Recotap, Inc. and its subsidiaries and affiliates (“we” “our” or “us”) is a software technology company that offers intelligent, data-driven marketing & advertising and services and solutions to B2B companies to accelerate their business growth (“Services”).
Recotap is a technology company that helps B2B companies execute their Account-based Marketing programs. Using the platform, customers can identify their target accounts and key contacts, reach those accounts across multiple channels, and measure the program's effectiveness. Using AI and integrated data platforms, Recotap’s intelligent, data-driven marketing and advertising services offer targeted digital advertising for companies to better understand their current customers, find new loyal customers and build lasting customer relationships through intelligence-driven direct marketing activities.
Recotap helps customers provide ads and track emails to people that are most likely to find them interesting by showing them ads that are relevant to their specific interests. This is called “interest-based advertising”. We show many of these interest-based ads on websites and mobile apps which rely on advertising revenue to support the content they provide - and what we all consume - for free each day.
When you visit a website or a mobile application (each a “Digital Property”) operated by one of our Customers, open an email from a Customer, or get served an ad by us on behalf of our Customer on a third party site, we may collect certain data from your device as described in this Service Privacy Notice. Our platform then uses that data, as well as other data described inWhat Data We Collect, to help our Customers provide ads and send emails to you that aim to be more relevant to you.
Interest-based advertising enables publishers of Digital Properties who rely on advertising to monetize their content and offerings to more accurately determine which ads to serve to specific users based on near real-time data. In turn, this allows our customers who use our Services to provide more effective advertising that reaches a more precise pool of prospective buyers and avoids wasting marketing resources on those prospective buyers who are uninterested and less inclined to purchase.
In addition to interest-based advertising, we also provide various analytics to help our Customers measure the success of their advertising campaigns and identify prospective buyers who may be the most interested in their products or services.
For instance, by collecting a unique identifier (such as a cookie ID) from the devices of users who see our Customers’ ads or visit their Digital Properties, we can measure whether those unique identifiers subsequently took a particular action, such as buying a Customer’s product or visiting their Digital Property (sometimes called a “conversion”). In some cases, we may use our cross-device data asset to match unique identifiers (which includes browsing activity) to email addresses. Customers are only notified of a match if the email already exists in the Customer‘s CRM records. Recotap can collect, measure and analyze different types of data in conjunction with these unique identifiers and provide useful information to our Customers such as what IP address ranges visitors to their Digital Properties are from (indicating the geographic locations of a visitor, which may help indicate what locations to run a particular ad campaign), what products or services located on their Digital Property are attracting more attention (or less), and what ad campaigns ultimately led a cookie ID back to a Digital Property to view more products or make a purchase.
Other types of analytics include firmographic information to provide insights on the type of B2B customers that appear to be interested in specific products or offerings on that Customer’s Digital Property. For example, determining which IP address ranges are associated with a unique identifier (such as a cookie ID) so we can identify companies who may be interested in a Customer’s product or service, or, if a unique identifier is linked to an email address that has already been provided to the B2B customer, We may alert the B2B customer of increased browsing activity that indicates interest from a specific target account.
We collect the following categories of data in the provision of our Services for the purposes explained below.
Email and CRM data from our Customers: Some Customers provide their customer relationship data to us (e.g. name, email address, company address) or instruct us to collect clear email addresses on their behalf for processing such data as part of our Services. By doing so, we help our Customers identify who is showing interest in their Digital Properties as well as serve, measure, and analyze interest-based ads to their current or potential customers. If you are browsing a software company’s website and submitted your email to download a white paper, the software company may use our Services to contact you and provide you with more information about the software company’s products that appear to be of most interest to you (subject to the marketing preferences you indicate to the software company). We use our Customer’s CRM Data only as a processor for the purpose of assisting that particular Customer with their own advertising efforts and reporting performance back to the Customer's CRM system. We do not share clear email addresses belonging to one Customer with another Customer for their advertising purposes.
When a Customer permits us, we collect hashed versions of the email addresses that you have entered on that Customer’s Digital Property. Hashing is a technology process that pseudonymizes email addresses. For instance, when email@example.com is run through a hashing algorithm, it converts to the following string of characters that cannot be reversed 7868C5102B16E7BDBC1FAB7A8FB65B8C5BF483A94F6B57.020DC3712C991C845D
We take this step to protect email addresses while being able to use the unique identifier created for the purpose of recognizing you online across Digital Properties and sending you interest-based ads across different devices (computers, tablets, and mobile devices) and browsers (also called “cross-device matching”). We describe cross-device matching in further detail in How We Use the Data We Collect.
Unless you have opted out or have otherwise refused to provide consent, the following is data that we collect from your device automatically:
Cookies: A unique identifier that Recotap assigns to you when visiting a Customer’s Digital Property so Recotap can understand your online journey and have the opportunity to serve ads to you when you visit the Publisher’s Digital Properties.
Device Information: This is technical information about the device you use to access our Customers’ Digital Property, such as your device's IP address and operating system. Additionally, in the case of mobile devices, your device type, and mobile device's unique advertising identifier (such as the Apple IDFA or Android Advertising ID), and any other unique identifier that may be assigned to the mobile device, such as an Android ID or UDID in older Apple phone models, or a non-cookie unique identifier used by Non-Cookie Technologies.
IP Address: The IP address associated with the device you are using when accessing a Customer’s Digital Property.
Location Data: This is non-precise information related to your geography derived from your device’s IP address (e.g. laptop, desktop or mobile etc.). This does not reveal your precise geographic coordinates (i.e. GPS latitude and longitude) - only country, state, city, and zip/postal code level location data, and helps us to display ads that are relevant to your general location.
Browser Data: This is technical information about the browser you are using that is captured in order to serve you an ad that can be rendered on your device, for example, Chrome, Firefox, Safari, etc.
Activity on Customers’ Digital Properties: This is data about your browsing activity on a Customer’s website or application. For example, which pages you visited and when, what items were clicked on a page, how much time was spent on a page, whether you downloaded a white paper on a B2B website, what site or ad brought you to the Customer’s website, what items you placed into your online shopping cart and what products were purchased (and the price of the products purchased).
Ad Data: This is data about the online ads we have served (or attempted to serve) to you. For example, how many times an ad has been served to you, what page the ad appeared on and whether you clicked on or otherwise interacted with the ad.
All of this data is collected to help make sure you get the best and most relevant experience when engaging with our Customers.
Campaign Performance Data: This data includes information about how well our Customers’ ads and campaigns have performed, whether on our platform or on other advertising platforms.
Contact data from third parties: We obtain and collect contact data from various third-party sources, including from public sources and through licenses with data providers. We may also infer contact data based on email addresses and email naming conventions. This contact data is B2B information – in other words, it is typically a business email address, business street address, and a business telephone number. Please note we do not collect business email addresses for any individuals who are residing in any European region.
Data from Audience Partners: We may collect additional information about you from our audience partners who create and provide us with segments that we use for our Customers (“Audience Partner”). A segment is a grouping of users who share one or more attributes (e.g. demographic or firmographic attributes). We use this data to better understand the Customers’ target audience and to better market the Customers’ products and services to you. We also may work with our Customers and Audience Partners to synchronize their unique, pseudonymous identifiers to our own to enable us to more accurately recognize a particular unique browser or device and the advertising interests associated with it (commonly known as “ID or User Syncing”).
Data from Advertising Partners: This is data that allows us to match the Recotap cookie identifier with identifiers that may already be used by other companies in the digital advertising ecosystem that we work with (“Advertising Partners”). For example, we work with ad exchanges, publishers, and supply-side platforms (i.e. companies that sell advertising space on publishers’ websites) in order to serve ads. Matching cookie identifiers helps us deliver ads to you and recognize you across browsers and devices and may include pseudonymous advertising identifiers (meaning identifiers that help identify your browser or device, but not you directly) which some Advertising Partners choose to share with us.
Our goal is to leverage this data to help customers better identify and engage with you so you get the best online experience. For example, to serve ads that aim to be more relevant to you or to identify companies interested in the Customer’s products and services. The data we collect also helps Customers analyze traffic on their Digital Properties, measure the effectiveness of their ad campaigns, and gauge the interest of prospective buyers - again to deliver the right messages at the right time to you. Additionally, we use this data to operate, improve and enhance our Services, not only to serve the most relevant ads to you but also to improve the performance of our Customers’ marketing and advertising efforts.
Specifically, we use this data for the following purposes:
Interest-Based Advertising: To select ads that are more likely to be relevant to you based on data such as your browsing activity, the time of day and time spent visiting specific Digital Properties, and non-precise geographic data inferred about your device(s).
Segmenting Audiences: To segment you into groups for certain purposes such as reporting and analytics as well as determining what ads and email content would best peak your interest. To do so, we use data from Customer Digital Properties you visit in addition to data provided by the Customer and from Audience Partners (i.e. demographic and firmographic information about your unique identifier).
Ad Delivery: We use data about your browser or other technical information about your device in order to technically deliver advertising and confirm the successful delivery of the ad.
Frequency Capping: Make sure that you don't see the same ad too many times. If we know you’ve already seen one of our Customer’ ads several times, we’ll try to show you a different ad next time.
Sequencing: If you are being served a sequence of ads, we make sure we show you the right ad next in the sequence.
Mapping data to Our Cross-Device Asset: The cross-device asset is used to connect multiple devices to one person, household, and/or online identifiers such as an email address (hashed for security) that a Customer may have collected directly from its customers. The cross-device asset allows companies to better understand their known-customer activity, as well as improves the ability to target and measure ad campaigns (including limiting the number of times the same person or household sees an ad).
Cross-device matching: Identifying different devices and browsers that are likely to be associated with you so that ads can be targeted, capped and sequenced across those devices, and so that campaign effectiveness can be measured and analyzed.
Syncing Online Identifiers with Customer CRM Data: Customers may use Recotap Services to match online browsing activity indicated by online identifiers with existing email addresses the Customer has already obtained in compliance with applicable law ( i.e. Customer CRM Data). Customers may also use this information to understand which consumers or business accounts are showing increased interest to better understand their website audience and respond with appropriate marketing activity.
IP Range for B2B marketing: We match IP address ranges to companies who disclose their IP address ranges in order to provide aggregated reports to companies regarding their website traffic.
Reporting and Attribution: To provide Customers insights into how their ad campaigns are served via Recotap and by third parties are performing as well as insights into their customers by analyzing activity on their Digital Properties. Reporting may include ad metrics such as traffic on certain Digital Properties, measuring the impact of campaigns, impressions (ads served), clicks (ads you clicked on), and conversions. What qualifies as a “conversion” is defined by the Customer— an asset download. This data allows a Customer to determine if an ad is performing well or not.
Licensing Data: Other than Customer CRM Data, we may license contact and account information we sourced from a third-party data provider or derive an email address to our Customers in the form of our Recotap Identify module.
Complying with Legal Process: To satisfy in good faith any applicable law, legal process, or proper governmental requests, such as to respond to a subpoena (whether civil or criminal) or similar process.
Compliances: We may use the data to investigate any potential violation of our Terms of Service, policies, or the law, and to protect ourselves, our Customers, or any third party from any potential harm (whether tangible or intangible).
We may disclose data about you with the following third parties:
With a Customer: We may share data about how you have interacted with a Customer’s Digital Properties, email campaigns, or Ads. We may share business contact data collected from third-party sources or inferred (for example, based on email naming conventions) with a Customer if we think that your business or employer would be interested in that Customer’s products.
With Our Audience Partners: We share hashed email addresses or other pseudonymous online identifiers with our Audience Partners in connection with audience creation and modeling and creating segments for the Customer based on the Customer’s CRM Data.
With Our Advertising Partners: We disclose cookie ID data and the ad we propose to serve with our Advertising Partners, as necessary, to allow for the successful delivery of ads to your device.
With Our Service Providers: We contract with companies who provide services to us to support our business operations (e.g., for example, website and data hosting, fraud prevention, viewability reporting, data hygiene, marketing, and email delivery), as well as billing, collections, tech, customer and operational support.
Legal Proceedings: When we are under a legal obligation to do so, for example, to comply with a binding order of a court or where disclosure is necessary to exercise, establish or defend the legal rights of Recotap, our Customer or any other third party.
Mergers and Acquisitions: If a third party acquires some or all of our business or assets, we may disclose your information in connection with the sale (including during due diligence in preparation for the sale).
Recotap may aggregate and de-identify data it collects so that it can either no longer be directly or indirectly associated with a natural person or cannot be associated with a natural person at all. Recotap will then use such data for our machine learning, reporting, and other business purposes.
We may also share aggregated and de-identified data with our subsidiaries and affiliates and third parties, including with our Advertising Partners.
Our Advertising Partners may also drop cookies for the purposes described in What Data We Collect. Generally, the type of cookies dropped will vary depending on the Advertising Partner.
In respect of website visitors with IP addresses not from a European Territory, Recotap and some of its Advertising Partners may use technologies other than cookie technology to recognize your computer, device, or browser for the purposes of interest-based advertising, analyzing engagement with ads or content, measuring the effectiveness of a particular ad campaign or marketing effort, to monitor against fraud or misuse of our Services, or in other ways described in this Service Privacy Notice inHow We Use the Data, We Collect. This use of non-cookie technology may be used in addition to cookies, or separately, to collect and record data about your web browsing activities on browsers, search engines, or other platforms that may not utilize Recotap Technology.
We apply technical, administrative, and organizational security measures to protect the data we collect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, in particular where the processing involves the transmission of data over a network, and against other unlawful forms of processing.
Customer CRM Data:We are processors and act as a service provider of Customer CRM data (e.g., customer lists containing clear emails) that the Customer instructs us to collect or otherwise provides to us in order for us to perform our Services.
We retain this Customer CRM Data until the Customer asks us to delete this data or the agreed time for deletion set forth in our Terms of Service (whichever is earlier).
The data retention period for Customer CRM Data, as defined in our Terms of Service, is as follows:
If either Customer or Recotap explicitly terminates the Recotap Services in accordance with our Terms of Service, Recotap will delete Customer CRM Data within 90 days from the termination date.
If a Customer’s account has been suspended for 90 days or more, the Customer CRM Data will be deleted.
When a customer has not logged in to their Recotap account for more than 365 days and there has been no product usage in the past 30 days and no media spend has occurred in the past 30 days, the Customer CRM Data will be deleted when the 366th day of no login activity occurs for the account.
Customers may request deletion of Customer CRM Data by writing an email to firstname.lastname@example.org
Mobile Identifiers and Cookie Identifiers: Cookies we set expire (and are then deleted) 12 months from the last time your device accessed a Digital Property using Recotap Technology. If you visit another Digital Property that uses our technology inside that 12-month expiry period, then the expiry period will be reset and measured from that date instead. The expiration period for mobile identifiers is controlled by you on your own device.
Personal Data Associated with Mobile and Cookie Identifiers Related to Browsing History: We delete personal data associated with mobile and cookie identifiers after 12 months. For example, data such as a Customer’s website you visited or ads that you may have clicked.
Personal Data Associated with Advertising Bidding Requests: Data logged in order to process an advertising bid request we have received from an Advertising Partner (such as cookie identifier, IP address, the domain url requesting to display the ad, and browser information) are deleted after 7 days. Data we have logged regarding bids we have placed to display an advertisement (including cookie identifiers, mobile identifiers, the advertisement bid on and the advertisement won or displayed to the end-user) are deleted after 15 days.
Personal Data Associated with the Display of an Advertisement: Data logged for the display of an advertisement (including cookie identifiers, the advertisement won or displayed to you, and data indicating whether you clicked on the particular advertisable displayed) are deleted after 12 months.
Our Legal Basis: If you interact with our Services from the European Territories, our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it. For these purposes, "European Territories" means the European Economic Area, Switzerland, and the United Kingdom.
If you have questions about or need further information concerning, the legal basis on which we collect and use your personal data, please email email@example.com.
European Residents’ Privacy Rights: In addition, if you are a resident of a European Territory, you have the following data subject access rights under EU data protection law:
If you wish to access, correct, update or request deletion of your personal data or If you wish to object to us processing your personal data or would like to otherwise restrict the processing of your personal data, we will honor that request. please write to us at firstname.lastname@example.org
Similarly, if we process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal data conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Territories are available from the European Data Protection Board website. However, if you have any questions about our collection and use of your personal data, we encourage you to contact us first at email@example.com.
In some cases, we act as a processor for our Customers (for example, when we handle our Customers’ CRM data solely to provide the Services) and, in those cases, you should direct any requests to exercise your data protection rights to the relevant Customer. If you are uncertain whether we process your personal data as a controller or a processor in any specific context, you can contact us at firstname.lastname@example.org and we will advise you accordingly.
This section supplements the information contained in this Service Privacy Notice and applies solely to visitors, users, and others who are residents of the State of California, as defined in Section 17014 of Title 18 of the California Code of Regulations. This section is effective as of January 1, 2020, to comply with the California Consumer Privacy Act of 2018(“CCPA”).
Any terms defined in the CCPA have the same meaning when used in this section.
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). This collection of information is listed in What Data We Collect.
We set out below the CCPA categories of personal information we have collected from consumers within the last twelve (12) months in respect of our Services. Please note that personal information in certain categories may overlap with other categories.
For clarity, under CCPA personal information does not include:
|Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R Part 99))||No|
|Identifiers||Yes||Directly and indirectly from consumers, third party data providers, ad exchanges, supply-side platforms and Audience Partners. In the case of business email addresses, RollWorks B2B Services may infer a business email address.||Device IP address, email address, cookie string data, pseudonymous data (e.g. hashed emails), operating system, and your device type, and mobile device's identifier (such as the Apple IDFA or Android Advertising ID) and any other unique identifier that may be assigned to any device by third parties and cross-referenced to recognize a device.|
|Personal information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))||Yes||Directly from third party data providers and Audience Partners.||Name, business address, business telephone number, education, employment, employment history, household income.the perceived general education level of consumers may be collected for marketing, advertising and analytics.|
|Protected classification characteristics under California or federal law||Yes||From Audience Partners.||Limited to age ranges such as 35-44, 45-54, 55-64 and 65+ and male/female gender categories are sometimes collected for use for NextRoll Services that do not carry a risk of unintended discrimination.|
|Commercial information||Yes||Directly from consumers and Customers.||Records of products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies.|
|Internet or other similar network activity||Yes||"Directly from browsing history on Customers’ Digital Properties. Non-personal information about one of our ads "||Browsing history, search history, information on a consumer's interaction with a website, application or advertisement.|
|Geolocation data||Yes||From users, ad exchanges, publishers and supply-side platforms and audience partners.||Non-precise geolocation derived from IP address.|
|Professional or employment-related information||Yes||Third party data providers and audience partners.||Current or past job history, including details about the employer (industry, name, company location, company domain or URL), and employee (positions held, duration of employment, and office location of the company where the employee worked).|
|Inferences drawn from other personal information||Yes||Audience partners.||Creating profiles that reflect consumer preferences and interests.|
Purposes for Which Personal Information is Collected
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose (as set out above). We do not sell your personal information to anyone.
The Data Sharing section sets out the personal information that we share with third parties.
Recotap discloses personal data for business purposes to perform advertising, marketing, and analytics and those purposes set out in
In the preceding twelve (12) months, we have disclosed personal information for our business purposes:
We disclose your personal information for a business purpose to the categories of third parties set out in the Data sharing section
We have not sold personal information to anyone, including the data partners, customers, affiliates, publishers.
Your Rights and Choices
The CCPA provides California residents with specific rights regarding their personal information. This section describes the rights of California residents under CCPA and provides information on how to exercise those rights.
You have the right to request that we disclose certain information to you about our collection and use of personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
Right to Delete
You have the right to request that we delete any of your personal information that we collect from you and retain, subject to certain exceptions. Once we receive and confirm your verifiable consumer request we will delete (and direct our services providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
Exercising Right to Know, Data Portability, and Right to Deletion
To exercise the right to know, data portability, and deletion rights described above, please submit the consumer request to us by either:
After submitting the request, a form will be sent to the requestor to verify the consumer request.
On the verification form, the requestor must:
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.
You may only make a verifiable request for access to data portability twice within a 12-month period.
We cannot respond to your request or provide you with personal information if we cannot: (i) verify your identity or authority to make the request; and (ii) confirm the personal information relates to you.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We will deliver our written response to you electronically unless you indicate delivery to be by mail.
Any disclosures we provide to you will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot complete a request, if applicable. Please note that personal information deleted during this period as set out in Data Retention will not be provided.
The format of our responses to you concerning personal information collected, disclosed, or sold will be provided in a readily useable format that should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
If we are required by applicable data protection laws to obtain your consent to any material changes before they come into effect, then we will do so in accordance with the law.