Everflow is a “data processor” or “service provider” that collects and processes End User data at the instruction of Everflow Customers (“data controllers”). Everflow Customers determine the data that they provide to and collect through Everflow; their use, collection, exportation, or any other use of End User data is subject to their respective privacy policies and applicable laws, and regulations.
Everflow Customers and End Users
Everflow Customers own the Personal Data that they provide to and collect through the Platform Services. The collection, retention, processing and other uses of data by Everflow Customers, whether or not in connection with the Platform Services, is governed by their own privacy policies and applicable laws, rules, or regulations. Everflow does not control those Everflow Customer activities.
At the instruction of Everflow Customers, Everflow collects the following types of information from End Users (“Collected Information”):
- IP addresses
- Browser user agent
- Ad Identifiers (unique character strings associated with user devices that help monitor and measure user interactions with advertisements and apps, such as Apple’s IDFA and Google Ad ID; Ad Identifiers may be reset by the user)
- Approximate geographic location data derived from IP address and/or wifi networks
- Pixel tags
Everflow Customers may also share account information for their End Users and their Platform partners on the Platform, including company and employee information necessary to maintain the Platform Services and contact information, including: name, mailing and/or billing address, email address, company name, website url, user name, password, and phone number. Everflow Customers that manage payouts to their Platform partners may share related banking information.
Everflow Customers can also manage information provided by other third-party sources in the Platform, including advertisers, publishers, marketing partners, and other advertising networks and analytics partners. Marketing partners may sign up with advertisers through the Platform.
Data Protection Laws
Each Everflow Customer is the data controller with respect to Personal Data. Under the applicable laws of various countries, you may have certain rights concerning your Personal Data, such as under EU law, the right to access to, rectification or erasure of, and/or restriction of processing or objection to processing of your Personal Data. If you believe that an Everflow Customer has collected or processed your Personal Data, and you have any questions or want to exercise any of your rights with respect to your Personal Data, you should contact them directly.
If you are a resident in the European Union, you also have the right to a complaint with EU data protection authorities, at no cost. This right may also exist in other countries. If you have questions please ask the relevant Everflow Customer or the data protection authority in your country.
Everflow operates as a “data processor” under the General Data Protection Regulation (“GDPR”) and as a “service provider” under the California Consumer Privacy Act (“CCPA”). Everflow adheres to these data protection laws. Accordingly, we generally do not have the authority to provide access to or deletion of your Personal Data; you will have to contact the relevant Everflow Customer.
Collection, Use and Disclosure of Personal Data Collected via the Website
Everflow does not sell Personal Data it collects from Visitors through the Website. Personal Data we do collect through the Website, the business purpose for which we collect it, and the service providers or other third parties who may receive it are in the table below:
Collection, Use and Disclosure of Personal Data Collected via the Platform Services
Everflow does not sell Personal Data it collects via the Platform Services. Personal Data we do collect through the Platform Services, the business purpose for which we collect it, and the service providers or other third parties who may receive it are in the table below:
We do not knowingly collect or sell the Personal Data of minors under the age of 16.
Please see our General Data Protection Regulation (GDPR) policy for additional information. For questions or requests, see our contact information below.
California Resident Rights
To the extent applicable and provided for by law, California residents have the following privacy rights in relation to the Personal Data we collect:
- The right to know: End Users and Visitors have the right to know what personal information we have collected and how we have used and disclosed that Personal Data;
- The right to delete: End Users and Visitors have the right to request deletion of their Personal Data;
- The right to non-discrimination: End Users and Visitors have the right be free from discrimination relating to the exercise of any of their privacy rights.
Exercising Your Rights: California residents can exercise the above privacy rights or request to receive this notice in a different format by emailing us at: firstname.lastname@example.org.
Verification: in order to protect Personal Data from unauthorized access or deletion, we may require End Users and Visitors to verify their identification before they can submit a request to know or delete Personal Data. If we suspect fraudulent or malicious activity, we may ask for additional Personal Data for verification. If we cannot verify their identity, we will not provide or delete their Personal Data.
Authorized Agents: End Users and Visitors have the right to designate an authorized agent to make requests to us to exercise any rights under the CCPA.
How Do Everflow Customers Collect End User Information Using Everflow Platform Services?
The Everflow Platform Services allow Everflow Customers to collect various kinds of information about their End Users (“Collected Information”).
Everflow Customers can use the Platform Services to create “cookies” (small text files that are saved by your browser) and “pixel tags” or “web beacons” (one-pixel graphic files which are delivered from the Platform Services web server) that can be placed in advertisements or on websites or other apps to collect information about user interaction with the advertisements or websites. Everflow also supports server-to-server measurement for some Everflow Customers. With any of the mentioned methods, when an End User views or clicks on an advertisement, goes to a specific web page, or takes any other action that an Everflow Customer chooses to monitor, the Everflow Platform Services collect information from the End User’s computer or device, as described below.
Log Data. The Platform Services automatically record certain information (“Log Data”) when an advertisement is displayed to an End User through the Platform Services, or when an End User views a web page with a cookie or pixel tag created with the Platform Services. Log Data may include information such as an End User’s Internet Protocol (IP) address and network status, mobile device identifier, application identifier, browser type, operating system, the pages or page features which an End User browsed and the time spent on those pages or features, frequency with which the Platform Services encounter the same End User, search terms, the links or advertisements on which an End User clicked, and other statistics.
Advertising Identifiers. As part of the Log Data, the Platform Services may collect advertising identifiers, which are resettable identifiers unique to your mobile device, and which are used in connection with advertising delivered to your mobile device. Examples of advertising identifiers include IDFA (developed by Apple for the iPhone) and Google Ad ID (developed by Google for Android). If you don’t want advertising identifiers to be used to provide targeted advertising to you, see the section below titled “Opting Out of Targeted Advertising”
Location Information. The Platform Services may collect and store information about where you are located, both by collecting precise geolocation information from your mobile device if and as permitted by you, and by converting your IP address into a rough geolocation and utilizing your mobile phone number to approximate rough geolocation information (based on area code).
How Do Everflow Customers Use Everflow to Process Information from their End Users?
Everflow Customers use information according to their own privacy policies and applicable laws and regulations. However, Everflow provides the following types of data analysis functionality within the Everflow Platform Services for use by Everflow Customers and only as directed by Everflow Customers:
- Measuring the performance of advertising campaigns (including fraudulent activity);
- Identifying possible relationships among different browsers and devices;
- Limiting the number of times a specific advertisement is presented to the same browser or mobile device (frequency capping);
- Creating customized performance reports (for example, how well a particular advertisement is performing in a particular geographic region or among a particular demographic); and
- Improving the targeting or relevance of advertising to users.
How Does Everflow Use Everflow Customers’ Collected Information?
We use the information collected through the Platform Services to provide, improve, and promote the Platform Services; uses include the following:
- To monitor, research, analyze and report on the usage of the Platform Services, solely on an aggregate, non-identifiable basis.
How Long Does Everflow Retain Personal Data
Each Everflow Customer sets the Personal Data retention period. If you have questions or want more details, please contact the relevant Everflow Customer. Everflow retains Personal Data that it processes on behalf of each Everflow Customer for as long as needed to provide Platform Services as directed by that Everflow Customer. Everflow will also retain Personal Data as necessary or legal purposes (for example, to comply with its legal obligations, resolve disputes, and enforce its agreements).
What Information Does Everflow Share With Third Parties?
Service Providers. We may engage third party service providers to work with us to administer and provide the Platform Services. These third party service providers have access to Personal Data only for the purpose of performing services on our behalf.
Third Parties. We may share aggregated, non-identifying information with third parties for industry analysis, demographic profiling and other similar purposes.
In Connection with Business Transactions. Personal Data is considered to be a business asset. As a result, if we go out of business or enter bankruptcy or if we are acquired as a result of a transaction such as a merger, acquisition or asset sale, Personal Data may be disclosed or transferred to the third-party acquirer in connection with the transaction.
For Our Protection and the Protection of Others. It is our policy to protect you and Visitors from privacy violations from abuse of the legal systems, whether by individuals, entities or government, and to contest claims that we believe to be invalid under applicable law. However, it is also our policy to cooperate with government and law enforcement officials and private parties. Accordingly, we reserve the right to disclose any information about you or Visitors to government or law enforcement officials or private parties in order to: (a) satisfy or comply with any applicable law, regulation or legal process or to respond to lawful requests, including subpoenas, warrants or court orders; (b) enforce our agreements with you or third parties, to protect our property, rights and safety and the rights, property and safety of third parties or the public in general; and (c) prevent or stop activity we consider to be illegal or unethical.
Opting Out of Targeted Advertising
Everflow Customers may use the Platform Services to provide ads that are likely to be interesting and relevant to End Users (“Targeted Advertising”). One way Everflow Customers may do this is by gathering Collected Information related to End Users, which may include elements like mobile websites you have visited or mobile apps that you use, preferences that you may have provided to your app provider or to the Everflow Customer, information collected by third parties or Everflow and shared with the Everflow Customers, advertising identifiers, or location information (e.g., GPS or Wi-Fi data if you have enabled those services). Everflow Customers may also link an identifier to additional information from other partners to provide the Everflow Customer with information about users’ likely interests.
If you or a Visitor wishes to "opt out" of Targeted Advertising based on the types of techniques described above, your options include the following:
- Visit www.networkadvertising.org/choices or www.aboutads.info/choices/.
- Reset your mobile device’s advertising identifier or set it to opt out of targeted advertising.
- Android: You can reset your advertising ID at any time, right from the Ads section of the Google Settings app on your device. From the same app, you can also opt-out of targeted advertising based on the advertising ID by setting the appropriate ad tracking preference.
You should be aware that if you or a Visitor “opts out” it does not mean that you or Visitor will no longer receive advertising. It just means that the advertising you or Visitor sees displayed will not be customized and may be less relevant.
What Information Does Everflow Collect Directly From Everflow Customers?
Everflow requires personnel contact details to set up an Everflow Customer account – including mailing and/or billing address, email address, company name, and website URL. Everflow Customers also need to provide a username and password. All of this information is handled according to the service agreement between Everflow and the Everflow Customer.
We take commercially reasonable measures to protect Personal Data from unauthorized access, use or disclosure. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.
Your Personal Data (including personally identifiable information) may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. See our Data Processing Addendum for international data transfer information. Currently, we use servers located in data centers within the United States.
Our Policy Toward Children
We instruct Everflow Customers not to use the Platform Services to direct advertising to children under 13 (16 in the EU) and we do not knowingly collect personally identifiable information from children under 13 (16 in the EU). If we learn that we have collected personally identifiable information of a child under 13 (16 in the EU) we will take steps to delete such information from our files as soon as possible.
What Visitor Information Does Everflow Collect on the Everflow Website
When a Visitor visits the Website, Everflow collects information about his/her device and use of the Website to improve the Website (“Visitor Information”). Everflow also collects any Visitor Information a Visitor voluntarily provides when he/she visits the Website. The type of Visitor Information Everflow collects from a Visitor will depend on his/her request or interaction with the Website. Types of Visitor Information Everflow collects from a Visitor may include specific times of day he/she accesses the Website, the IP address of the device a Visitor used to access the Website, the pages on the Website that a Visitor viewed, the pages a Visitor visited before navigating to the Website, and information about the device a Visitor uses to access the Website, including hardware model, operating system and version, and browser.
Everflow uses Visitor Information collected on the Website for various purposes, including:
- Ensuring its Website remains relevant to end user needs and are easy to use by providing analytics and other data regarding use of our Website
- Sending marketing and promotional communications in compliance with applicable laws
- Enhancing, improving, or modifying its Website and services, enhancing security, or combating spam or malware or other security risks
- Providing confirmations, invoices, technical notices, updates, security alerts, and other support and administrative messages
- Providing Targeted Advertising
There is a simple procedure in most Internet browsers to disable cookies. More information about how to reject cookies using internet browser settings can be found in the “Help” section of Internet browsers; alternatively visit https://www.cookiesandyou.com/. However, note that cookies may be required to use certain features of the Website, as well as other sites in general.
EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
However, in addition to the EU-U.S. Privacy Shield Framework, there are other legal data transfer mechanisms that companies can utilize for the purposes of EU-U.S. data transfers (e.g., standard contractual clauses, binding corporate rules, etc.). For example, some companies choose to utilize a variety of different transfer mechanisms, depending on the nature of the data transfer itself. Everflow’s partners, vendors, data processors and/or data sub-processors may use data transfer mechanisms other than the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (e.g., standard contractual clauses, model contractual clauses,etc.) (“Partner Transfer Mechanisms”). Everflow’s compliance with EU-U.S. and Swiss-U.S. Privacy Shield Frameworks is subject to Partner Transfer Mechanisms.
In compliance with the Privacy Shield Principles, Everflow commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Everflow at email@example.com.
Everflow has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. Under certain conditions, you may also be entitled to invoke binding arbitration for complaints not resolved by other means.