Privacy Policy
This privacy policy (“Privacy Policy” or “Policy”) describes how Apester Ltd. and its affiliated companies and subsidiaries (collectively shall be referred to as “Apester”, “we”, “us”, or “our”) collect, use and disclose certain information, and the choices you can make about that information. This Privacy Policy which is incorporated by reference in our website Terms of Service and the Master Service Agreement (“MSA”) entered into and between Apester and the entity using Apester Services (as defined below) (together the “Terms”).
Apester is the developer and owner of the technology and platform (“Platform”) that enables publishers, operating websites, applications or other digital assets (“Digital Assets” and “Publishers” respectively) to create, embed and share within the Digital Assets interactive units including, but not limited, online quizzes, questionnaires, surveys, feedback applications or other features (“Interactive Unit”) for the purpose of creating end user engagement. The Interactive Units can further include advertisements and other promotional content (“Ads”) provided by third party advertisers (“Advertisers”) (all together shall be referred to as “Services”).
We collect and process certain information when visitors browse our website: www.apester.com (“Visitors” and “website”), we collect and use certain information about the Publishers using our Platform and Services or on behalf of the Advertiser or Publisher, such as information on the end users, the individuals watching the ads or interacting with the Interactive Units (as applicable the “end users”, “Visitors” and “Publishers” collectively shall be referred to as “you”).
This Privacy Policy applies to all information about you that we collect in connection with the Services throughout the world, and explains what data we may collect from you, how such data may be used or shared with others, how we safeguard it, and how you may exercise your rights related to your Personal Data (as defined below) under the applicable privacy laws such as the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
In the event you are a California resident, and the CCPA applies to you – please review our CCPA Privacy Notice.
POLICY AMENDMENTS:
CONTACT INFORMATION AND DATA CONTROLLER INFORMATION:
Apester Ltd. is incorporated under the laws of Israel, and is the Controller (as such term is defined under the GDPR or equivalent privacy legislation) of your Personal Data.
For any question, inquiry or concern related to this Privacy Policy or the processing of your Personal Data, you may contact as follows:
DPO CONTACT INFORMATION:
REPRESENTATIVE FOR DATA SUBJECTS IN THE EU AND UK:
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter, or make use of your data subject rights (in the UK & EU), please visit the following website: https://prighter.com/q/16601885426.
DATA SETS WE COLLECT AND FOR WHAT PURPOSE:
You can find here information regarding the data sets we collect, purposes for which we process your data as well as our lawful basis for processing, and how the data is technically processed. In general, we may collect two types of information from you, depending on your interaction with us:
Non-Personal Data
During your interaction with our Services, we may collect aggregated, non-personal non-identifiable information, which may be made available or gathered via your access to and use of the Services (“Non-Personal Data“). We are not aware of the identity of the user from which the Non-Personal Data is collected. The Non-Personal Data being collected may include your aggregated usage information and technical information transmitted by your device, such as: the type of browser or device you use, language preference, time and date stamp, country location, etc.
Personal Data
We may also collect from you, during your access or interaction with the Services, individually identifiable information, namely information that identifies an individual or may, with reasonable effort, be used to identify an individual (“Personal Data” or “Personal Information”). The types of Personal Data that we collect as well as the purpose for processing such data are specified in the table below.
For the avoidance of doubt, any Non-Personal Data connected or linked to any Personal Data shall be deemed as Personal Data as long as such connection or linkage exists.
The table below details the processing of Personal Data we collect, the purpose, lawful basis, and processing operations:
DATA SET | PURPOSE AND OPERATIONS | LAWFUL BASIS |
---|---|---|
VISITORS |
||
Online Identifiers: When you access and interact with our website, we collect certain online identifiers, such as Cookie ID, agent ID, internet protocol (IP) address or similar unique online identifiers generated (“Online Identifiers”). The Online Identifiers are collected by first party cookies and third party cookies. | We process such data through our first party cookies to enable the operation of the website, security and for fraud prevention purposes. The first party cookies are strictly necessary. In addition, we process such data through third party cookies and tracking technologies for analytic, marketing and advertising purposes. | Where we collect such data for analytic and advertising purposes, we process such data based on your consent which we will obtain through our cookie notice and consent management. You may withdraw consent at any time by using the cookie preference settings. Where we collect such data for operation and security, we process your data based on our legitimate interest. |
Contact Information: If you voluntarily contact us for our interest in our Services, support or other inquiries, you may be required to provide us with certain information such as your full name, phone number, company name, email address, and any additional information you decide to share with us. Furthermore, if you use our live chat feature, you may be sharing additional information with the representative assisting you through the chat. | We process such data to respond to your inquiry. | We process such data subject to our legitimate interest in order to respond to your inquiry. We may keep such correspondence if we are legally required to. |
Newsletter Registration: In the event you sign up to receive our newsletter or other marketing materials, you will be requested to provide your email address. | We process your email in order to send you our newsletter and other marketing materials. | We process your email address to your consent. You may withdraw consent at any time through the “unsubscribe” link within the email or by contacting us directly. |
Recruitment: In the event you apply for a position posted on our website and submit your CV, we will process the information included in the CV and the application form, including full name, email address and phone number, employment history and education and any additional information you decide to share with us. Also, where allowed or required by law, we may process diversity and inclusion data regarding your candidacy, such as, ethnic, gender, or any disability. In addition, we may collect further information from public and online sources, referees, and former employers and combine such data with your other data (all together “Candidate Information”). | We process the Candidate Information as part of our recruitment and screening efforts to decide whether you can suit a position in Apester. Further, we may process such data in order to comply with corporate governance and legal and regulatory requirements (including the retention of such information). We may use third parties’ services and platforms to manage the recruitment process. such providers will process your information on our behalf and will be bound by certain terms in order to secure your information. | We process such data subject to our legitimate interest. If we process sensitive data to ensure diversity, we will do so upon your explicit consent, which you may withdraw at any time by contacting us. Further, if we reject your application, we will delete the Candidate Information, unless we have requested your consent to keep you information for a future opportunity or if we are required by law. |
Request a Demo: When you contact us and request a demo we will need to request certain information such as your full name, email address, phone number, company name and your goals with using the Services. | We process such data to enable you to use our Platform. | We process such data subject to our legitimate interest. |
Publishers and End Users |
||
Account Information: Publishers are designated with an account, or are able to register and create an account through the website, the account registration information includes your full name, email address and possibly you phone number. Additionally, during the registration process you will be required to create a username and password. This information will be processed when you login as well. You represent and warrant that you will not provide us with inaccurate, misleading or false information. | We process such data to create you an account, provide you with account management, support and to provide you the Services as well as to send you needed information related to our business engagement (e.g., send you a welcome message, notify you regarding any updates to our Services, send applicable invoices, etc.) and additional occasional communications and updates related to the Services, as well as promotional and marketing emails (Direct Marketing as stated below). We may also use the information in order to verify your identity. | We process such data for the purpose of performing our contract with you, meaning, to provide the Services and to designate your account. |
Log in Through Social Network: When you log in to our Services through your Facebook, Google or LinkedIn account, we will process certain information such as your Facebook ID, name and may process information you made public. | We process such data to send you needed information related to our Services. | We process such data for the purpose of performing our contract with you, meaning provide you with our Services and designate your account. |
Usage Data: We collect certain usage data, meaning analytic and statistics on how the Publishers use our Services and the dashboard available through the Platform (“Usage Data”). | We process such aggregated Usage Data with respect to the Platform and Services in order to operate, provide, maintain, protect, manage and improve Apester Platform tools and Services. | We process such data subject to our legitimate interest. |
Direct Marketing As a Publisher, we will send you invoices, materials and marketing content through the email information you provided during your onboarding. | We process such data to keep you updated with offers and content such as updates, new capabilities and features, and to send you invoices and supporting documentation. | We process such information subject to our legitimate interest. You can opt-out at any time by using the “unsubscribe” option or by contacting us via dpo@apester.com. Note however that certain content (such as invoices) will still be sent. |
Interactive Units and Publisher Content: For the purpose of creating Interactive Units and using the Services you may upload creative content, images, graphics, videos, text, information, etc. (“Publisher Content”). The Publisher Content may include Persona Data, although we recommend it doesn’t. | We process the Publisher Content to enable the Publisher to create the Interactive Units as part of the Services and Platform. | We process such data as part of performance of our contract. |
End Users Data: As part of the Services, we also collect information provided by the end user voluntarily while interacting with the Interactive Unit (for example, answers to a quiz or survey), as well as insights on such end user (“End User Data”). Publishers are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements or other obligations relating to such Publishers’ use or collection of Personal Data in connection with the use of our Services. | We process such End Users Data on behalf of the Publisher for the purpose of providing the Services as set forth in the Master Service Agreement. We process such data solely subject to the Publisher’s instructions provided through the Data Processing Agreement. | Apester is not the controller of such End User Data, it does not determine the means and purpose of the processing – the Publisher does. The Publishers are the responsible to assess the processing and determine the lawful basis for such. |
End user interaction with Interactive Units: We will collect certain information from the end users interacting with the Interactive Units, such as Online Identifier, the session ID connected to surveys, quizzes or other interaction data (“End User Analytic”). We also place a unique identifier identifying the Publisher that implemented the Interactive Units. | We process End User Analytic for the purpose of operating, providing, maintaining, protecting, managing, customizing and improving our Services. For the purpose of providing the Publisher with reports regarding the use of the Interactive Units. For our internal tracking and reporting purposes. | We process such data for internal tracking and in order to improve and manage the Services based on our legitimate interests. We process such data for the purpose of performing our contract with the Publishers. |
End user interaction with ads: In an effort of delivering relevant advertising to the end users, we collect and share with the Advertisers the following (depending on the end user’s preference): • the web pages visited or applications used by the end user, the type of content seen. • Approximate location (extracted from the IP) which includes: country, city, zip, etc. • Online Identifiers, including the advertiser unique ID and the Consent String (such as TCF). (collectively “Ad Data”) | We process such data to improve the way in which we offer the Services to our Publishers by: (ii) enhancing the end user’s experience by delivering more relevant advertising and to personalize ads to the end user, as well as to monitor, measure, analyze and optimize the end users’ use of advertisement, including analyzing seasonal and annual usage trends; and (iii) auditing and tracking usage statistics and traffic flow as well as fraud detection, providing reports related to the Services, new functionality, features and insights on the end users, all which we provide to the Publisher. | We process such data for the purpose of performing our contract with our Publisher, such as providing reports and determining payment. Where we process such data for the purposes of providing personalized advertising, we will process this data solely upon indirectly receiving consent from the end user through the Publishers consent management platform. You may withdraw your consent at any time through the Publishers’ cookie settings or through the opt-out options detailed below. If the end user did not provide consent, the ads displayed shall be contextual ads. |
Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of Personal Data to third-party countries, as further detailed in the “International Data Transfer” Section below, is based on the same lawful basis as stipulated in the table above.
In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on our legitimate interests.
We may collect different categories of Personal Data and Non-Personal Data from you, depending on the nature of your interaction with the Services provided through the website and Platform, as detailed above. If we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal Data or for as long as it remains combined.
Please further be advised that, as an end user interacting with the Interactive Unit, you might be subject to additional data collection directly on behalf of Publishers (meaning the Publishers operating the Digital Assets in which our Interactive Unit are implemented, as well as Advertisers providing the ads displayed in the Interactive Unit). We are not responsible, nor do we monitor such data collection, that shall be governed by such Publishers’ privacy policies.
HOW WE COLLECT YOUR INFORMATION:
- Automatically, when you visit our website or interact with our Platform, including through the use of Cookies (as detailed below) and similar tracking technologies.
- When you voluntarily choose to provide us with information, such as when you contact us, all as detailed in this Policy.
- Provided from third-parties.
COOKIES AND SIMILAR TECHNOLOGIES:
We use “cookies” (or similar tracking technologies) when you access our website. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, as well as for statistical purposes, analytic purposes and marketing. You can find more information about our use of cookies our cookie policy HERE.
We place first party Cookies on the Publisher’s Digital Assets; these cookies collect certain Personal Data from the end users related to interaction with Interactive Unit as well as TCF strings, as detailed in the table above.
Once the end user chooses to opt-out or disable cookies, the end user will still receive content and advertising, however, it will not be targeted content or advertising and Personal Data will not be collected and transferred from the end user’s browser.
The Publishers may also provide ways for you to opt out from or limit their collection of information from and about you. Please refer to the Publishers’ privacy policies. Please note, however, that we are not responsible for the privacy practices of our Publishers, and other third parties.
DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH:
CATEGORY OF RECIPIENT | DATA THAT WILL BE SHARED | PURPOSE OF SHARING |
---|---|---|
Advertisers | Ad Data | We provide such information to our Advertisers, so they will be able to bid for content that best suits such a web-page, as a part of our Services. We will further present aggregated data about end users’ interaction with the ads, to provide reports to our Publishers. |
Publisher | End User Data | Providing the Services, on behalf of the Publisher. |
Publisher | End User Data | Providing the Services, on behalf of the Publisher. |
End User Analytic | Providing reports and analytic to the Publisher. | |
Service Providers | All data | We may disclose Personal Data to our trusted agents (such as legal counsel) and service providers (including, but not limited to, our Cloud Service Provider, Analytics Service Provider, CRM provider, etc.) so that they can perform the requested services on our behalf. Thus, we share your data with third party entities, for the purpose of storing such information on our behalf, or for other processing needs. These entities are prohibited from using your Personal Data for any purposes other than providing us with requested services. |
Any acquirer of our business | All Data | We may share Personal Data, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy. |
Affiliated Companies | All Data | We may share aggregate or Non-Personal Data with our affiliated companies and additional third parties in accordance with the terms of this Policy. We may store any type of information on our servers or cloud servers, use or share Non-Personal Data in any of the above circumstances, as well as for the purpose of providing and improving our Services, aggregate statistics, marketing and conduct business and marketing analysis, and to enhance your experience. |
Legal and law enforcement | Subject to law enforcement authority request. | We may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose. |
USER RIGHTS AND OPT-OUT OPTIONS:
We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed. Please note, if you are an individual who interacts with a Publisher and you contact us regarding your rights, you will be directed to contact the applicable Publisher as the “controller” of the Personal Data.
For California or Colorado, please see our CCPA Privacy Notice.
For detailed information on your rights and how to exercise your rights, please see the Data Subject Request Form (“DSR”) available HERE or send it to: dpo@apester.com.
Further, you may execute certain rights without the need to fill out the DSR Form, such as: You can correct or delete the Contact Information or Account information at any time, through the account settings, You can you can opt-out from receiving our emails by clicking “unsubscribe” link, You can withdraw consent for processing Online Identifiers for analytics or marketing purposes, at any time be using the cookie settings on the website, Use the “Do Not Sell or Share My Information” through the first-party business, i.e., through the cookie consent manager presented on the Publisher’s website, etc.
To opt out from cross contextual ads you can further use these links: the Network Advertising Initiative’s (“NAI”) website: NAI consumer opt-out and the Digital Advertising Alliance’s (“DAA”) website: DAA opt-out page. Or the European Interactive Digital Advertising Alliance (“EDAA”) website: Your Online Choices page.
DATA RETENTION:
We retain Personal Data we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws, or until an individual expresses a preference to opt-out.
Other circumstances in which we will retain your Personal Data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges; or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we may at our sole discretion, delete or amend information from our systems, without notice to you, once we deem it is no longer necessary for such purposes.
SECURITY MEASURES:
We work hard to protect the Personal Data we process from unauthorized access, alteration, disclosure, or destruction. We have implemented physical, technical, and administrative security measures for the Services that comply with applicable laws and industry, such as encryption using SSL, we minimize the amount of data that we store on our servers, restricting access to Personal Data to Apester employees, contractors, and agents, etc. Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.
Please contact us at: dpo@apester.com if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party’s attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.
INTERNATIONAL DATA TRANSFER:
Our data servers in which we host and store the information are located in the US. The Company’s HQ are based in Israel in which we may access the information stored on such servers or other systems such as the Company’s ERP, CRM, Salesforce, and other systems. In the event that we need to transfer your Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Furthermore, when Personal Data that is collected within the European Economic Area (“EEA“) is transferred outside of the EEA to a country that has not received an adequacy decision from the European Commission, we will take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance with the provision of the standard contractual clauses approved by the European Union. Thus, we will obtain contractual commitments or assurances from the data importer to protect your Personal Information, using contractual protections that EEA and UK regulators have pre-approved to ensure your data is protected (known as standard contract clauses), or rely on adequacy decisions issued by the European Commission. Some of these assurances are well-recognized certification schemes.
ELIGIBILITY AND CHILDREN PRIVACY:
The Services are not intended for use by children (the phrase “child” shall mean an individual that is under the age defined by applicable law, which concerning the EEA is under the age of 16, and with respect to the US, under the age of 13), and we do not knowingly process children’s information. We will discard any information we receive from a user that is considered a “child” immediately upon discovering that such a user shared information with us. Please contact us at: dpo@apester.com if you have reason to believe that a child has shared any information with us.