NORTHERN HEAT RIB SERIES
PRIVACY POLICY

1. ABOUT NORTHERN HEAT RIB SERIES SERVICES

When you visit a website or a mobile application operated by Northern Heat Rib Series (collectively “Digital Properties”), open an email from us, or we serve you an ad on behalf of an Advertiser on a third party site, we may collect data as described in this Privacy Notice. Our platform uses that data, as well as other data described below, to help Advertisers provide ads and send emails to you that are more relevant to you.

For example, if you visit our website in search of the perfect rib fest experience, but don’t purchase a meal just yet because you are still looking, we may later show you Northern Heat Rib Series ads to encourage you to come back and purchase one of our meal packages, perhaps even with a discount offer or notice of an upcoming event. We may also show you ads from additional product recommendations you may be interested in, such as for an upcoming event, as you browse the internet. If you gave us your email address for marketing purposes, we may also serve Northern Heat Rib Series ads to you through other channels, such as by email.

We also collect analytics to help us measure whether our campaigns were successful or not — for instance, by measuring whether particular campaigns led to consumers taking a particular action, like buying a product or visiting a website (sometimes called a “conversion”).

We also monitor what IP address ranges visitors to our customers’ websites are from, match those IP address ranges to companies, and use that information to provide aggregated reports to companies regarding our website traffic.

2. WHAT DATA WE COLLECT

We collect the following categories of information for the purposes explained below.

• Activity on Advertisers’ Digital Properties: This is data about your browsing activity on the Advertiser’s website or application. For example, which pages you visited and when, what items were clicked on a page, how much time was spent on a page, whether you downloaded a white paper on a business to business (“B2B”) website, what items you placed into your online shopping cart, what products were purchased and the price of the products purchased.
• Device and browser information: This is technical information about the device or browser you use to access the Advertiser’s Digital Property. For example, your device’s IP address, cookie string data, operating system, and (in the case of mobile devices) your device type, and mobile device’s identifier (such as the Apple IDFA or Android Advertising ID, and any other unique identifier that may be assigned to the mobile device).
• Ad data: This is data about the online ads we have served (or attempted to serve) to you. For example, how many times an ad has been served to you, what page the ad appeared on, and whether you clicked on or otherwise interacted with the ad. This data includes information about how well our clients’ ads
• Data from Advertising Partners: This is data that we lawfully receive from other digital advertising companies that we work with (“Advertising Partners”) to help us deliver ads to you and recognize you across browsers and devices. This may include pseudonymous advertiser identifiers (meaning identifiers that help identify your browser or device, but do not directly identify you as a person) which some Advertisers or other third party Advertising Platforms choose to share with us – for example, your “Customer ID” with an Advertiser, a pseudonymous identifier (such as a cookie) associated with a hashed version of your email address, or demographic data such as age range. We may work with our Advertisers and Advertising Partners to synchronize their unique, pseudonymous identifiers to our own to enable us to more accurately recognise a particular unique browser or device and the advertising interests associated with it.
• Email and CRM data from Advertisers: Some Advertisers choose to share clear email addresses (as opposed to hashed email addresses, described below) or other contact information belonging to their customers with us, so that (with the help of Advertising Partners) we can help the Advertiser serve, measure and analyze targeted ads to customers. For example, if you have given Northern Heat Rib Series your email address, through our service, we may send you a promotional email for event information you looked at but did not purchase. Similarly if you provided your email to a software website when you downloaded a white paper, through our services the software company may send you a follow up email providing you with more information about the software company’s products or services. We use our Advertiser’s CRM Data (e.g., their customer lists or other information they provide to us about their customers) that consists of clear email addresses only for the purpose of assisting that particular Advertiser with their own advertising efforts and, in some cases, so we can report performance data back to the Advertiser’s CRM / reporting system. We do not share clear email addresses with other third parties for their advertising purposes.
• Email Communications: Clients may provide us with access to their email communications from their prospective customers when they have engaged us to provide email marketing services. When access to such information involves access to Gmail data “Gmail Data”, such access will be subject to these additional restrictions:
  • We will only use access to read, write, modify or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail Data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets;
  • We will not use this Gmail Data for serving advertisements; and
  • We will not allow humans to read this data unless agreed to by the Client, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the provision of Errington Marketing’s services.
• Hashed email addresses: If an Advertiser permits us, we collect hashed versions of the emails that consumers have entered on that Advertiser’s site. Hashing is a “one-way function” that effectively pseudonymizes email addresses.. 

We take this step to de-identify data and protect email addresses, while being able to use an identifier to better connect devices and browsers. We then employ these hashed emails (along with other information) for cross-device targeting, in order to try to recognize users across devices and browsers – for instance, to find the same user across multiple devices such as computers, tablets, and mobile devices. We describe how this helps us better provide our services in “How We Use the Data We Collect” below.

• Contact Information. We obtain and collect contact information from various third party sources, including from public sources and through licenses with data providers. We may also infer contact information based on email addresses and email naming conventions. This contact information is B2B information – in other words, it is usually the contact information of someone at a business email address, business street address, or sometimes, a business telephone number. We will not collect contact information this way for individuals who are located in European Territories.
• Shopping Information. Some Advertisers provide us with information about their customers’ shopping habits, including transactional information, product codes, and check-out activity (along with browsing information that we collect). This information may come from their websites or other transactional information they (or their service providers) maintain. We generally use this information to help us better target, personalize, and measure the effectiveness of advertising campaigns.
• Information We Receive in Our Corporate Capacity. We also collect information from our own customers and those who visit our website(s). To learn more about how we collect and use that information, please see our Website Privacy Notice.

3. HOW WE USE THE DATA WE COLLECT

We use this data to help us identify and serve ads to you that are more relevant to you. We also use this data to operate, improve and enhance our services including enhancing the data points we have about a particular user, browser, or device to serve the most relevant ads to you and, in turn, improve performance of our ad campaigns. Specifically, we use this data for:

• Targeting: Selecting ads that are more likely to be relevant to you based on the interests previously associated with your device and the time of day you may be most interested in viewing these specific ads. For example, we may show you ads for your favorite shopping site (or similar sites we think you may like) during lunch or commute hours.
• Frequency capping: Making sure that you don’t see the same ad too many times.
• Sequencing: If you are being served a sequence of ads, making sure we show you the right ad next in the sequence.
• Cross-device matching: Identifying different devices that are likely to be associated with you so that ads can be targeted, capped and sequenced across those devices, and so that campaign effectiveness can be measured and analyzed. For example, cross-device matching helps us NOT show you ads for the shoes you were looking at on your phone but already purchased on your tablet. Instead we’ll try to show you ads for an upcoming triathlon where you can put those shoes to work. It also helps us match devices so we can honor your opt-out choices across all devices we know are connected to the opted-out cookie. You may opt-out of being targeted in the above “cross-device” and “cross-channel” ways by employing the respective opt-out techniques we describe in the “Your Choices and Opting-Out of Targeted Ads” section below.
• Attribution: Monitoring when, where, and at what price we served certain ads on behalf of an Advertiser so that we can measure our influence on the marketing results of the Advertiser’s campaigns and overall marketing strategy. For example, being able to measure if a certain ad campaign (the ads shown and to whom they were shown) actually sold more soccer balls for ACME Soccer Ball Co.
• Reporting: Providing Advertisers insights into how their ads are performing and gain insights into their customers. Reporting may include ad metrics such as impressions, clicks, and conversions (however the Advertiser may define a “conversion” such as, for example, a sale or a white paper download, or a correlation to an actual or inferred sale, site visit or store visit). This data allows an Advertiser to determine if an ad is not performing well (customers are not clicking on it), so that the Advertiser will be able to see that data and update the ad (perhaps with a better deal!). With respect to specific cookie data, we limit reporting to cookie activity on the specific Advertiser’s website and which ads were shown, whether there was engagement with those ads.
• Licensing Data: We may license any of the information we receive, create or collect to our Clients or other third parties. For instance, as mentioned in the “What Data We Collect” section, when we receive an email address from a third party or derive an email address, we may license that to our Clients.
• Conducting Our Corporate Operations. As to information we collect in our corporate capacity – our own B2B lists of customers and prospective customers – we use that information to conduct our business operations and communications. Please see our Website Privacy Notice to learn more about how we use that information.

4. DATA SHARING

We may disclose information about you:

• With our service providers: We contract with companies who help with parts of our business operations (e.g., for example, website and data hosting, fraud prevention, viewability reporting, data hygiene, marketing, and email delivery), as well as billing, collections, tech, customer and operational support.
• In connection with legal proceedings: When we are under a legal obligation to do so, for example to comply with a binding order of a court, or where disclosure is necessary to exercise, establish or defend the legal rights of Errington Marketing, our Advertisers or any other third party.
• To comply with legal process: To satisfy in good faith any applicable law, legal process, or proper governmental request, such as to respond to a subpoena (whether civil or criminal) or similar process.
• To investigate wrongdoing and protect ourselves or third parties: To violation of the law, or to protect ourselves, our customers, or any third party from any potential harm (whether tangible or intangible).
• In connection with a sale of our business: If a third party acquires some or all of our business or assets, we may disclose your information in connection with the sale (including during due diligence in preparation for the sale).
• With our Advertising Partners: We also share hashed email addresses (or other pseudonymous identifiers associated with those hashes), technical data that we collect about your browsing habits and your device (such as data relating to our cookies, tracking pixels and similar technologies) with other companies in the digital advertising hecosystem. This enables them and us to better personalize ads to you.

5. COOKIES AND RELATED TECHNOLOGIES

Northern Heat Rib Series uses cookies, tracking pixels and related technologies to provide our services. Cookies are small data files that are served by our platform and stored on your device.

Tracking cookies enable us to identify your device when you move between different Digital Properties, so that we can serve targeted advertising to you.

• Our Advertising Partners may also drop cookies for the purposes described above. Generally, the type of cookies dropped will vary depending on the Advertising Partner.
• Additionally, we use non-tracking cookies (not unique) to store user decisions in terms of your ad consent and opt-out choices:

6. YOUR CHOICES AND OPTING-OUT OF TARGETED ADS

We recognize how important your online privacy is to you, so we offer the following options for controlling the targeted ads (sometimes called “interest-based ads”) you receive and how we use your data.

Opting-out of this type of advertising through the below methods will not prevent you from seeing ads, but those ads will likely be less relevant because they will not be tailored to your interests. The ads might, for instance, be randomly generated or based on the web page you are visiting.

• Web browser: You can opt-out of receiving personalized ads (including retargeted ads) served by us or on our behalf by clicking on the blue icon that typically appears in the corner of the ads we serve and following the instructions provided. Please note that this “opt-out” function is browser-specific and relies on an “opt-out cookie”, thus, if you delete your cookies or upgrade your browser after having opted out, you will need to opt-out again. If you use a Safari browser, please also see directions regarding our cookie-less technology opt-out, below.
• Cross Device Opt-Out: In some cases we may link multiple browsers or devices to you. If you opt-out on a browser or device and we have additional devices or browsers linked to you, we will extend your opt-out decision to any other linked browsers and devices. Since we only link users across browsers and devices in some conditions, there could be cases where you are still being tracked in a different browser or device we have not linked, and where we are treating you as a different user.
• Mobile Device Opt-Out: To opt-out of receiving targeted ads that are based on your behavior across different mobile applications follow the below instructions, for iOS and Android devices:
  • iOS 7 or Higher: Go to your Settings > Select Privacy > Select Advertising > Enable the “Limit Ad Tracking” setting; and
  • For Android devices with OS 2.2 or higher and Google Play Services version 4.0 or higher: Open your Google Settings app > Select Ads > Enable “Opt out of interest-based advertising”.
• Industry Opt-Out Tools and Self-Regulation:
  • We adhere to the Network Advertising Initiative (NAI) Code of Conduct. You may use the NAI opt-out tool here, which will allow you to opt-out of seeing personalized ads from us and from other NAI approved member companies.
  • We also comply with the Self-Regulatory Principles for Online Behavioral Advertising as managed by the Digital Advertising Alliance (DAA). You may opt-out of receiving personalized ads from other companies that perform ad targeting services, including some that we may work with as Advertising Partners via the DAA website here.
  • We also comply with the Canadian Self-regulatory Principles for Online Behavioral Advertising as managed by the Digital Advertising Alliance of Canada (DAAC). You may opt-out of receiving personalized ads from other companies that perform ad targeting services, including some that we may work with as Advertising Partners via the DAAC website here.
  • Finally, we also adhere to the European Interactive Advertising Digital Alliance (EDAA) guidelines for online advertising and you may opt-out via their ”Your Online Choices” website here.
• Note to Safari Users. When you opt-out on a browser, we, other advertising platforms, and other third parties, generally place a cookie on your browser instructing us not to use your other online behaviors to customize the ads you see. However, if you are using a Safari browser, opt-out cookies that are set for purposes of restricting this type of advertising may be deleted prior to their intended expiration date; we have no control over these browser controls or cookie deletions.
• Do Not Track Disclosure: Some internet browsers allow users to send a “Do Not Track” signal to websites they visit. We do not respond to this signal at the present time.
• Reminder to Users Residing in a European Territory: If you are located in a European Territory you will also have additional data protection rights. These are described under the “Information for European Territory Residents: Our Legal Basis and Your Rights” section below.

7. DATA RETENTION

CRM Data: We are processors of CRM data that we hold, such as email address lists. We retain this CRM Data until the user asks us to delete this data.

Mobile Identifiers and Cookie Identifiers: Cookie identifiers we collect expire (and are then deleted) 13 months from the last time your device accessed a Digital Property using our technology. If you visit another Digital Property that uses our technology inside that 13-month expiry period, then the expiry period will be reset and measured from that date instead. The expiration period for mobile identifiers is controlled by the end-user on their own device.

Personal Data Associated with Mobile and Cookie Identifiers Related to Browsing History: We delete personal data associated with mobile and cookie identifiers after 12 months. For example, data such as an Advertiser’s website you visited or ads that you may have clicked.

Personal Data Associated with Real Time Bids: Data logged for a particular submitted bid or a received real time bid request (including cookie identifiers, mobile identifiers, the advertisable bid on, and the advertisable won or displayed to the end-user) are deleted after 30 days.

Personal Data Associated with the Display of an Advertisable: Data logged for the display of an advertisable (including cookie identifiers, the advertisable won or displayed to the end user as well as data indicated whether an end user clicked on the particular advertisable displayed) are deleted after 12 months.

8. SECURITY

We apply technical, administrative and organizational security measures to protect the personal data we collect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against other unlawful forms of processing.

9. INTERNATIONAL TRANSFERS

We may transfer the information we collect about you to countries (including the United States of America) other than the country where we originally collected it for the purposes of storage and processing of data and operating our services. In general, these countries will be the countries in which we, our Advertisers, or our or their service providers operate.

Those countries may not have the same data protection laws as your country. However, when we transfer your information to other countries, we will protect that information as described in this Privacy Notice and take steps, where necessary, to ensure that international transfers comply with applicable laws.

10. INFORMATION FOR EUROPEAN TERRITORY RESIDENTS: OUR LEGAL BASIS AND YOUR RIGHTS

Our Legal Basis: If you interact with our services from the European Territories, our legal basis for collecting and using the personal data described above will depend on the personal information concerned and the specific context in which we collect it. “European Territories” means the European Economic Area and Switzerland. For the purpose of this Privacy Notice, the term “European Territories” shall continue to include the United Kingdom, even after the United Kingdom leaves the European Economic Area following Brexit.

• We will normally collect personal data from you where the processing is in our legitimate business interests to do so. For example, to administer our platforms and services and fulfil our contractual obligations as a service provider.
• In some cases we may collect and process personal data based on consent.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, including if you would like to better understand how our legitimate interests to process your data are balanced against your data protection rights and freedoms, then please contact us using the contact details provided under the “Contact Us” heading below.

Your Enhanced Privacy Rights: In addition, if you are a resident of a European Territory, you have the following enhanced rights under EU data protection law:

• If you wish to access, correct, update or request deletion of your personal information, you can contact us using the contact details provided in the “Contact Us About Questions or Concerns” section below.
• You can object to processing of your personal information, and/or ask us to restrict processing of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “Contact us about questions or concerns” heading below.
• Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent. Specifically, you can withdraw consent for us or our partners to drop cookies by refusing consent for Northern Heat Rib Series when you see a “consent banner” on a publisher or advertiser site which lists Northern Heat Rib Series as a vendor.
• You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Territories are available here.) However, if you have any questions about our collection and use of your personal information, we encourage you to contact us first through our marketing partner info@erringtonmktg.com.
• Please note that we have no direct relationship with the individuals whose personal data we process on behalf of our clients and partners. Where we act as a processor for our clients and partners (for example, when we handle our clients’ CRM data solely to provide them services), you should direct any requests to access, correct, update, or delete your personal data to the respective client or partner. We will respond to any requests by a client or partner to provide assistance with such requests within 30 days.

11. CHANGES TO THIS PRIVACY NOTICE

Changes to this Privacy Notice will be posted on this page. If we make a material change to our privacy practices, we will provide notice on the site or by other means as appropriate.

If we are required by applicable data protection laws to obtain your consent to any material changes before they come into effect, then we will do so in accordance with law.