TUNE Privacy Shield Statement
& EU-U.S. Data Transfers
A. NOTICE & CHOICE
1. Affirmative Statement of Participation in the EU-U.S. Privacy Shield Framework
This Statement complies with the EU-U.S. Privacy Shield Framework (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and sharing of personal information transferred from the European Union (and the United Kingdom) to the United States.
Please see confirmation of our Privacy Shield certification here.
TUNE’s participation in the Privacy Shield applies to its collection, use, and sharing of commercial data (data that TUNE collects on behalf of its clients or their partners) and internal data (data that TUNE collects for TUNE internal purposes, e.g. human resources).
4. TUNE’s Data Collection Processes
TUNE Commercial Data Processing
TUNE creates business-to-business solutions to help companies manage digital marketing campaigns, engage the right audiences, optimize advertising performance, and maximize business with their partners.
TUNE End User Data & Privacy Policies
TUNE contractually requires that its clients (i) provide the necessary notices and obtain informed consents from their end users for data collection using TUNE solutions and (ii) refrain from processing unsecured personal data using TUNE solutions.
TUNE Employee & Internal Data & Privacy Policies
B. ACCOUNTABILITY FOR ONWARD TRANSFERS
To effectively process data on behalf of a client to serve the client’s needs, TUNE may need to share that data with certain third parties or sub-processors. In such instances, TUNE will execute any needed contracts, clauses or addendums to ensure that any third-party agents that it engages to process personal data does so in a manner that is consistent with the Privacy Shield Principles.
TUNE uses reasonable and appropriate measures to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account any inherent risks and the nature of the personal data involved.
TUNE is a SaaS company that operates within segregated private datacenters as well as the public cloud. Data collected by TUNE is co-located in secure locations operated by Amazon (AWS) in the United States.
TUNE utilizes AWS data centers in the following locations: U.S. East (Northern Virginia), US West (Northern California), EU (Ireland), and APN (Japan). Details on AWS security certifications and procedures may be found here.
TUNE solutions are built on the AWS platform, and provide clients a variety of pseudonymization and security tools to secure data that may be considered “personal” or “personally identifiable” under the laws of a particular jurisdiction.
D. DATA INTEGRITY & PURPOSE LIMITATION
The TUNE data pledge expressly disclaims ownership of data in favor of the TUNE client. Furthermore, it is the TUNE client, not TUNE, that determines the “purposes and means” of data processing, include data retention (beyond TUNE’s standard data retention policies) and termination. Under EU law, TUNE is the “data processor” that processes data on instruction from the client or data controller (the entity that determines the “purposes and means” of the data processing in question).
TUNE collects data on behalf of its business clients, and is not an end user facing company. Nonetheless, TUNE provides end user data rights guidance at optoutmobile.com.
For access requests in situations where TUNE acts as the data processor, TUNE refers the end user to the TUNE client’s app or site that has the direct relationship with that end user.
F. RECOURSE & ENFORCEMENT
For consumer (end user) complaints, if you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
For dispute resolution of any internal (including HR) data complaints, TUNE works directly with the EU Data Protection Authorities.
In instances where other redress possibilities have been exhausted under EU law, or where the complaint has not been resolved by any other means, TUNE will provide EU end users a binding arbitration option before the Privacy Shield Panel. TUNE acknowledges that any final decision by the Privacy Shield Panel is a legally binding decision, enforceable in U.S. courts.
G. DISCLOSURES TO LAW ENFORCEMENT
TUNE may disclose data in response to lawful requests by public authorities, and to meet national security or law enforcement requirements.