TUNE Privacy Shield Statement
& EU-U.S. Data Transfers
A. NOTICE & CHOICE
1. Affirmative Statement of Participation in the EU-U.S. Privacy Shield Framework
This Statement complies with the EU-U.S. Privacy Shield Framework (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and sharing of personal information transferred from the European Union (and the United Kingdom) to the United States.
Please see confirmation of our Privacy Shield certification here.
This Privacy Shield Statement describes how TUNE collects, uses, and transfers data from the EU (and the United Kingdom) to the U.S. Please also refer to TUNE’s privacy policy.
2. Jurisdiction
TUNE has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. TUNE states that if there is any conflict between the terms of any TUNE privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. TUNE is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). To learn more about the Privacy Shield program, and to view TUNE’s Privacy Shield certification, please visit www.privacyshield.gov.
3. Scope
TUNE’s participation in the Privacy Shield applies to its collection, use, and sharing of commercial data (data that TUNE collects on behalf of its clients or their partners) and internal data (data that TUNE collects for TUNE internal purposes, e.g. human resources).
4. TUNE’s Data Collection Processes
TUNE Commercial Data Processing
TUNE creates business-to-business solutions to help companies manage digital marketing campaigns, engage the right audiences, optimize advertising performance, and maximize business with their partners.
Some TUNE clients use our solutions to measure effective of ad campaigns by measuring user-resettable advertising identifiers (e.g. Apple’s Identifier for Advertising (“IDFA”), Google Ad IDs). Other clients may use TUNE technology to collect and analyze other data, some of which may be viewed as “personal data” or “personally identifiable data” under EU data protection laws. Please refer to the privacy policy for the relevant TUNE product to learn more about TUNE collects, uses, and shares data on behalf of clients.
TUNE End User Data & Privacy Policies
Both TUNE and our clients are responsible for end user privacy. Although TUNE is not end user facing, TUNE provides a privacy policy and end user data rights guidance at: optoutmobile.com.
TUNE contractually requires that its clients (i) provide the necessary notices and obtain informed consents from their end users for data collection using TUNE solutions and (ii) refrain from processing unsecured personal data using TUNE solutions.
TUNE Employee & Internal Data & Privacy Policies
TUNE has an employee data and privacy policy. Both TUNE’s employee data and privacy policy and Privacy Shield filing have been submitted to the U.S. Department of Commerce. TUNE employees are aware of and have been trained on this policy, which is also available on the company’s intranet.
B. ACCOUNTABILITY FOR ONWARD TRANSFERS
To effectively process data on behalf of a client to serve the client’s needs, TUNE may need to share that data with certain third parties or sub-processors. In such instances, TUNE will execute any needed contracts, clauses or addendums to ensure that any third-party agents that it engages to process personal data does so in a manner that is consistent with the Privacy Shield Principles.
C. SECURITY
TUNE uses reasonable and appropriate measures to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account any inherent risks and the nature of the personal data involved.
TUNE is a SaaS company that operates within segregated private datacenters as well as the public cloud. Data collected by TUNE is co-located in secure locations operated by Amazon (AWS) in the United States.
TUNE utilizes AWS data centers in the following locations: U.S. East (Northern Virginia), US West (Northern California), EU (Ireland), and APN (Japan). Details on AWS security certifications and procedures may be found here.
TUNE solutions are built on the AWS platform, and provide clients a variety of pseudonymization and security tools to secure data that may be considered “personal” or “personally identifiable” under the laws of a particular jurisdiction.
D. DATA INTEGRITY & PURPOSE LIMITATION
The TUNE data pledge expressly disclaims ownership of data in favor of the TUNE client. Furthermore, it is the TUNE client, not TUNE, that determines the “purposes and means” of data processing, include data retention (beyond TUNE’s standard data retention policies) and termination. Under EU law, TUNE is the “data processor” that processes data on instruction from the client or data controller (the entity that determines the “purposes and means” of the data processing in question).
E. ACCESS
TUNE collects data on behalf of its business clients, and is not an end user facing company. Nonetheless, TUNE provides end user data rights guidance at optoutmobile.com.
For access requests in situations where TUNE acts as the data processor, TUNE refers the end user to the TUNE client’s app or site that has the direct relationship with that end user.
F. RECOURSE & ENFORCEMENT
For consumer (end user) complaints, if you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
For dispute resolution of any internal (including HR) data complaints, TUNE works directly with the EU Data Protection Authorities.
In instances where other redress possibilities have been exhausted under EU law, or where the complaint has not been resolved by any other means, TUNE will provide EU end users a binding arbitration option before the Privacy Shield Panel. TUNE acknowledges that any final decision by the Privacy Shield Panel is a legally binding decision, enforceable in U.S. courts.
G. DISCLOSURES TO LAW ENFORCEMENT
TUNE may disclose data in response to lawful requests by public authorities, and to meet national security or law enforcement requirements.