TUNE Privacy Policy

Effective April 26, 2019

TUNE, Inc. (“TUNE”, “we”, “us”, “our”, and formerly known as “HasOffers”) provides a partner marketing platform. This Privacy Policy is provided to help you understand how TUNE processes (i) end user data on behalf of our clients who use the TUNE partner marketing platform, and (ii) your data when you visit TUNE’s corporate family of websites, including tune.com (the “Websites”). It does not state the use practices or policies of our clients, of the websites or apps on which ads are shown, or of other parties.

TUNE cares about how end user data is collected, used, and shared. We are a “data processor” that collects and analyzes end user data at the specific request of our clients, the “data controllers”.

TUNE Platform and Data Pledge

TUNE is the leading partner marketing platform, used by the world’s top mobile and desktop advertisers and networks to measure and manage their online advertising relationships. Clients use TUNE to assess the effectiveness of their partner relationships and act on those results.

Pursuant to the TUNE Data Pledge, our clients determine the data that they provide to and collect through TUNE. Clients’ use, collection, exportation, or any other use of end user data is governed by their own privacy policies and applicable laws, rules, or regulations.

What Information Does TUNE Collect From Clients?

At the direction of our clients, who act as data controllers, TUNE collects the following types of information from end users to help clients measure and manage their marketing partner relationships:

Ad Identifiers (unique character strings associated with user devices that help monitor and measure user interactions with advertisements and apps, such as Apple’s IDFA and Google Ad ID; Ad Identifiers may be reset by the user)
IP address
Cookies
Pixel tags
Imprecise geographic location data derived from IP address and/or wifi networks

Our clients may also choose to share certain account information for both clients and their partners on the TUNE Platform. This may include corporate and employee information necessary to maintain the services and up-to-date contact information, including: name, mailing and/or billing address, email address, company name, website url, user name, password, and phone number. Clients using TUNE to manage payouts to their partners may also choose to share certain banking information as necessary to carry out the services.

Clients can also choose to view and measure information provided by other third-party sources in the TUNE Platform. Those sources may include advertisers, publishers, marketing partners, and other advertising networks and analytics partners. Marketing partners may sign up with advertisers through the TUNE Platform or through their own customer website. Marketing partner information provided to our advertiser clients may be used by TUNE for fraud prevention purposes and to fulfill contractual requirements with our advertisers.

Clients own the data that they provide to and collect through the TUNE Platform. When clients remove or export their data from the TUNE Platform, their use of data is governed by their own privacy policies and applicable laws, rules, or regulations. TUNE serves as a data processor, acting at the direction of our data controller clients. Specific fields that likely contain personal data, such as IP address or device ID, may be obfuscated or blanked, respectively, by the TUNE client. Additional information on how we categorize and treat data is available here.

What Information Does TUNE Collect On the Websites From End Users?

When you visit the Websites, TUNE collects information about your device and use of the Websites to understand how to improve its Websites. TUNE also collects any information you voluntarily provide when you visit the Websites to learn more about TUNE and its products, sign up for TUNE services, or apply for employment at TUNE. The type of information collected will depend on your request and interaction with the Websites. Categories of information may include specific times of day you accessed the Websites, the IP address of the device you used to access the Websites, the pages on the Websites that you viewed, the pages you visited before navigating to the Website(s), and information about the device you use to access the Websites, including hardware model, operating system and version, and browser.

TUNE uses the information collected on the Websites for various purposes, including:

Ensuring its Websites remain relevant to end user needs and are easy to use by providing analytics and other data regarding use of our Websites.
Sending marketing and promotional communications in compliance with applicable laws.
Enhancing, improving, or modifying its Websites and services, enhancing security, or combating spam or malware or other security risks.
Providing confirmations, invoices, technical notices, updates, security alerts, and other support and administrative messages.

How Do Clients Use TUNE To Collect Information From Users?

Clients may use TUNE for pixel or server postback tracking to collect certain performance marketing information about end users. Pixel tracking (also called “cookie-based tracking” or “client-side tracking”) methods store a TUNE session identifier in a user’s browser cookie on click. In postback tracking (also called “server-side tracking”), TUNE directly sends a session identifier to the advertiser on click. On conversion, the advertiser then communicates that identifier to TUNE for validation.

TUNE also supports server-to-server measurement for some clients. With any of the mentioned methods, when an end user clicks on an advertisement and goes to a specific web page or mobile app action that a client chooses to measure, TUNE collects information from the user’s device, including but not limited to IP address and ad identifiers.

How May Clients Use TUNE To Process Information From End Users?

Measuring performance of ad campaigns, including creation of customized performance reports
Measuring performance of various marketing partners selected by the client
Serving ads through TUNE using data that does not personally identify users
Managing relationships with marketing partners, including payouts on measured conversions and establishing automated workflows to establishing advertising offers

In Which Instances Might TUNE Share End User Data With Third Parties?

Except as described in this Privacy Policy, TUNE will not share personally identifiable information collected on the Websites or in the TUNE Platform with other people or non-affiliated companies unless we have your consent, or under the following circumstances:

With third party service providers who work for us and need access to your information to do their work on our behalf, such as providing customer support features, processing payments, and storing data (e.g. Amazon Web Services). All such third-party vendors have agreed to protect the confidentiality of information provided by TUNE.
To protect the rights and property of TUNE, our agents, customers, users, and others, including to enforce our agreements, policies, and terms of use.
If required to do so by law, such as to comply with a subpoena or court order, or in the good-faith belief that such action is reasonably necessary to protect our rights, protect your safety or the safety of others, prevent fraudulent, malicious, or unlawful activity, investigate fraud, or respond to a government request.
As part of any merger, acquisition, debt financing, or sale of company assets or other event in which information could be transferred to third parties as one of the business assets of the company.

We may also share aggregated or anonymized information in a form that does not directly identify you or any end users with any third parties.

Our Website includes links to other websites whose privacy practices may differ from those of TUNE. If you submit personal information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

End User Choice, Opt Outs, and Disabling Cookies and Advertising Identifiers

End users can disable cookies in most internet browsers. An overview of the process is available here. Disabling cookies will not, however, stop receipt of all advertisements. If an end user would like to opt out of a particular ad network, publisher, or advertiser’s ads, they will need to contact those companies directly to inquire whether they have an opt-out option.End users can also disable collection of Ad Identifiers for targeted advertising by enabling the Limit Ad Tracking setting on their smartphone. End users can also reset the Ad Identifier altogether using their smartphone’s privacy settings. TUNE collects data on behalf of its business clients, and is not an end user facing company. Nonetheless, TUNE provides end user data rights guidance at https://optoutmobile.com.

Learn more about how to control your data via our third party partners’ relevant privacy documentation regarding end user rights: Pendo, Intercom, Marketo, Zendesk, NetSuite by Oracle, SalesForce, Google Analytics, LiveChat, TransferWise, and Inspectlet.

TUNE Publications
If you no longer wish to receive TUNE publications (e.g. newsletters, blog digests), you may opt out using the unsubscribe link located at the bottom of each communication or by updating your preferences here. If you opt out, we may still send you non-promotional communications, such as those about your account or our ongoing business relations. We will respond to your opt out request to access within a reasonable timeframe.

Local Shared Objects (Flash Cookies) and Local Storage (HTML5) Opt Out
Third parties with whom we partner may use local shared objects (flash cookies), and we and our third parties use local storage (HTML5) to provide certain features on our Websites, to display advertising based on your web browsing activity, and to store content information and preferences. Various browsers may offer their own management tools for removing HTML 5. To manage Flash cookies, please click here.

TUNE (formerly known as HasOffers) is a participant of the Google Third Party Serving Compatibility Program. Clients that choose to advertise with Google must abide by Google’s Third-Party Ad Serving Policy available at https://support.google.com/adspolicy/answer/94230, as well as privacy principles to which TUNE ascribes, including with regard to data collection, functional cookie opt-outs, and ad identifier tracking.

How Does TUNE Adhere to GDPR Principles?

TUNE serves as a data processor under GDPR, and adheres to the principles and rules of GDPR. Specifically, TUNE implements privacy by design and default principles, ensures limited data retention protocols, adheres to incident response norms, allows for appropriate third party audits, ensures data is only transferred internationally with a lawful basis, only contracts with subprocessors with adequate written commitments to data processing, respects data subject rights, does not process sensitive personal data, and provides data processing agreements to all appropriate clients and partners. (In addition to GDPR, TUNE respects and adheres to similar data privacy laws in other jurisdictions, such as the California Consumer Privacy Act.)

To end users who access the Websites: TUNE retains your information for as long as your account is active or as needed to provide you TUNE services. TUNE applies data retention rules to abide by data minimization principles; such rules are outlined at the of TUNE’s secure data support document available here. In most cases, reliance on TUNE’s existing data retention rules will satisfy the end user request within a reasonable period of time. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, unless a longer retention period is required or permitted by law.

Data Retention, Use, Access, Corrections, and Removal
TUNE retains your information for as long as your account is active or as needed to provide you TUNE services. TUNE applies data retention rules to abide by data minimization principles; such rules are outlined at the end of TUNE’s secure data support document available here. In most cases, reliance on TUNE’s existing data retention rules will satisfy the end user request within a reasonable period of time. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, unless a longer retention period is required or permitted by law and helpful for the service to function properly.

Under GDPR, you have the right as a data controller to:

Request information about the processing of your data, as well as the receipt of a copy of your personal data. You can request information on the purposes of the processing, the categories of personal data being processed, the recipients of the data (if they are passed on), the duration of the storage or the criteria for determining the duration.
Correct your data. Should your personal data be incomplete, you have the right to complete the data, taking into account the processing purposes.
Delete or block your data. Reasons for the existence of a cancellation/blocking right can be, among others, the revocation of the consent on which the processing is based, the data subject objects to the processing, the personal data were processed unlawfully.
Restrict the processing.
Object to the processing of your data.
Revoke your consent to the processing of your data in the future.
Complain to the competent supervisory authority about inadmissible data processing.

If you wish to access, amend, correct, remove, or limit use of your information as it is used for access to the Websites, update your preferences here. For information on TUNE’s approach to and preparation for GDPR, please CLICK HERE.

Legal Basis
Your data will be processed on the following legal bases:

Your consent to data controllers in accordance with Art. 6 (1)(a) GDPR;
For the performance of a contract with you in accordance with Art. 6 (1)(b) GDPR;
For the fulfilment of statutory obligations in accordance with Art. 6 (1)(c) GDPR; or
From a legitimate interest in accordance with Art. 6 (1)(f) GDPR (and, to the extent we base the processing of your personal data on legitimate interests, such data will only be sued to improve or carry our services, protect against misuse or fraud, and maintain statistical integrity with business partners and customers).

EU To U.S. Data Transfers

TUNE has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. See TUNE’s Privacy Shield Statement here. To learn more about Privacy Shield, please visit www.privacyshield.gov.

In the process of providing services to you, we may transfer information that we collect to affiliated entities, or to other third parties across borders from your country or jurisdiction to other countries or jurisdictions around the world. By using the Websites or signing up for an account with TUNE, you consent to the transfer of your information to the United States.

Security

TUNE uses commercially reasonable efforts, including a variety of security technologies and procedures, to help protect client and end user data from unauthorized access, use, or disclosure, both during transmission and once it is received.

What Happens If This Privacy Policy Is Changed?

TUNE may find it necessary to update this Privacy Policy from time to time. Please check this Privacy Policy, as any changes will be posted on this site.

Questions About This Privacy Policy?

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge to you) at https://feedback-form.truste.com/watchdog/request.

Contact Information

If you have any questions regarding this Privacy Policy, or would like more information on our privacy practices, please contact us at [email protected] or by mail at:

TUNE, Inc.
11350 McCormick Rd., Executive Plaza III, Suite 200
Hunt Valley, MD, 21031
Attn: Legal Department

TUNE has also appointed an external ePrivacy GmbH as its external Data Protection Officer. For all requests concerning the security of your data, you can contact our data protection officer at “[email protected].” If you have a particularly sensitive request, please contact our data protection officer by postal mail (available below).

External Data Protection Officer
ePrivacy GmbH
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21, 20354 Hamburg