Fyllo (“we,” “our,” “us”) provides a variety of consumer data, marketing analytics, and related products and services designed to help our business customers (“customers”), and companies that work with them, to market their goods and services in a relevant and efficient way (the “Services”). This Privacy Notice explains how Fyllo collects and uses your personal data (“personal data”) and your rights and choices regarding your personal data. When we say “you” we are referring to individuals whose personal data may be included in our Services.
Our Services are principally employed by our customers for digital marketing (including mobile, CTV, and other digital channels), but may also be used for direct mail, email, and other marketing channels. We take seriously the privacy interests of the consumers whose information we handle and maintain in our database. We provide this Privacy Notice (“Privacy Notice”) to explain how we collect, use and manage your personal data, and your choices regarding how your personal data is used.
Regardless of your state of residence, you may opt-out of having your personal data used to market to you as described in Section 5. Residents of certain U.S. states have additional privacy rights as described in Section 6. Specifically, the California Consumer Privacy Act, as amended (“CCPA”) provides certain rights to residents of California. Other states’ laws (upon becoming effective) provide similar (though not identical) rights to their own residents – including residents of Colorado, Connecticut, Utah and Virginia (together with the CCPA, the “State Privacy Laws” and the “Applicable State Residents”). The particular scope and nature of the rights available to Applicable State Residents vary in each state, so we have sought to explain these rights in the most transparent and uniform terms, below.
This Privacy Notice applies only to Services offered in North America by our Fyllo-branded divisions. For Services offered by our Semasio-branded division (“Semasio”), which operates globally, please visit the Semasio Privacy Notice. We sometimes provide personal data we collect to Semasio, for Semasio to use on the Semasio platform as further described in Semasio’s privacy notice, and we sometimes receive personal data from Semasio in order to enrich our own datasets as described in this Privacy Notice.
Please note that this Privacy Notice does not apply to your personal data when we act as a service provider or processor on our customers’ behalf. When we are in this role, our customers decide how and why your personal data should be used. Information about when we act as a service provider or processor is set forth in Section 7 below.
We also operate corporate websites, designed for our own customers and prospective customers, and others who want to learn about our Services. We address the personal data we collect on our corporate website and other personal data we collect for other business-to-business purposes (such as information we use to communicate with our customers, and potential customers) in our Corporate Privacy Policy.
In order to provide our Services, we receive personal data from various third-party sources, including retailers, ecommerce providers, third party websites and apps, public sources, and other data compilers. The personal data often includes various identifying and demographic information about consumers, such as:
The personal data in our databases has been converted to pseudonymous identifiers (e.g. “12345” or “abcde”) which enables us to combine personal data from various sources linked to you, including to develop inferences. For instance, if a household is in a particularly wealthy area, we might infer a particular income range, or if a person is a frequent purchaser of certain products we might infer that they might be interested in related products.
We do not knowingly collect personal data of individuals under the age of 18 (“minors”) and our Services are not intended to be directed at minors. If you are a parent or guardian and believe we have collected personal data of minors, please contact us at privacy@hellofyllo.com. If we learn we have inadvertently collected such data, we will promptly delete the data.
Depending on how you interact with us, we may collect the categories of personal data about you from the categories of sources summarized in the table below. The following table also describes how we collect and use such categories of personal data.
Category
Business Purpose
Categories of Sources
Identifiers
E.g., hashed email addresses, mobile ad identifiers; IP addresses, other online identifiers"
Creation of Audience Segments and consumer insights for digital and other advertising purposes.
Commercial or transactions information
E.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
Creation of Audience Segments and consumer insights for digital and other advertising purposes.
Internet or other electronic network activity information
E.g., browsing history; online interests
Creation of Audience Segments and consumer insights for digital and other advertising purposes.
Imprecise geolocation data
E.g., zip code
Creation of Audience Segments and consumer insights for digital and other advertising purposes.
Professional or employment-related information
E.g., current or past job history or job title
Creation of Audience Segments and consumer insights for digital and other advertising purposes.
Inference Data
E.g., consumer information, lifestyle or purchasing preferences
Creation of Audience Segments and consumer insights for digital and other advertising purposes.
Characteristics of protected classifications under California or other US law (inferred or actual, including self-reported)
E.g., race; color; sex/gender; marital status; military or veteran status; national origin; ancestry; age (over 40) (may be inferred, actual or self-reported)
Creation of Audience Segments and consumer insights for digital and other advertising purposes.
We use personal data for various business purposes as summarized in the chart above and as set forth in more detail in this Section 2.
As Part of Our Services:
Fyllo may disclose your personal data with our customers, including advertisers, agencies, data providers, marketing services providers and platforms, as well as service providers that help us provide the Services we’ve described above (or other Services we may add in the future).
This includes disclosing your personal data in the following ways:
For Applicable State Residents in jurisdictions where the State Privacy Laws apply, we may disclose or sell or share (as those terms are defined under the State Privacy Laws), the personal data collected from and about you as discussed above for various business purposes, with service providers and with third parties including our customers, advertising platforms, and those advertising platforms’ customers. These business purposes often involve cross-context behavioral advertising, also known as targeted advertising under certain State Privacy Laws. The chart below describes how and with whom we disclose or sell or share personal data, and whether (based on the definition of sell or share in the State Privacy Laws) we believe we have sold or shared a particular category of personal data in the prior 12 months. “Sharing” personal data includes using (or permitting others to use) the personal data we collect for cross-context behavioral advertising or targeted advertising. (In our case – including because we often earn money in exchange for making available personal data for such advertising purposes – we’re typically involved in both a sale and share of that personal data.)
For transparency, we’ve been deliberately inclusive in our terminology in the chart below, by including within categories both types of third parties (e.g., “retailers”) and types of platforms through which those third parties might access data (e.g., “advertising networks”).
Category
Categories of Third Parties We May Share With
Whether We “Sold” or “Shared” This Category of personal data in the Last 12 Months
Identifiers
E.g., hashed email addresses, mobile ad identifiers; IP addresses, other online identifiers
Yes
Commercial or transactions information
E.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Yes
Internet or other electronic network activity information
E.g., browsing history; online interests.
Yes
Professional or employment-related information
E.g., current or past job history or job title.
Yes
Inference Data
E.g., consumer information, lifestyle or purchasing preferences
Yes
Characteristics of protected classifications under California or US law (inferenced or actual)
E.g., race; color; sex/gender; marital status; military or veteran status; national origin; ancestry; age (over 40) (may be inferred, actual or self-reported)
Yes
There are multiple ways you can opt-out of having your personal data used to market to you:
This section describes how to exercise those rights and our process for handling those requests. (To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.) We may withhold these rights to the extent that the law in your state of residence does not recognize or no longer recognizes these rights.
A. Right to request access to or correction of your personal data
Applicable State Residents have the right to request that we disclose what categories of your personal data that we collect, use, or sell. You may also request the specific pieces of personal data that we have collected from you. However, we may withhold some personal data where the risk to you or our business is too great to disclose the personal data. You also may request correction of your personal data, such as if you believe we have incorrect personal data pertaining to you in connection with our Services governed under this Privacy Notice.
B. Right to request deletion of your personal data
Applicable State Residents may also request that we delete any personal data that we collected from you, such as if you have been a customer of ours. (Note that this is different from your right to “opt out” of us selling your personal data, which is described below; also note that we do not generally collect personal data directly from consumers.) We may in such cases retain personal data for certain important purposes, such as (a) to protect our business, systems, and users from fraudulent activity, (b) to address technical issues that impair existing functionality (such as de-bugging purposes), (c) as necessary for us, or others, to exercise their free speech or other rights, (d) to comply with law enforcement requests pursuant to lawful process, (e) for scientific or historical research, (f) for our own internal purposes reasonably related to your relationship with us, or to comply with legal obligations. Additionally, we need certain types of personal data so that we can provide our Services to you. If you ask us to delete it, you may no longer be able to access or use our Services.
C. Opting out of the sale of your personal data, or use of your personal data for targeted advertising (also called a “share” or “cross-context behavioral advertising” in California)
Applicable State Residents may opt out of the “sale” of their personal data. Certain state laws broadly define what constitutes a “sale” – including in the definition making available a wide variety of personal data in exchange for “valuable consideration” which does not need to include an exchange of money.
Depending what personal data we have about you, and whether we have included any of it in our Services, we may have sold certain categories of personal data about you in the last 12 months, as described in the above table in Section 4, titled Our disclosure, share and sale of personal data under the State Privacy Laws. If you would like to opt out of us selling your personal data, you may do so here. If you opt-out in this way, we will also cease sharing your personal data for purposes of targeted advertising – also called a “share” of personal data under California law.
E. How to exercise your access, opt-out, deletion and correction rights
Applicable State Residents may exercise their state privacy rights by submitting their removal request to privacy@hellofyllo.com or by contacting us toll-free at 872-264-6596.
For security purposes (and as required under certain state laws), we will verify your identity – in part by requesting certain information from you — when you request to exercise your “deletion” “correction” or “access” rights. For instance, if you request categories or specific pieces of personal data we have received about you, you may need to confirm your possession of an identifier (such as an email address) or to provide a piece of identification that confirms you are the person you claim to be.
Once we have verified your identity, we will respond to your access or deletion request as appropriate:
If we are unable to complete your requests fully for any of the reasons above, we will provide you the reasons we could not comply with your request.
E. Right to nondiscrimination
We will not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights.
G. Authorized agents
Under certain State Privacy Laws, you may also designate an agent to make requests to exercise your rights under the State Privacy Laws as described above. We will take steps both to verify the identity of the person seeking to exercise their rights as listed above, and to verify that your agent has been authorized to make a request on your behalf through providing us with a signed written authorization or a copy of a legally sufficient power of attorney, depending upon the request made. We likewise may require that you verify your own identity, depending on the type of request you make.
Sometimes, we act only as a “service provider” or “processor” to our customers, when they provide or otherwise make available personal data to us solely to use on their behalf as part of our marketing services or data management tools, including for the use cases in this Section 7, in which case your privacy requests must be made through that customer.
We act as a service provider in providing media buying services to advertisers. For these services, the advertisers provide us direction for their campaigns and determine how to engage with their own customers and potential customers. Advertisers may decide to share personal data with third party platforms for various advertising purposes, including via tags or pixels on the advertiser’s websites or advertisements. In managing the advertiser’s campaigns on third party platforms, personal data is not stored in our databases and any access we have to personal data for the advertiser’s campaigns is governed by our service agreements with our advertisers and not this Privacy Notice. We are not responsible for our advertisers’ data practices and recommend that you review their privacy notices.
If you wish to exercise privacy rights available to you in connection with personal data we process as a service provider on behalf of our customers, please contact the customer directly. You may also provide the name of the customer to us. If we are able to confirm that we provide applicable services to that customer, we will forward your requests to the named customer, where feasible. We will assist our customers as required under applicable law.
This Privacy Notice may provide links to other websites that we think users will find interesting or useful. We are not responsible for the privacy practices of these other sites or companies.
We retain personal data as a “business” or “controller” under applicable State Privacy Laws so long as it is relevant and useful for purposes of our Services or we have a legal or compliance reason to do so, and provided the personal data is not subject to a valid request for deletion. (We may retain personal data after deletion where legally permitted or required for a legal compliance, auditing or accounting reason.)
We take steps to help ensure that the data we possess is housed and transmitted securely. This may include various types of physical and electronic security, including firewall protections, encryption, hashing or truncation of data, and access controls to personal data. However, neither we nor any platform can guarantee 100 percent safety from hacks or illegal intrusion, even though we employ efforts designed to ensure that this does not occur.
From time to time, we may update this Privacy Notice. Any changes will be effective when it is posted to our website. Please check back to learn of any changes to this Privacy Notice.
Fyllo has a designated privacy contact. If you have questions related to this Privacy Notice, or regarding our products or services, please contact us:
Privacy Officer
Fyllo, Inc.
Email: privacy@hellofyllo.com
We appreciate your comments and questions regarding Fyllo’s privacy practices.