Last updated: July 20, 2020
I. Introduction to Throtle
Throtle helps brands to use their own customer data, along with other licensed data, to improve customer interactions on multiple channels and devices. For instance, we provide data “onboarding” services to marketers engaged in online marketing (such as through use of Data Cookies), through our data management platform as well as other data services and platforms.
We are a member of the Network Advertising Initiative (NAI) and adhere to the NAI’s Code of Conduct. You can click HERE to reach the Network Advertising Initiative site, a central location for information about Interest-Based Advertising and the choices available to you, and to opt-out of receiving third-party Interest-Based Advertising via cookies from us and NAI member companies.
Throtle is also a member of the Interactive Advertising Bureau (IAB). You can choose to opt-out of Throtle’s offline services HERE and our online services HERE. We describe other opt-out methods in Section IX below.
II. The Types of Data We Collect & How We Source the Information
Throtle “Service Data” includes the following:
Personal Information. We sometimes use or receive information that identifies people by name, address, or email, along with information about those people’s likely preferences, interests, or demographics. An example of this would be if we know that John Smith owns a home in a particular suburb, and is 53 years old. We obtain this data ourselves and through data licensors, and its source may be, for instance, census bureau data, public records, or data aggregators that collect or receive information from consumers, websites, or business transactions.
Passively Collected Information and Identifiers. This is information that we or our business partners collect passively through websites or mobile devices (or other devices) including cookie IDs, Apple mobile IDFA identifiers and Android mobile Advertising IDs, or unique identifiers tied to those identifiers. These identifiers generally identify or are linked to particular browsers and devices. We refer to all of these identifiers as “UIDs,” and they often are tied to particular browsers and mobile devices (or other devices, such as set-top boxes). (These UIDs in turn may be “synced” or linked across multiple online content providers, ad networks, and other service providers.) We describe these identifiers in more specific detail in Section V, titled Cookies, Pixels, and SDKs That We (or Our Business Partners) Use.” Sources from which we may obtain this data are data aggregators, mobile applications, and advertising networks.
Web and Mobile Log Data. Passively collected information we receive may also include a range of data about web and mobile logs and usage, such as the type of browser or device (or operating system) being used, an IP address (which may be associated with a computer device or a smart TV), a time-stamp, other information about a user’s device or browser, and information about whether and how a user viewed an ad or interacted with content or visited a particular website (sometimes referred to as “clickstream data”). Sources from which we may obtain this data are data aggregators, mobile applications, and advertising networks.
III. How We Use the Data
Generally, we use the Service Data we receive and collect in order to provide marketing, advertising, and analytics services to our customers, including various business partners. We describe our services generally below, and additional descriptions may be contained on this website.
Data “Onboarding” Services. We use Service Data to help marketers to reach their own “CRM” lists – their proprietary “first party” lists of their current and prospective customers – or other audiences, through third party display media platforms. We often help marketers reach audiences representing these CRM lists (or other lists) by “onboarding” their offline data online for digital advertising purposes such as display advertising. When we do this, we often work with partners that de-identify this data and connect it in de-identified fashion to display media, or other marketing channels.
Enabling Cross-Channel Marketing. We may use Service Data to help marketers and other data platforms in “cross-channel” or “cross-device” marketing – analyzing, locating and creating potential marketing “audiences” through multiple channels, e.g., web and mobile. For instance, we may link Service Data and UIDs to the same user (based on inferences we have made), so that a marketer can find and remarket to their same audiences through web-based, mobile, or other advertising channels.
Creating Data Segments. We also use our Service Data to create online, mobile or other consumer audiences, represented by UIDs or personal information grouped together based on common interests or preferences (“Data Segments”). These Data Segments may identify a person or, when used online, a unique online identifier, as, for instance, enjoying sports, travel, living in a middle-class neighborhood, or having children. This information may be leveraged by marketers for content personalization to send relevant and desired offers, coupons, and ads to their customers and others. We offer these Data Segments in different forms to marketers wishing to reach customers through online (e.g., web/mobile), email, and offline channels, often working with the types of partners we describe above.
Campaign Measurement and Market Research. We sometimes use the Service Data to help marketers measure the effectiveness of display or other media campaigns – for instance, to determine which types of ads are most likely to be seen, opened, or to lead to purchases, or to perform other market research.
Other Campaign and Data Services. We sometimes use our Service Data to provide other data and marketing services, such as verification, data or audience analytics, data modeling, or other services that may be described on this website.
Improving Our Products. We may use our Service Data to improve, analyze and develop our own products and to analyze their effectiveness, or to work with a business partner or client to perform similar services. We also may use the Service Data for security-related or de-bugging purposes.
IV. How We Share Data with Third Parties
Throtle may share or sell any data it holds, including Service Data (described above) as follows:
Agents and Service Providers: We may share or sell Service Data with agents and service providers who work on our behalf, or to help us provide services requested by our customers, and with our customers themselves. We may do so, for instance, for analytical purposes, to measure campaigns, or inform future campaigns. We may do so to facilitate the sending of display media, or other requested services.
Partners: We may share or sell Service Data (including Data Segments), with business and data partners to help provide more tailored advertising and for analytical purposes. These may include data compilers and resellers, advertising networks, or media platforms.
Affiliates, Parents, Subsidiaries and Successors: Throtle may share or sell some or all of the data in our possession with affiliated or subsidiary companies. We may also share any data with a successor in interest who purchases all or most of our assets, or in the course of any transaction leading to such an acquisition, i.e., during due diligence.
As Required by Law or to Protect Any Party: Throtle may disclose data if we believe that such disclosure is necessary to (a) comply with relevant laws or to respond to subpoenas or warrants served on us, or (b) to protect or otherwise defend the rights, property or safety of Throtle or any other party
V. Cookies, Pixels, and SDKs That We (or Our Business Partners) Use
This section provides more information about cookies and similar technologies that we, our clients and their service providers, and our business partners may use, and how they work.
Pixels or Web Beacons. Pixels, sometimes called web “beacons,” may also communicate information from your internet browser to a web server. Pixels can be embedded in web pages, emails and even videos, and can allow a web server to collect or read information from your browser, determine whether you have viewed particular web content or emails, or determine your IP address or the URL you are viewing content. We often work with business partners (who are themselves third party providers) to provide our services, and these partners often set and access their own cookies, pixel tags, and use other technologies to interact with your device, which may have cookies with varying expiration periods. These partners also may collect various types of information, often in pseudonymous or de-identified form, about your browser, device, or browsing activities through these cookies.
Mobile Identifiers and SDKs: We may also work with partners who use mobile “SDKs” (software development kits) to collect information about how users interact with mobile apps, platforms, and systems, including third party ad networks. The SDK is computer code that app developers can include in their apps to enable ads to be shown, data to be collected, or to optimize or improve their apps in other ways. These SDKs may collect (and provide to us) information such as mobile identifiers (e.g., Apple IDFAs and Android Advertising IDs), and information about what apps a user engages with, mobile devices information, and how users interact with ads. To avoid having ads tailored to you in this way on your mobile device, please following the instructions in the below Section IX titled “Do Not Sell My Personal Information: Your Opt-Out Rights.”
VI. GDPR Compliance Statement
The General Data Protection Regulation (GDPR) is effective as of May 25, 2018 across all European Union (EU) member states. In short, if you process data about individuals in the context of selling goods or services to European citizens in any EU country, then you will need to comply with GDPR.
At the bare minimum, the GDPR was drafted with the intended purposes of protecting all non-anonymized personal data (or personally identifiable information: PII). And any company (or organization) that stores or processes personal information about “natural persons” (individual human beings) who are “data subjects” under the Regulation — e.g., persons who reside in an EU state — must comply.
VII. Throtle’s Policy Regarding EU Data, Protection & Security
It is our general policy to not deliberately accept for processing any personal data where an individual resides in any EU member country. Throtle performs scans on data that we ingest from sources, partners and clients designed to identify non-US postal and foreign email domains. In addition, we work with our partners and sources to inform us if they are ingesting any data from outside the US. Throtle regularly cleanses its Identity graph to remove any linkages that are found to originate outside the United States.
VIII. CCPA Consumer Rights
At Throtle, we take privacy and personal information very seriously and are committed to complying with all applicable laws and regulations, including the new California Consumer Privacy Act (“CCPA”) regulation. We see CCPA as an opportunity to further safeguard consumers’ rights by providing them the data needed to make informed decisions regarding their personal information. This includes understanding and controlling how and why their personal information is collected, used, and disclosed.
In compliance with CCPA rules effective as of January 1, 2020, consumers who are California residents (as defined by the CCPA) have:
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
CCPA Requirements for Minors
The CCPA includes special restrictions on the sale of children’s personal information. Businesses must obtain special “opt-in” consents for the sale of personal information if they wish to sell information related to minors under 13, or information of minors 13 to 16 years of age.
Throtle does not knowingly accept, process, or sell any personal information related to minors.
IX. Do Not Sell My Personal Information: Your Opt-Out Rights
Some of our services involve the use of inferred user interests and preferences collected or employed across multiple websites, devices or channels. These services are often referred to as a type of “Interest-Based Advertising” or “IBA,” and we provide a way for consumers to “opt-out” of these IBA services. There are several methods by which you may opt-out of our IBA service as described below.
Throtle Cookie Opt-Outs, i.e. “Do Not Sell” Requests
If you decide to opt-out of our IBA services via this method, we will set an opt-out cookie (or similar technology) on your browser or device, to indicate to us that you have opted out. You may opt-out by clicking here: https://optout.thrtle.com/optout.
We will complete the processing of your opt-out request within 15 days of receipt.
Please note that if you browse the web from multiple browsers or devices, you will need to opt-out from each browser and/or device to ensure that we withhold our IBA services on all of them. For the same reason, if you procure a new device, change browsers or delete your Throtle opt-out cookie (or clear all cookies), you will need to perform this opt-out task again.
Also note that the opt-out cookie cannot be set if your browser is configured to block third-party cookies.
Please note that your choice to use any of our opt-out tools will not affect ads placed by any other organization.
Third-Party Cookie Opt-Outs
If you would like to opt-out of other third party ad platforms and services (including some that we work with, and may have transferred data to previously), we recommend visiting the opt-out pages offered by the Network Advertising Initiative (the NAI), the Digital Advertising Alliance Web Choices Tool or the Digital Advertising Alliance CCPA Opt Out Tool . Opting out in this way will not prevent you from seeing ads. It will, however, generally prevent ads that are targeted to inferences made about your preferences based on your activity across websites and over time.
Permanent Opt-outs via Mobile Advertising IDs (MAIDs)
Apple assigns an “ID for Advertising” (IDFA) to each iOS device, and Google assigns an “Advertising ID” to all Android devices. Similar to how a cookie is leveraged for IBA on a web browser, these Mobile Advertising IDs (MAIDs) can be used to deliver ‘cross-app’ advertising ads to mobile applications to help inform your ad preferences.
If you would like to opt-out of this advertising, you can generally opt-out through your device “settings.”. Common device settings are as follows:
Please note that these platforms control how these settings work, so the above may change, at their discretion. Likewise, if your device uses other platforms not described above, you should check the settings for those devices.
You may also opt-out of Throtle’s use of Mobile Advertising IDs (MAIDs) set by Android devices via the following link on our webpage: https://throtle.io/data-privacy-manager/do-not-sell/. Because Apple does not disclose their IDFA to users, we are not able to establish an opt-out request based on an Apple MAID (IDFA) in our system. MAIDs are device specific, so you must include each mobile device (e.g smart phone, tablet) that you use as part of your opt-out request.
We will retain your associated personal information on an internal “opt-out” list to prevent further sale of your data in connection with Throtle services.
Permanent Opt-outs via Email Address, Name/Home Address, or Telephone Number
You may opt-out of the use of your email address, name/home address, or telephone number in connection with Throtle services by submitting an opt-out via the following form on the Throtle webpage: https://throtle.io/data-privacy-manager/do-not-sell/.
Please note, if you use several email addresses you must include all of them in your opt-out request. Similarly, if you have multiple home addresses or telephone numbers, you must submit opt-outs for each one.
If you opt-out, we will retain your hashed email address on an internal “opt-out” list to prevent further sale of your data in connection with Throtle services. Please note that opting out of Throtle’s processing of your data does not mean that online advertising will be blocked altogether or that you will see fewer ads. It simply means that the ads that you see will not be personalized for you. Ads may be served because they relate to the website you are visiting or to your current search, or they may just be randomly placed.
X. Delete Requests
In compliance with CCPA regulation, California residents have the right to request that Throtle delete any personal data that we may have collected from a Consumer. A delete request may be submitted via the following webform on the Throtle website (https://throtle.io/data-privacy-manager/delete-my-information/) or by calling our toll-free number (866) 672-5235.
Throtle will confirm receipt of Delete Requests within 10 days including a brief description about how Throtle will process the request.
We will complete the processing of your delete request within 45 days after receipt. If Throtle is unable to process the request within 45 days, we will notify you with an explanation of the delay, with an extension to not exceed an additional 45 days.
XI. Right to Access Personal Information
In compliance with CCPA regulation, California residents may request certain information with respect to the PII we (when we act as a “business” under the CCPA) store, process, or share with third parties for those third parties’ direct marketing purposes. This includes:
To exercise your rights, please submit a request to us by either completing our ‘Request to Know’ webform on our website (https://throtle.io/data-privacy-manager/request-to-know/) or by calling our toll-free number at (866) 672-5235.
We take security and privacy very seriously and take proactive measures to ensure we do not inadvertently disclose your personal information to an unauthorized third party. In order to securely verify your identity for all detailed Right to Access requests, we request a copy of a government issued ID as part of the required information (along with your name/address, email or MAID ID). If you do not have a government issued ID, please contact us at https://throtle.io/data-privacy-manager/request-to-know to request alternate documentation options for identity verification.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable customer request related to your personal information. You may only make a request for access twice in a 12-month period. The request must provide sufficient information that allow us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and if you are an authorized agent, we may request additional proof as permitted by the CCPA, such as power of attorney. The scope will be limited to data from the 12-month period preceding the Consumer’s request.
Throtle will confirm receipt of your Right to Access request within 10 days including a brief description about how Throtle will process the request. This includes Throtle’s verification process and timing of when the consumer should expect a response.
We will respond to your verified request within 45 days. If we cannot verify your identity or authority to make the request and confirm the personal information relates to you, we will notify you within 45 days as to why the request cannot be completed.
If Throtle is unable to process the request within 45 days, and requires more time to do so, Throtle will notify you with an explanation of the delay, with an extension to not exceed an additional 45 days.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
XIII. Sensitive Information, and Information Pertaining to Health Conditions
Throtle does not offer for public use Data Segments we have created containing or identifying sensitive health conditions or medical ailments, or regarding a person’s sexual orientation. This only applies to the data that Throtle itself directly provides, however — our customers, data partners, ad networks or other platforms with whom we work may use or make available their own, distinct sets of data.
Throtle creates and shares audience segments consisting of political data available on our platform where permitted by law and self-regulatory rules. Click here for a list of standard political segments.
While Throtle does not maintain sensitive data on health conditions or medical ailments, Throtle may create or share Data Segments consisting of those with interests (such as reading) about health and wellness topics. Click here for a list of non-sensitive health related segments.
XIV. Security and Data Integrity
Throtle takes steps to help ensure that the data we possess is housed and transmitted securely. We use multiple types and layers of physical and electronic security, including firewall protections, encryption of data during transfer, and strict access controls to personal information. While neither we nor any platform can guarantee 100 percent safety from hacks or illegal intrusion, we make substantial efforts to ensure that this does not occur.
XVI. International Users
Our Service Data is generally stored on servers in the United States. If your information is used in our services, and you are located in another country (such as a nation within the European Union), you should know that the laws governing various types of data in the United States may be different or less protective than those of your own country, and you may wish to consider that factor in deciding whether or not to opt-out of our or other similar data services.
XVII. Data Retention
The service data we hold is not subject to any sector specific data retention requirements. As described in Sections II-IV above, we process ‘Service Data’ for different purposes, and the length of time that we retain this data varies depending on the processing purpose, the type of data and certain external factors.
We retain raw, cookie level data associated with our services for up to 12 months.
Throtle service cookies expire in 9 months, however additional user registration at an onboarding partner site may result in placement of a new cookie.
Associations made through Mobile Identifiers expire 18 months after the last time you interact with a partner website or advertiser.
All other offline data is retained as long as it is useful in our products.
Data may be deleted as space requires or in the normal course of business. Furthermore, we may delete personal data in response to a request from a user under applicable law, when requested to do so by our clients, or when contracts with our clients end. Generally, Client data obtained as part of our services is retained for up to 6 months following the termination of the relationship, unless the Client has requested a longer retention period.”
Questions or Concerns
If you have questions or concerns about Throtle’s privacy efforts or products, please contact us at:
ATTN: Privacy Officer
141 West Front Street, Suite 410
Red Bank, NJ 07701
Or, you may email us at email@example.com.
Copyright © Throtle, Inc. All Rights Reserved.
141 W Front Street, Suite 312 Red Bank, New Jersey – 07701