PII we collect about you depends on your interactions with us and your use of the Site.
2. Information for Users of PebblePost’s Site
In the past twelve (12) months, we collected the below categories of PII from you when you used PebblePost’s Site:
– Identifiers (such as your name, email address and physical address)
– Internet or other electronic network activity information (such as cookies and mobile device IDs, and related browsing information)
–Geolocation data (as inferred from IP address)
The source of PII we collect:
We collect PII directly from you when you use our Site. We also collect PII automatically or indirectly from you through logging tools, cookies, pixel tags, and as a result of your use of and access to the Site. We also receive PII from our Brand Partners in connection with the PDM Services.
The business purpose for collecting your PII:
We use such information to contact you regarding our PDM Services, and to remember your preferences on our Site. We may use your PII to: (i) communicate with you about our products and services; (ii) communicate with you via email to provide certain information to access our blogs or to download certain information on the website; (iii) review your job application; (iv) provide you content, including but not limited to newsletters or blog posts; (v) serve other purposes for which we provide specific notice at the time of collection; (vi) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity; (vii) as otherwise authorized or required by applicable law; and (viii) as necessary or appropriate to protect the rights, property, and safety of our users, us, and other third parties.
Categories and purposes of third parties with whom we may share PII:
We may disclose PII and other information as we believe necessary or appropriate to: (i) respond to law enforcement requests and as required by applicable law, court order, or governmental regulations; (ii) investigate fraud or violations of law or of any party’s rights, including our Terms of Use; and (iii) to allow us to pursue available remedies or limit the damages that we may sustain.
We share PII with our service providers, who may use your PII to provide us with services, such as printing providers, hosting providers and email service providers; provided, however, such service providers are only authorized by us to use the PII in connection with their performance of services for us.
In addition, we may, in the future, sell or otherwise transfer some or all of our business, operations or assets to a third party, whether by merger, acquisition or otherwise. PII we obtain from or about you via the Site may be disclosed to any potential or actual third-party acquirers and may be among those assets transferred.
In the past twelve (12) months, we shared for a business purpose the following categories of PII with the following categories of third parties:
– Identifiers: service providers (e.g. printing and data partners)
– Internet or other electronic network activity information: service providers (e.g. printing and data partners)
Site user responsibility: Users are responsible for ensuring the accuracy of PII that is submitted through the Site..
We use cookies, pixels and other automated tracking technologies to collect information from the Site, such as browser type and operating system, the number of website users, and understanding how visitors use the Site. Some of our service providers may collect this type of information from you as well. If you want to stop or restrict the placement of cookies or delete any cookies that may already be on your computer or device, please refer to and adjust your web browser preferences. Further information on cookies is available at www.allaboutcookies.org.
By deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our Site or some of its functionality may be affected. Cookies and similar items are not used by us to automatically retrieve information that can individually identify you from your device without your knowledge.
Global Privacy Control (GPC) signals: Some browsers have a Do Not Track (“DNT”) feature that lets users signal to websites that they do not want to have their online activities tracked. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers. However, we treat Global Privacy Control signals as a means of opting out of the sale or sharing of personal information, or of opting out of the processing of personal information for targeted advertising, as applicable. Please see the sections titled Rights for California, Connecticut, and Colorado Residents and Rights for Nevada Residents below.
Links to Other Websites: We may link to content contained on other websites. We are not responsible for the content of other websites and your use of those websites is subject to the privacy practices of those websites.
3. Information Relating To PII Obtained When Brand Partners Use PDM Services
Categories of PII that we collect about consumers when Brand Partners use PDM Services: We may collect identifiers (such as names, email addresses, physical addresses) and online identifiers (such as cookies and mobile device IDs, and related browsing information).
When Brand Partners use our PDM Services, we may receive PII from three sources:
1. Brand Partners provide PII to PebblePost and are required to give their consumers full notice of such PII collection and provide their consumers with the ability to opt out of the collection or sale of their PII in compliance with all applicable laws.
2. PebblePost collects PII through PebblePost’s JavaScript tag (i.e., PebblePost’s programming language) when consumers visit Brand Partners’ sites. Brand Partners are required to notify consumers of such collection and provide consumers with the ability to opt out of the collection or sale of their PII in compliance with all applicable laws.
3. PebblePost receives online and offline information from our service providers to facilitate the Services, and maintains databases of such information. Service providers comply with all applicable laws in providing consumers notice and the ability to opt out of the collection or sale of PII. The provision of Services to Brands may include working with third party service providers to match online data with mailing addresses of Brand Partners’ consumers.
Business purpose for collecting and receiving consumer PII: PebblePost uses PII in order to provide the PDM Services to Brand Partners, including the mailing of direct mail marketing pieces to consumers’ mailing addresses on behalf of Brand Partners.
Categories and purposes for sharing consumers’ PII with third parties: These include but are not limited to: (i) providing PDM Services to Brand Partners to deliver direct mail pieces to consumer mailing address; (ii) investigation of suspected fraud or violations of law or of any party’s rights; and (iii) to our third-party service providers, such as hosting providers and email service providers, but only as they are authorized by us to use such information in connection with their performance of services for us.
4. How PII Is Secured
We maintain reasonable and appropriate physical, technical, and organizational safeguards designed to promote the security of our systems and protect and secure user and Brand Partner consumers’ PII. Those safeguards include: (i) the pseudonymization and encryption of PII where we deem appropriate; (ii) taking steps to ensure PII is backed up and remains available in the event of a security incident; and (iii) periodic testing, assessment, and evaluation of the effectiveness of our safeguards. However, no method of safeguarding information is completely secure. While we use measures designed to protect PII, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Site is or will be secure.
We retain PII only for as long as there is a legitimate business need, as well as to the extent we deem necessary to carry out the processing activities described above, including but not limited to compliance with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, and to the extent we reasonably deem necessary to protect our and our partners’ rights, property, or safety, and the rights, property, and safety of our users and other third parties.
5. Your Rights Regarding PII
For users of the PebblePost’s Site: If you have signed up to receive our marketing emails and prefer not to receive marketing information from this Site, follow the “unsubscribe” instructions provided on any marketing e-mail you receive from this Service.
For consumers of Brand Partners: You may exercise your right to opt out of receiving PDM Services from PebblePost here.
- Rights For California, Connecticut,Colorado, Utah, and Virginia Residents
If you are a resident of one of the above states, the California Consumer Privacy Act and its successor legislation (“CCPA”), the Connecticut Data Privacy Act (“CTDPA”), the Colorado Privacy Act (“CPA”), the Utah Consumer Privacy Act (“UCPA”), and the Virginia Consumer Data Protection Act (“VCDPA”) provide additional rights listed below.
- “Right to Access” Know, access, and confirm your PII.
- “Right to Delete”: You may request that we delete any PII we possess about you, subject to certain exceptions as provided under applicable laws. PebblePost will respond or request an extension to respond within 45 days.
- “Right to Know”: You may request that we disclose certain information to you about the PII we collected, used, disclosed, and shared about you in the past 12 months. This includes a request to know any or all of the following: the categories of PII collected about you, the categories of sources from which the PII is collected, the purpose for collecting and selling the PII, the categories of third parties with whom we share the PII and the specific pieces of PII collected about you. PebblePost will respond or request an extension to respond within 45 days.
- “Right to Data Portability”: You have the right to request a copy of PII we have collected and maintained about you in the past 12 months. PebblePost will respond or request an extension to respond within 45 days.
- “Right to Correct”: You have the right to correct inaccurate PII that we have collected and maintained about you. PebblePost will respond or request an extension to respond within 45 days.
- Right to Opt-Out: We use certain advertising cookies, pixel or tags to serve targeted online ads and to measure their effectiveness, including ads that are selected based on personal information obtained from your activities over time. You can opt-out from the use or processing of your PII for targeted advertising.
- “Do Not Sell or Share My Personal Information”: We share identifiers and internet or other electronic network activity information with service providers (e.g. printing and data partners). To opt out of selling or sharing your data, click here. For California residents, PebblePost will respond or request an extension to respond within 15 days. For Connecticut and Colorado residents, PebblePost will respond within 45 days.
- 2. Rights for Nevada Residents
Chapter 603A of the Nevada Revised Statutes permits our users who are Nevada residents to opt out of future selling or sharing of their PII that a website operator has collected or will collect, even if their PII is not currently being sold or shared. You may exercise the right below regarding your PII.
- “Do Not Sell or Share My Personal Information”: We share identifiers and internet or other electronic network activity information with service providers (e.g. printing and data partners). To opt out of selling or sharing your data, click here. PebblePost will respond or request an extension to respond within 45 days.
You may exercise your rights above, free of charge, by:
- Complete the form located here
- Send requests to privacy@pebblepost.com
- Mail in your request to us by completing all of the information indicated in the form (linked here) and mailing the form to:
PebblePost Inc.
Attn: Privacy Officer
442 5th Avenue #1942
New York, NY 10018
212-523-0931
Notice to Consumers of Brand Partners: In the event PebblePost has received your PII from a Brand Partner, you should contact that Brand Partner directly and inquire about your PII or you may request deletion of your PII from PebblePost as set forth above by completing the form above. Note that PebblePost does not “sell” your PII so “Do Not Sell” requests should be made to Brand Partners directly.
Verification & Right to Authorized Agent: We will maintain procedures to verify that you are authorized to make the requests set forth above. You may also designate an authorized agent to make these requests by emailing us at privacy@pebblepost.com or by completing the form indicated above. PebblePost requires verification that such agent has the authority to act on your behalf.
6. Notices
Non-Discrimination: We do not discriminate against you for exercising any of your rights above.
Children: Our Site and Brand Services are not intended for children under 13 years of age. We do not knowingly collect individually identifiable information from children under 13. If you are under 13, do not use or provide any individually identifiable information on this Site. If we learn we have collected or received individually identifiable information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any individually identifiable information from or about a child under 13, please contact us at privacy@pebblepost.com.
International Use: At PebblePost, your PII will be stored and processed in the United States. If you are using the Site from outside the United States, by your use of the Site you acknowledge that we will transfer your data to, and store your PII in, the United States, which may have different data protection rules than in your country, and PII may become accessible as permitted by law in the United States, including to law enforcement and/or national security authorities in the United States.
Data Protection and Cybersecurity
We know our brands take data protection and cybersecurity seriously. We are dedicated to delivering customer-centric, relevant and meaningful direct mail campaigns, in ways to help our Brands stay in line with applicable data protection laws. What is our multi-tiered strategy?
– We only mail to households leveraging U.S. addresses
– Below is our JavaScript flow to demonstrate another protective layer
Additional Compliance Layers
– PebblePost works with our Brands to set up their Tag Managers on their site to exclude PebblePosts’ JS from being called when any known EU visitors visit the Brand site.
– PebblePost advises our Brands to remove any non-US customers from their customer files when passing such data to PebblePost.
– Leveraging our proprietary technology, we circle back and check again. If PebblePost identifies any Brand IP Address or other online identifier as being related to an EU user in a campaign, PebblePost permanently deletes all related data to that user from our system immediately.
Changes to this Privacy Policy: We may change or revise our Privacy Policy from time to time. If we decide to change or revise our Privacy Policy, we will post the revised Privacy Policy here so that you will always know what information we gather, how we might use that information and whether we may disclose it to anyone. Your continued use of the Site indicates your agreement to the Privacy Policy as posted, unless your express consent is required by applicable laws.
his Privacy Policy is subject to the Terms of Use that govern your use of the Site. This Privacy Policy applies regardless of the means used to access or provide information through the Site
This Privacy Policy does not apply to information from or about you collected by any third-party services, applications, or advertisements associated with, or websites linked from, the Site. The collection or receipt of your information by such third parties is subject to their own privacy policies, statements, and practices, and under no circumstances are we responsible or liable for any third party’s compliance therewith.
Additional Information: If you have any questions or concerns about this Privacy Policy and/or how we process PII, please contact us at privacy@pebblepost.com.