TUNE Privacy Shield Statement
& U.S.—E.U. Data Transfers

A. NOTICE & CHOICE

1. Affirmative Statement of Participation in the EU-US Privacy Shield Framework
This Statement complies with the EU-U.S. Privacy Shield Framework (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and sharing of personal information transferred from the European Union to the United States.

Please see confirmation of our Privacy Shield certification here.

This Privacy Shield Statement describes how TUNE collects, uses, and transfers data from the EU to the US. Please also refer to TUNE’s privacy policies:

For the HasOffers privacy policy, CLICK HERE
For the TMC privacy policy, please CLICK HERE
For the tune.com privacy policy, please CLICK HERE

2. Jurisdiction
TUNE has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. TUNE states that if there is any conflict between the terms of any TUNE privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. TUNE is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). To learn more about the Privacy Shield program, and to view TUNE’s Privacy Shield certification, please visit www.privacyshield.gov.

3. Scope
TUNE’s participation in the Privacy Shield applies to its collection, use, and sharing of commercial data (data that TUNE collects on behalf of its clients or their partners) and
internal data (data that TUNE collects for TUNE internal purposes e.g. human resources).

4. TUNE’s Data Collection Processes

TUNE Commercial Data Processing
TUNE creates B2B solutions to help companies manage digital marketing campaigns, engage the right audiences, optimize advertising performance, and maximize business with their partners.

Some TUNE clients use our solutions to measure effective of ad campaigns by measuring user-resettable advertising identifiers (e.g. Apple’s Identifier for Advertising (“IDFA”), Google Ad IDs). Other clients may use TUNE technology to collect and analyze other data, some of which may be viewed as “personal data” or “personally identifiable data” under EU data protection laws. Please refer to the privacy policy for the relevant TUNE product to learn more about TUNE collects, uses, and shares data on behalf of clients.

TUNE End User Data & Privacy Policies
Both TUNE and our clients are responsible for end user privacy. Although TUNE is not end user facing, TUNE provides end user data and privacy policies for our two primary SaaS solutions, HasOffers and the TMC, as well as a separate policy for the TUNE corporate family of websites.

In accordance with the US DAA co-regulatory framework for targeted online advertising, TUNE provides an end user opt out for certain features of the TUNE Marketing Console that involve the use of data, including personal data, for ad targeting purposes. More details are available at: www.optoutmobile.com.

TUNE contractually requires that its clients (i) provide the necessary notices and obtain informed consents from their end users for data collection using TUNE solutions and (ii) refrain from processing unsecured personal data using TUNE solutions.

TUNE Employee & Internal Data & Privacy Policies
TUNE has an employee data and privacy policy. Both TUNE’s employee data and privacy policy and Privacy Shield filing have been submitted to the U.S. Department of Commerce. TUNE employees are aware of and have been trained on this policy, which is also available on the company’s intranet.

B. ACCOUNTABILITY FOR ONWARD TRANSFERS

To effectively process data on behalf of a client to serve the client’s needs, TUNE may need to share that data with certain third parties or sub-processors. In such instances, TUNE will execute any needed contracts, clauses or addendums to ensure that any third-party agents that it engages to process personal data does so in a manner that is consistent with the Privacy Shield Principles.

C. SECURITY

TUNE uses reasonable and appropriate measures to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account any inherent risks and the nature of the personal data involved.

TUNE is a SaaS company that operates within segregated private datacenters as well as the public cloud. Data collected by TUNE is co-located in secure locations operated by Amazon (AWS) and Equinix in the United States.

TUNE utilizes AWS data centers in the following locations: US East (Northern Virginia), US West (Northern California), EU (Ireland), and APN (Japan). TUNE also uses Equinix data centers in Northern Virginia. Details on AWS and Equinix security certifications and procedures may be found here and here, respectively.

TUNE solutions are built on the AWS platform, and provide clients a variety of pseudonymization & security tools to secure data that may be considered “personal” or “personally identifiable” under the laws of a particular jurisdiction.

D. DATA INTEGRITY & PURPOSE LIMITATION

The TUNE data pledge expressly disclaims ownership of data in favor of the TUNE client. Furthermore, it is the TUNE client, not TUNE, that determines the “purposes and means” of data processing, include data retention and termination. Under EU law, TUNE is the “data processor” that processes data on instruction from the client or data controller (the entity that determines the “purposes and means” of the data processing in question).

E. ACCESS

TUNE collects data on behalf of its business clients, and is not an end user facing company.

In accordance with the US DAA co-regulatory framework for targeted online advertising, TUNE provides an end user opt out for certain features of the TUNE Marketing Console that involve the use of data, including personal data, for ad targeting purposes. More details are available at: www.optoutmobile.com.

For any other access request, TUNE would refer the end user to the TUNE client’s app or site that has the direct relationship with that end user.

F. RECOURSE & ENFORCEMENT

TUNE informs end users that, if they have an unresolved privacy or data use concern that TUNE has not addressed satisfactorily, the end user should contact TUNE’s U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

For consumer (end user) complaints, please contact the app or TUNE client directly. For any complaints that cannot be resolved directly, TUNE has chosen to work with TRUSTe for dispute resolution of commercial data complaints.

For dispute resolution of any internal (including HR) data complaints, TUNE works directly with the EU Data Protection Authorities.

In instances where other redress possibilities have been exhausted under EU law, or where the complaint has not been resolved by any other means, TUNE will provide EU end users a binding arbitration option before the Privacy Shield Panel. TUNE acknowledges that any final decision by the Privacy Shield Panel is a legally binding decision, enforceable in US courts.

G. DISCLOSURES TO LAW ENFORCEMENT
TUNE may disclose data in response to lawful requests by public authorities, and to meet national security or law enforcement requirements.

TRUSTe