Data and Privacy
Your guide to industry frameworks, laws, and TUNE’s own practices
Our pledge to you: With TUNE products, your data always belongs to you. We do not leverage your data for unauthorized purposes, take a cut of your ad spend or revenue, or share your data without permission.
TUNE honors global privacy laws and requirements
We maintain high standards in safeguarding the data of our clients and their end users
TUNE defines privacy as the end user’s rights to receive notice, give consent, and opt-out of the collection, use, and sharing of data that is about or can identify that end user.
Notice to End Users
End User Opt Out (also referred to as Consumer Control, Choice or Access)
In accordance with the DAA standard, we offer an end user opt out for those features in the TMC that facilitate ad targeting. Visit www.optoutmobile.com for enhanced notice of how the TMC honors the DAA opt out rules.
TUNE Security is committed to the protection of our systems and your data, and we are proud to incorporate SOC 2 as criteria for measurement of TUNE products and services. By achieving SOC 2 Type II accreditation, TUNE is following through on its commitment to developing the marketing industry’s most trustworthy and transparent solution. SOC reports help companies maintain a proactive approach to managing risks, meet customer requests or contractual obligations, and build confidence and trust with our clients and end users. Please contact [email protected] and [email protected] to learn more about TUNE’s security policies and practices.
TUNE complies with regulatory requirements, as well as other industry best practice frameworks for enforcement. Some highlights:
- EU US Privacy Shield
As of September 26, 2016, TUNE’s US-EU data transfer practices are certified under the EU-US Privacy Shield Framework. See TUNE’s Privacy Shield Statement. You can also find a description of TUNE’s Privacy Shield certification on the Privacy Shield site. We work with TRUSTe for end user dispute resolution of all complaints stemming from TUNE’s transfer of commercial data under Privacy Shield. If the end user is unable to reach a resolution with the TUNE client or TUNE, they can file a complaint directly with TRUSTe.
- ePrivacy (TMC)
Attribution Analytics (AA) in the TMC has been certified under German and EU privacy law under the ePrivacy standard. Visit ePrivacy’s site to confirm and learn more.
- DAA Compliance (TMC)
In the TMC, we comply with the opt-out requirements of the DAA’s standard for targeted advertising. Visit www.optoutmobile.com to learn more.
Additional resources about data privacy
Depending on your end user data collection and use, these regulatory frameworks and industry guidance may apply:
- Ad Delivery: The National Advertising Initiative (NAI) applies to first and third parties engaged in ad delivery and related services. The Digital Advertising Alliance (DAA) standard is based on the 2009 FTC OBA Report and applies to first and third parties engaged in targeted or online behavioral advertising (OBA). In addition, the DAA has issued the “DAA Cross-Device Guidance,” to provide an industry standard around using data to track end users across devices for advertising.
- App Developers: In the US, the FTC provides guidance on both marketing and privacy compliance for mobile apps. In the EU, the Article 29 Working Party (lead data protection authorities from every EU member country) has recommendations for data collection on “smart mobile devices.”
- Data Security: The FTC’s Start With Security guide focuses on data security for app developers and the mobile ecosystem.
- Mobile Marketers: The Mobile Marketing Association (MMA) offers helpful guidelines.
Privacy Laws in the United States:
- US federal laws take a “sectoral” approach to privacy that protects data by type and use. In addition, several states have individual privacy laws.
- Collecting Health Data: You will need to comply with the HIPPA privacy and security rules.
- Doing Business in California: Review the California Attorney General’s online privacy microsite.
- Confirming Recent FTC Rulings: Visit the FTC Casebook, maintained by the International Association of Privacy Professionals (IAPP).
- Looking for more? Review the full list of US federal privacy laws and individual state privacy laws.
Privacy Laws in the European Union
- The EU currently has a comprehensive data protection law that applies to all online and offline data. New requirements will come into force in May 2018. You can find a summary of these requirements (courtesy of Promontory), available here.
- App developers in Europe should be mindful of the 2013 guidance from the Article 29 Working Party on smart devices.
Privacy Laws in the Asia-Pacific Economic Cooperation
- APEC’s Cross Border Privacy Rules System covers data transfers between the 21 countries included in the APEC system.