Privacy Policy
Last revised: October 02, 2024
OVERVIEW
This privacy policy (“Policy”) applies to all visitors, users, and others who use the Company’s website and services (“consumers” or “you”). Closed Loop Marketing, Inc. (“Closed Loop” or “we”) collects, uses and shares personal information of users of the Closed Loop services and website www.closedloop.com (the “Site”). This Policy also applies to any of Closed Loop’s other websites that post this Policy. This Policy does not apply to websites that post different statements. We adopt this Policy to comply with the California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2020, as amended (CCPA, CPRA), and any terms defined in the CCPA, and or CPRA, have the same meaning when used in this Policy.
NOTICE AT COLLECTION
Under the CCPA, and or CPRA, a certain notice is required when your Personal Information is collected (the “Notice at Collection”). Our Notice at Collection is comprised of the following provisions:
The categories of Personal Information collected from or about you: Information We Collect
The purposes (why we collect this Personal Information): Use of Personal Information
Our disclosures regarding the sharing of your Personal Information: Disclosing Personal Information
INFORMATION WE COLLECT
We collect and use information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“Personal Information”). Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s or CPRA’s scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
In particular, we have collected the following categories of Personal Information from consumers within the last twelve (12) months:
Category | Examples of Information Under this Category | Collected | Retention Period |
---|---|---|---|
A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. | We collect and use Personal Information within this category. | For as long as the Company has a business need or is legally required to maintain such information. |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | We collect and use Personal Information within this category. | For as long as the Company has a business need or is legally required to maintain such information. |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | We collect and use Personal Information within this category. | For as long as the Company has a business need or is legally required to maintain such information. |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | We collect and use Personal Information within this category. | For as long as the Company has a business need or is legally required to maintain such information. |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | We do not collect or use Personal Information within this category. | For as long as the Company has a business need or is legally required to maintain such information. |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | We collect and use Personal Information within this category. | For as long as the Company has a business need or is legally required to maintain such information. |
G. Geolocation data. | Physical location or movements. | We do not collect or use Personal Information within this category. | For as long as the Company has a business need or is legally required to maintain such information. |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | We do not collect or use Personal Information within this category. | For as long as the Company has a business need or is legally required to maintain such information. |
I. Professional or employment-related information. | Current or past job history or performance evaluations. | We collect and use Personal Information within this category. | For as long as the Company has a business need or is legally required to maintain such information. |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | We do not collect or use Personal Information within this category. | For as long as the Company has a business need or is legally required to maintain such information. |
K. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | We do not collect or use Personal Information within this category. | For as long as the Company has a business need or is legally required to maintain such information. |
L. Sensitive Personal Information means certain types of Personal Information, such as: | Social security, driver’s license, state identification card, or passport number, account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, precise geolocation, including any data that is derived from a device and that is used or intended to be used to locate a consumer within a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet, except as prescribed by regulations, racial or ethnic origin, religious or philosophical beliefs, or union membership, the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication, genetic data. | We do not collect or use Personal Information within this category. | For as long as the Company has a business need or is legally required to maintain such information. |
HOW WE COLLECT PERSONAL INFORMATION
In the past twelve (12) months, we have used the following methods to collect information from you and about you:
- Information You Give Us Directly. We collect the following information and other information you directly give us such as: name, company name, e-mail address and phone number.
- Information We Get from Others. We may get information about you from other sources. We may add this to information we collect from or about you. In particular, we use Google account credentials from you so we can access data in your Google Ads™ account, and we may collect other account credentials for similar services in order to access data related to those services.
- Information we obtain using these credentials includes: cost, campaigns, ad groups, ads, impressions, clicks, screenshots, destination URLs, cost per conversion, conversion rate, status, destination URLs, conversions, dates, average position, and other information relating to your ad accounts and the performance of websites for which you use the Closed Loop service.
- Information Automatically Collected. We automatically log information about you and your computer. For example, when visiting our Site, we log information about your use of and actions on our Site.
- Cookies. We may log information using “cookies” as further described in our Cookie Policy.
- Security Information. We may also collect certain standard information about your computer for security and identification purposes. This information may include: IP addresses, domain names, access times, browser type and browser version, cookies, and other unique identifying information of machines that have our software downloaded and installed on them. This information is used for the operation of the service, to identify and protect our customers and to control unauthorized use or abuse of our services.
- Web Analytics. We continuously improve the Site and utilize different internal and third-party web analytical tools to help us do so. We are interested in how visitors use the Site, what they like and dislike, and where they have problems. These tools may gather data such as what browser a person uses, what operating systems are used, what is downloaded, and what content, products and services are reviewed when visiting or registering for services on our Site. This information is used solely to assist Closed Loop in maintaining a more effective and useful Site. We, or our third-party service providers acting on our behalf, collect and track information including aggregate traffic patterns, domain names, browser types, MIME types and web pages visited before coming to our Site. To increase functionality and enhance your user experience, this information may sometimes be correlated with personal information about individual users.
- Links to other sites. The Site may contain links to other websites that are not owned or controlled by Closed Loop. The linked websites may have their own privacy policies which we strongly suggest you review. To the extent such websites are not owned or controlled by Closed Loop, we are not responsible for the websites’ content or privacy practices, or for any use of the websites.
- We do not use automated technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking).
USE OF PERSONAL INFORMATION
We use your personal information in performance of Closed Loop’s services, including, without limitation, for account verification, accessing websites and other information necessary to provide services. We may use your personal information to communicate with you regarding your services and to send you periodic newsletters, offers and usage tips. You may opt out of promotional emails at any time but may still receive communications related to your use of Closed Loop services and Site, such as service updates and other communications necessary for us to provide services to you.
We may use information we obtain through the Site in other ways for which we provide specific notice at the time of collection.
DISCLOSING PERSONAL INFORMATION
We may disclose your personal information to a third party for a business purpose, such as:
- with our service providers who perform functions on our behalf or for us. Examples include sending postal mail and email, analyzing data, and providing marketing assistance and customer service. These service providers are not authorized by us to use or disclose personal information except as needed to perform their functions or comply with legal requirements, and they may not use it for any other purpose.
- when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed personal information for a business purpose to the following categories of third parties: service providers.
We do not Sell your Personal Information or Share any Personal Information for cross-context behavioral advertising with any Third Party (as such capitalized terms are defined by California privacy laws), and we have not Sold (or Shared for cross-context behavioral advertising) any Personal Information in the preceding twelve (12) months.
We may disclose your personal information for legal, protection, and safety purposes: to comply with laws; to lawful requests and legal processes; to protect the rights and property of Closed Loop, our agents, customers, and others, including enforcing our agreements, policies, and terms of use; and in an emergency, including protecting the safety of our employees and agents, our customers, or any person.
We may share personal information with your consent. For example, you may let us share personal information with others for their own marketing uses. Those uses will be subject to their privacy policies. By using the Site and the Closed Loop service, you are deemed to give your consent to use the information you provide to perform those services.
We do not use automated technologies to collect information about your online activities over time and across third-party websites or other online services to provide targeted advertising and therefore do not respond to Do Not Track (DNT) signals.
We may also disclose deidentified, aggregated, and/or anonymized data for any reason.
YOUR RIGHTS AND CHOICES UNDER CALIFORNIA LAW
Under California law, consumers have certain rights regarding their personal information. This section describes your rights and explains how to exercise those rights by submitting a consumer request (“Consumer Request”). Please note, we will seek to verify your identity when we receive a consumer request from you in order to ensure the security of your Personal Information. In some instances where we are acting as a “service provider” we may direct consumer requests to the business who holds your Personal Information.
- Access to Specific Information and Data Portability Rights
You have the right to request that the Company disclose certain or all of the following information to you about our collection and use of your Personal Information over the past twelve (12) months. Once we receive a verifiable Consumer Request, we will be able to disclose to you the specific pieces of Personal Information we collected about you (also may be called a data portability request).
- Deletion Request Rights
You have the right to request that we delete any or all of your Personal Information that we collected from and about you, subject to certain statutory exceptions. Once we receive a verifiable Consumer Request, we will identify the Personal Information, confirm that you want that Personal Information deleted, and then delete (and notify our service providers to delete) your Personal Information from our records, unless an exception applies.
- Right to Correct
You have the right to request inaccurate Personal Information be corrected.
- Right to Restrict Sensitive Personal Information Processing
You have the right to restrict how your Sensitive Personal Information is used and disclosed, subject to certain uses permitted by California law (such as, the use necessary for the performance of services, use to ensure security and integrity).
- Non-Discrimination
We will not discriminate against you for exercising any of your legal rights regarding your Personal Information, unless permitted by law. We will not take any of the following actions solely because you chose to exercise any of your legal rights regarding your Personal Information:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties.
- Provide you a different level or qualify of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
- Disclosures for Direct Marketing
California Civil Code Section § 1798.83 permits users of our Services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please email us at the address listed in the Contact Information section below.
How to Submit a Consumer Request
To exercise your rights, please submit a Consumer Request to the contact information below. The Consumer Request must describe the request with sufficient detail that allows us to properly understand, evaluate and respond to it. Please specify if your Consumer Request pertains to all specific pieces of your Personal Information, or only with respect to the categories of Personal Information. You may only make a Consumer Request for access or data portability twice within a twelve (12) month period.
SECURITY OF YOUR PERSONAL INFORMATION.
We take reasonable steps to help protect personal information from unauthorized access, use, alteration and disclosure, such as following industry standard guidelines such as ISO27k, NIST 800-53, and other applicable standards. However, transmission of data via the internet is not completely secure so transmission of your personal information is at your own risk. We are also not responsible for circumvention of any privacy settings or security measures contained on the Site.
CHANGES TO THIS PRIVACY POLICY.
We may change this Policy at our discretion and at any time. If we make any changes, we will post the updated Policy on our website and change the revision date above. Your continued use of the Site following the posting of changes constitutes your acceptance of such changes.
ACCESSIBILITY.
Individuals who would like to request a copy of the privacy policy in an accessible format should contact us via one of the methods below.
CONTACT INFORMATION.
We welcome your comments or questions about this privacy policy. You may contact us via email at privacy@closedlooop.com or by writing to us at:
Closed Loop Marketing, Inc.
Attn: Closed Loop Privacy Policy
970 Reserve Dr, Suite 206
Roseville, CA 95678
GDPR PRIVACY NOTICE
Last Revised/Reviewed: October 02, 2024
This GDPR Privacy Notice includes additional notices regarding Closed Loop’s (the “Organization”) data processing practices and describes your privacy rights under the European Union’s General Data Protection Regulations 2016/679 (“GDPR”). This Notice, together with Closed Loop’s Privacy Policy (collectively referred to as Organization’s “GDPR Privacy Policy”), explains how we collect information about you online when you visit any Organization websites or services (the “Services”) and how we will protect, use and share that information for individuals in the EU. Capitalized terms not defined herein are given the meanings provided in the Organization Privacy Policy.
Please read the Organization’s GDPR Privacy Policy carefully to understand our policies and practices regarding your personal data if you are in the EU. If you do not agree with the GDPR Privacy Policy, your choice is to not use any of the Organization’s Services because we will not be able to provide the services to you. By accessing or using the Organization Websites, you agree to the Organization’s GDPR Privacy Policy.
IMPORTANT INFORMATION AND WHO WE ARE
Closed Loop is the processor in certain contexts and is either wholly or partially responsible for the services provided to controllers. When we mention Organization, “we”, “us” or “our” in this GDPR Privacy Notice, we are referring to Closed Loop Marketing, Inc. which is the organization responsible for processing your data.
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this GDPR Privacy Notice. If you have any questions about this GDPR Privacy Notice, including any requests to exercise your legal rights, please contact our data privacy manager at the following address: privacy@closedlooop.com.
Individuals located in the EEA have the right to make a complaint at any time to the appropriate EU supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.
OUR PURPOSES FOR USING YOUR PERSONAL DATA
Below we describe all the ways we plan to use your Personal Data, and the legal basis applicable to processing your Personal Data. We may process your Personal Data for more than one lawful ground depending on the specific purposes for which we are using your Personal Data. Please contact us if you need details about the specific legal ground we are relying on to process your Personal Data where more than one ground has been set out in the table below:
Purpose/Activity | Type of Data | Lawful basis for processing (including the basis of legitimate interest if applicable) | Data Retention Period |
To register you as a new member |
| Performance of a contract with you | For as long as the Organization has a business need to maintain/use such information. |
To process and deliver services including: (1) managing payments, fees and charges; and (2) collecting and recovering money owed to us. |
| (1) Performance of a contract with you. (2) Necessary for our legitimate interests (to recover debts due to us). | For as long as the Organization has a business need to maintain/use such information. |
To manage our relationship with you which will include: (1) notifying you about changes to our policies or terms of use; (2) asking you to leave a review or take a survey. |
| (1) Performance of a contract with you. (2) Necessary to comply with a legal obligation. (3) Necessary for our legitimate interests (to keep our records updated and to study how users use our services and the Organization Websites.) | For as long as the Organization has a business need to maintain/use such information. |
To administer and protect our business and the Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data). |
| (1) Performance of a contract with you. (2) Necessary for our legitimate interests (to study how users use our services, to develop them, to grow our business and inform our marketing strategy.) | For as long as the Organization has a business need to maintain/use such information. |
To deliver relevant content via the Services and advertisements to you and measure or understand the effectiveness of the advertising we serve to you. |
| Necessary for our legitimate interests (to study how users use our services, to develop them, to grow our business and to inform our marketing strategy.) | For as long as the Organization has a business need to maintain/use such information. |
To use data analytics to improve the Services, products, marketing, and user experiences. |
| Necessary for our legitimate interests (to define types of users of our services, to keep the Organization Websites and services updated and relevant, to develop our business and inform our marketing strategy.) | For as long as the Organization has a business need to maintain/use such information. |
To make suggestions and recommendations to you about goods and services that may be of interest to you. |
| Necessary for our legitimate interests (to develop our services and grow our business.) | For as long as the Organization has a business need to maintain/use such information. |
*Legitimate Interest means the interest of Organization’s business activities in conducting and managing our organization to give you the best service/products and the most secure experience. We make sure we consider and balance any potential impact on you, both positive and negative, and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you, unless we have your consent or are otherwise required or permitted by law. You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting the Data Privacy Manager at the address provided above.
YOUR LEGAL RIGHTS UNDER THE GDPR
Under certain circumstances, you have rights under data protection laws regarding your Personal Data. Each of the rights is summarized below.
- Request Access to Your Personal Data. You have the right to be informed of the Personal Data we hold about you and why and how we have it. You may also request certain information regarding Organization’s disclosure of Personal Data to third parties for their direct marketing purposes.
- Request Correction of Your Personal Data. You have the right to request corrections to inaccurate or incomplete Personal Data although we will need to verify the accuracy of the new data you provide to us. We may not be able to accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
- Request Deletion of Your Personal Data. You have the right to have your Personal Data deleted if there is no good reason for us to continue to process it. You also have the right to ask us to delete/erase your Personal Data where you have successfully exercised your right to object to its processing (see below), where we may have processed your information unlawfully or where we are required to delete your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of deletion for specific legal reasons which will be provided to you, if applicable, when evaluating your request. By requesting that we delete your Personal Data, we may keep anonymized or de-identified statistical data that is not connected to your identity.
- Object to Processing of Your Personal Data. You have the right to object to the processing of your Personal Data where we have justified the data processing on the basis of our legitimate interests and there is something about your particular situation which makes you feel the processing impacts your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
- Request Restriction of Processing Your Personal Data. You have the right to restrict the processing of your Personal Data if: the accuracy of the data is being contested for as long as it takes to verify that accuracy; the processing is unlawful and you request restriction of processing (rather than deletion of the data); we no longer need the data for its original purpose but you would like us to hold the data because you need it to establish, exercise, or defend legal rights; or, you have objected to our use of your Personal Data but we need to verify whether we have overriding legitimate interests to use it.
- Request Transfer of Your Personal Data. You have the right to request the transfer of your Personal Data to you or a third party. We will provide you, or a third party you designate, your Personal Data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Right to Withdraw Consent. You have the right to withdraw your consent to the processing of your Personal Data where we are relying on consent to process it. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case when reviewing your request to withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us at the address provided above. You will not have to pay a fee to access your Personal Data or to exercise any of the other rights. Alternatively, we may refuse to comply with your request in such circumstances. Also, the exercise of some rights will prevent our ability to provide services to you, and if this is the case, we will explain this to you when you submit your request to us.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data or to exercise any of your other rights. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month after the request is received. Occasionally it may take us longer than a month if your request is particularly complex or you have submitted several requests. In this case, we will notify you and keep you updated.