Privacy Policy
DriveShop committed to respecting your privacy in compliance with all applicable laws and regulations. This Privacy Policy describes how your personal information is collected, used, and shared when you visit https”//spotlight.driveshop.com (and/or any other sites operated by our group of companies, referred to as the “Sites”) or where we otherwise process your data.
PART 1: WEBSITE VISITORS
When you visit the Sites, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Sites, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Sites, and information about how you interact with the Sites. We refer to this automatically-collected information as “Device Information.”
We collect Device Information using the following technologies:
– “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
– “Log files” track actions occurring on the Sites, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
– “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Sites.
If you contact us through any of the Sites e.g. to request a demo or information, we may collect business contact information, such as your name, email, company name, company size and details of your request.
HOW DO WE USE YOUR PERSONAL INFORMATION?
To communicate with you; to respond to your questions or inquiries and, in line with the preferences you have shared with us, provide you with information or advertising relating to our platforms or services.
We use the Device Information that we collect to help us improve and optimize our Sites (for example, by generating analytics about how our users browse and interact with the Sites, and to assess the success of our marketing and advertising campaigns).
Cookies also enable us to recognize you as a returning visitor and optimize your browsing experience, e.g. by remembering your settings or information entered into forms, or returning you to pages you previously visited.
If you decline or delete cookies, our Sites will still function, however your browsing experience may be less optimized.
We use anonymized heat-mapping software like Hotjar in order to better understand our users’ needs and to optimize this service and experience. These technology services help us better understand our users’ experiences (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.), and enable us to build and maintain our service with user feedback. They store this information in pseudonymized user profiles.
All data collected on our public-facing Sites will never be used to identify individual users or to match it with further data on an individual user (this does not apply to logged-in users within our non-public portals).
We use a temporary cookie to authenticate your login using your email address. This cookie is strictly necessary for using the portal – without this cookie or if you have all cookies blocked by your browser, you will not be able to log in. This cookie expires when you close your session and will be reset when you log in again. This cookie is used exclusively to enable the login process and never to track or analyze your behavior.
SHARING YOUR PERSONAL INFORMATION
We may share your Personal Information with third parties to help us process it and communicate with you, as further described below. For example, we use Google Analytics to help us understand how our users use the Sites — you can read more about how
Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/.
You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
DATA PROCESSING IN RELATION TO OUR PLATFORMS AND BUSINESS
Our platforms and services allow brands and agencies to discover, connect with and manage and grow their relationships with creators. These “Creators” may include journalists, media outlets, creators and influencers on social media, public figures or other influencers such as journalists. This involves the adding of information to our platforms by us or by our customers which may be classed as personal data or personal information under applicable laws (referred to as “Personal Data”).
The principal purposes of our data processing are as follows:
* We receive public data from social network platforms via API connections, which we then store and process in our platform as set out in this Policy. This allows us to review and locate Creators that could be of interest for their future campaigns. Updated posts and metrics are obtained from the social network platforms each time a user searches for posts in our system. Some of our services and platforms may also use data obtained from third party data providers (who may provide additional information or inferences such as the likely demographics of a Creator’s followers, or engagement observed directly online) and also other publicly available sources such as social media platforms, websites and blogs.
** Please note that we may also enter certain Personal Data into our systems (e.g. in relation to particular Creators we work with, or because Creators have directly agreed to give us greater access to Authenticated Data– please see the next section).
*** Authentication of Data from social network platforms:
Via the Links Accounts Page of your profile page, you may choose to opt-in and allow us to connect to one or more of your social network accounts so that we may access additional data from the applicable social network platforms (e.g. the audience of the channel and additional metrics such as video annotation clicks, dark posts and geo-fenced posts, referred to as “Authenticated Data”). You may also be invited directly by a particular brand or customer to give them access to Authenticated Data, in which case: (i) that permission relates only to their use of the data; and (ii) that data will only be visible in that customer’s section of our platform and we will not share that data with any other customer.
You may revoke our ability to collect your Authenticated Data at any time through the opt-out feature in the Link Accounts Page or by contacting us using the contacts below. You may also revoke access to your Authenticated Data via the Social Networks’ own settings panels, e.g. for YouTube via the Google security settings page at https://security.google.com/settings/security/permissions. If you opt into authenticating any of your social network accounts with us, we will:
Never post on your behalf to any of your authenticated social network accounts (e.g. your Facebook Page or YouTube Channel).
Never manage any of your Social Network Account ad campaigns (e.g. Facebook ad campaigns or YouTube ad campaigns) and will never alter any of your Social Network ad settings.
In relation to YouTube accounts, please visit YouTube’s Terms of Service: https://www.youtube.com/t/terms and Google’s Privacy Notice: http://www.google.com/policies/privacy. Please note that this may differ from the information you are given by the relevant Social Network at the time of authenticating. However, we will always process data in accordance with this Policy.
GENERAL PROVISIONS
DATA SHARING
We may share Personal Data with the following categories of recipients (and have done so during the past 12 months):
Our platforms and the Personal Data processed within them are hosted on our behalf by Amazon Web Services on servers located in the USA.
We also provide data to other companies in our corporate group, technical service providers (for purposes such as customer support, analytics, email delivery, or database management), professional advisers (such as payment processors and security, insurance, legal, and accounting service providers) inside and outside the European Union (with Iceland, Liechtenstein and Norway, the “EEA”), Switzerland and the UK, that require access to data in order to assist us in providing our services. In particular, we work with reputable external data processors in order to provide our platforms and services, including for the purposes of storage, analysis, development, testing etc., and who are not permitted to use any data processed on our behalf for any other purpose.
In each case we have in place safeguards that enable transfers from the EEA, Switzerland or the UK to happen in a way that ensures that data is handled in accordance with similar standards to those applicable in those territories. These include: a decision from the relevant authorities indicating that the place of receipt has adequate data protection laws; and standard contract clauses approved by the relevant authorities for other international transfers. A copy of these safeguards may be made available if we receive a valid request.
In connection with a business transaction (or potential business transaction) such as an investment, pestiture, acquisition, merger, consolidation, reorganization or sale of assets, or in the event of bankruptcy or dissolution, we may transfer or otherwise share some or all of our business or assets, which may include Personal Data, with the relevant investor or acquirer, their advisers, and where applicable any relevant regulatory authorities.
Finally, if any authority, police force or regulator validly requested data from us, then we would normally comply with such request without having to notify you.
DATA RETENTION PERIODS
We retain the data only as long as necessary for the purposes described in this Policy. When we no longer need to use the data for such purposes (or for us to comply with our legal or regulatory obligations), then we will either remove it from our systems or delete all personally identifying elements so that the data cannot be traced back to you or any other identifiable person.
YOUR RIGHTS
Individuals located in EEA, Switzerland or the UK have various legal rights in relation to their data including:
• To ask for access to it;
• To ask for errors in it to be corrected;
• To ask for it to be erased (the “right to be forgotten”);
• If not erased, then to ask us to restrict its processing;
• To object to its processing for specific purposes;
• To ask for a copy to take to another service provider.
California consumers also have legal rights in relation to their Personal Data including:
• To know what Personal Data has been collected about you;
• To ask to have it deleted;
• To opt out of sales of that Personal Data (please see the next Section);
• Not to be discriminated against for exercising any of your rights under California privacy legislation (for example we would not deny you service, charge you a different price, or provide you a different quality of service for doing so).
Where we process any data based on consent that you have given in the past, then you are always allowed to withdraw your consent at any time (though the processing that took place before withdrawal will still be legal).
Please note that in some circumstances we may not be able to fully comply with a request, e.g. where are required to retain data in order to comply with legal, accounting, tax, or record-keeping obligations.
Where you make a request, please understand that we may need to take reasonable steps to verify your identity or authority to make the request, and confirm the personal information relates to you.
We are always available through the contacts at the end of this Policy to help resolve any issues or doubts you may have in relation to processing of your Personal Data. If you believe that your rights have not been respected at any time then you also have a right to complain to the Data Protection Supervisory Authority in your country to ask them for a resolution.
MINORS
The Sites and our platforms and services are not intended for children and we do not intend to process children’s data. If we learn that we have collected a child’s personal information without the consent of the child’s parent or guardian, we will delete it. Please always contact us with any concerns.
CHANGES
We may update this privacy policy from time to time in order to reflect, for example, changes to our business or technology or for other operational, legal or regulatory reasons. We recommend checking back to this page for the most current information.
Last updated: October 24, 2022