Rokt Calendar Privacy Policy

This Privacy Policy (“Privacy Policy”) explains how Rokt Reply Corp. (“Rokt”) collects and uses Personal Information (defined below) on behalf of our clients (“Partners” or, individually, a “Partner”) who contract with Rokt to provide those Partners access and use of the Rokt Calendar services and other related services (the “Services”) and sets out the basis on which Personal Information will be processed by Rokt.

This document aims to provide concise, transparent, intelligible and easily accessible information – please read it.

This Privacy Policy applies to “Personal Data,” which is information about you that is associated with an identified or identifiable natural person and is protected as personal data or personal information under applicable data protection law. Personal information includes contact information (e.g. email address, telephone number), online information (e.g. IP addresses, device identifiers), and other data which can be used individually or in combination with other data to identify an individual (such as gender, marital status, age, postcode). Partners, and not Rokt, determine how and why Personal Information submitted to the Service is used, either by or at your direction. With respect to such Personal Data, (1) Rokt is a “data processor” (“Data Processor”) under the EU General Data Protection Regulation (“GDPR”) and a “service provider” under the California Consumer Privacy Act (“CCPA”), and (2) Partners are the controllers under GDPR (“Data Controller”). This Privacy Policy describes how Rokt processes Personal Information as a Data Processor for the purpose of providing the Services to our Partners pursuant to the applicable data processing terms with those Partners. As Data Controllers, Rokt’s Partners are responsible for disclosing the rights of individuals with respect to your Personal Information and other information regarding the collection and use of that Personal Data, in accordance with the GDPR, CCPA, and other laws requiring such disclosures.

Rokt’s Commitment to Privacy

Rokt takes your privacy very seriously and is committed to protecting it, as well as securing the data entrusted to us by Partners and you. We understand that you will only engage with Rokt and use our Services if you (and our Partners) can trust us to protect your Personal Information and use it appropriately. For more information on how we secure your data, see ‘Information Security Safeguards’, below.

Personal Information collected on behalf of Partners as part of the Services

When you engage with the Services, we record your subscriber activity, device, and sometimes information about your computer or access device. This may include usage data about your interactions, including device information and website analytics information retrieved from your device/web browser, such as device profile, IP address, browser type/version, language preferences, access times, referring Partner website, your general geographic area based on IP address. We use this data on behalf of our Partners to better optimize the Services for you and other subscribers.

When you access web pages where you engage with the Services through a Partner, Rokt may collect log file information. Log file information is automatically reported by your browser each time you access a web page. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, and other such information. When you register with or view our site, our servers automatically record certain information that your web browser sends whenever you visit any website.

When you accept an Offer by registering for Rokt Calendar through a Partner, the Partner may opt to collect and store your email address. Additional information from or about you may also be collected in other ways, including responses to customer surveys or your communications with our customer service team.

In order to provide the Services, we process the data described in the prior section on the basis of legitimate business interests.

The legitimate business interests referred to above, which have been balanced against the rights and freedoms of data subjects and their reasonable expectations, include:

  • ensuring website safety by ensuring Offers presented to users are age-appropriate and shown only to their intended audience (e.g. not to children); the provision and use of website analytics and conversion tracking tools to assess the transaction attributes to optimize future marketing campaigns and future marketing strategy;
  • the provision of customer and email management software services allowing customers to effectively subscribe or unsubscribe to offers or publications that may be of interest or value to them;
  • validating users to verify the accuracy of customer data and to reduce fraudulent signups;
  • creating and retaining evidential records to validate the provision of consent to sending emails or direct marketing;
  • using limited data sets for suppression purposes to prevent further unwanted processing for users who have either (a) objected to direct marketing or (b) have exercised their right to erasure (in respect of Personal Information provided by them), if applicable.

Note you have a right to object to processing on the above basis – see below under ‘Your rights in relation to your Personal Information’.

Rokt discloses your Personal Information to Partners on the basis of your express consent. When you enter your email address or other Personal Information to accept an Offer, we will provide this Personal Information to the Partner or third-party subprocessors/service providers for the purpose of fulfilling your request.

Use and Disclosure of Your Personal Information

The following subsections detail how your Personal Information is used by Rokt (i.e. for what purpose), as well as the basis on which we disclose information to Partners and other third-party processors.

(i) Use of Personal Information by Rokt

We use your Personal Information for purposes including:

  • providing, maintaining, protecting, and improving our technology, products and services,
  • monitoring the effectiveness of our Services;
  • disclosing the information to Partners as set out in the sub-section (iii) below;
  • sending you confirmation messages, further details messages and follow-up reminders related to your acceptance of Offer(s), including Calendar subscriptions that you have signed up to, via the applicable or appropriate medium including email, SMS, or communicating with you at the telephone number provided or confirmed (which may include using an automatic telephone dialing system or pre-recorded message), on our own behalf and on behalf of Partners;
  • maintaining appropriate legal or business records;
  • enabling us to conduct customer research and develop new services;
  • validating the information you provide to us;
  • to protect our rights, property or safety, our users and employees, or any third-party (incl. Partners); and
  • complying with applicable laws and regulations.

We may state a more specific additional purpose when we collect your Personal Information.

(ii) Disclosure of Your Personal Information to Partners

Our use of your Personal Information also includes Rokt disclosing your Personal Information (including email address) when you engage with the Offer while on the Partner’s site, including by swiping or clicking on an Offer, even where this information is not directly displayed on screen.

Electronic Communications – Where a Partner has made an Offer, and you indicate that you wish to accept it (including by swiping and clicking), we disclose your Personal Information to the Partner so that any Offers may be fulfilled by them, and so they may provide further information associated with such Offers to you via the applicable or appropriate medium (including email or SMS). That information is provided to such party for the purpose of fulfilling the Offer, or other purpose explicitly disclosed at the time of collection, and your information will be handled by that party in accordance with its own privacy policy.

Note we do not sell, rent, share or trade your Personal Information to any third party (including Partners) for marketing purposes unless you have granted us permission to do so.

(iii) Further disclosure of your Personal Information

We may additionally disclose your Personal Information as follows:

  • to third-party agents and processors, such as our technology vendors, CRM and data management platforms, data transmission companies, email service providers, data validation service providers, authentication service providers, data enrichment providers, online marketing and segmentation providers; and ad-targeting companies, as applicable, predominantly located in the USA, for third-party processing;
  • to any member of the Rokt group, meaning subsidiaries of parent company Rokt Pte Ltd, and their respective professional advisors, directors, employees, contractors and personnel;
  • as required by any law, subpoena, court order, or other enforceable legal process (including laws outside your country of residence);
  • as necessary to detect, prevent, or otherwise address fraud, security or technical issues;
  • as necessary for us to do in order to establish or exercise our legal rights or defend against legal claims; or
  • as part of or in anticipation of a business sale, merger, consolidation, investment, change in control, transfer of substantial corporate assets, reorganization, liquidation, or similar business transaction or corporate event;
  • and for such other purposes that are consistent with the way we have informed you that we will use your Personal Information in this Privacy Policy; and subject to appropriate confidentiality and security measures.

Disclosure of your Personal Information to recipients ‘overseas’

Rokt processes Personal Information in multiple countries, on high-security servers, possibly located outside the country where you live, with our primary servers located in the USA. Before we disclose your personal information to an overseas recipient, we take steps as are necessary and reasonable in the circumstances to ensure that the overseas recipient does not breach privacy laws in relation to your Personal Information.

Where we disclose your personal information to Partners or other third-party processors, it is likely (although not assured) the Partner or third-party processor will be located in one of the markets in which we operate or have a presence – namely the United States, Australia, Singapore, Japan, the EU, the United Kingdom and New Zealand and any other countries in which we operate as disclosed at https://rokt.com/about-us and https://rokt.com/rokt-subprocessors.

Rokt discloses Personal Information of individuals located in the European Economic Area with: (i) suppliers; (ii) other members of the Rokt group; and (iii) Partners located outside of the European Economic Area. Such transfers may be made: (a) to a third country or territory that is assessed by the European Commission as ensuring an adequate level of protection; (b) to recipients who have in place appropriate safeguards, such as standard contractual clauses that are approved by the European Commission or binding corporate rules that have been approved by a competent supervisory authority; or (c) where a transfer to a third country is occasional and necessary in relation to a contract between us or in your interest or for the establishment, exercise or defense of legal claims. In order to safeguard transfers of personal data for EU residents outside of the EU, Rokt discloses information concerning EU residents both (i) with suppliers and (ii) within the Rokt group, on the basis of EU-approved standard contractual clauses approved under Art 47 GDPR.

Information Security Safeguards

The security of your Personal Information is a priority for us, especially when your personal information is transferred ‘overseas’.

We take appropriate technical and organizational measures (including physical and electronic security) to safeguard Personal Information from loss, misuse, unauthorized access, modification or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Information. Specific measures that we use include:

  • restricting access to Personal Information where practicable;
  • using industry-standard encryption to protect data in transit and at rest;
  • building and maintaining a secure (private) network with no direct access between the internet and systems processing your data;
  • using pseudonymization techniques such as hashing email addresses or device IDs that we associate with you to reduce the risks when processing that data;
  • conducting regular scans and penetration tests of our applications and networks to identify (and address) any potential vulnerabilities;
  • demanding equivalent security and confidentiality measures from any third parties we do business with.

Data Retention

Rokt sets data retention periods in consultation with Partners in determining how long to retain the Personal Information about you supplied to us by them, subject to you exercising your lawful data subject rights, and further subject to any requirement for us to hold data for such period as may be required to establish, exercise or defend legal rights or ongoing legitimate business interests (e.g. to prove that you signed up to a particular Offer or electronic communication).

These periods vary by market in accordance with local laws. Please refer to the ‘User Rights’ section below for more information about how you can exercise your rights.

In respect of other categories of Personal Information and Personal Information collected on Rokt Owned Sites, if Rokt has no ongoing legitimate business need to process your Personal Information, we will take all reasonable steps to destroy the information and/or ensure that the information is de-identified or anonymized or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

Rokt is not responsible for how long Partners may retain your Personal Information. You should consult the privacy notices provided by Partners with whom you interact in order to determine how long they may retain your Personal Information.

How we use Tracking Technologies

Like many companies, when we display online Offers to you, we may use one or more persistent “Tracking Technologies” (such as cookies, entity tags (eTags), pixels, web beacons/ GIFs, local storage, or other identifiers on your device and browser settings) in order to recognize you and your device each time we display Offers to you. We also apply statistical probabilities to data sets, which attempt to recognize or make assumptions about, users and devices (e.g., that a user of multiple devices is the same user). Tracking Technologies may set or alter settings or configurations on your Device. We use both session and persistent tracking technologies.

We use these technologies for a number of purposes to enhance your online experience, such as for preference setting, offer selection, analytics, conversion attribution and fraud reduction. By rejecting Tracking Technologies, this does not mean that you will no longer see ads when you visit Rokt Owned Sites.

Further information on our use of Tracking Technologies, and how you can exercise your rights not to accept the use of Tracking Technologies, is set out in our ‘Cookies’ Policy.

Information for California residents

Under the California Consumer Privacy Act of 2018 (“CCPA”), if you are a resident of California, you have certain rights in relation to your Personal Information which is collected, processed, used, disclosed or retained by Rokt. For the purposes of this section, “Personal Information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA.

For a description of your rights and the actions you may need to take with respect to such rights, please see the below section: “Your rights in relation to your Personal Information”.

For a list of the the categories of Personal Information which Rokt may collect, and which Rokt may disclose to its third party service providers for a business purpose, please review the above section: “Types of Personal Information that we collect, when, why and from whom (our basis for processing)”.

Your rights in relation to your Personal Information

Subject to applicable law, you may have a number of rights regarding the processing of your Personal Information, including:

  • the right to request access to, or copies of, your Personal Information that we process or control, or have collected or shared about you, together with information regarding the nature, processing and disclosure of that Personal Information;
  • the right to request rectification of any inaccuracies in your Personal Information that we process or control;
  • the right to request, on legitimate grounds:
    • deletion of your Personal Information that we process or control; or
    • restriction of processing of your Personal Information that we process or control;
    • the right to object, on legitimate grounds, to the processing of your Personal Information by us or on our behalf;
  • the right to request, available information on the source of the personal data where it is not from you;
  • where we rely on your consent to use your Personal Information (e.g. for the sending of direct marketing by electronic mail), the right to withdraw that consent – see below under ‘How do I withdraw consent/ unsubscribe?’ where we process your Personal Information on the basis of your legitimate interests the right to object to the processing of your personal information – see below under ‘How do I Opt Out?
  • the right to file a complaint with a Data Protection Authority regarding the processing of your Personal Information by us or on our behalf.

Other users may have similar rights granted to them under local laws. In such case we will act in accordance with those laws.

To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Privacy Policy, or about our processing of your Personal Information, please use the contact methods described below.

Note as a security measure, to ensure that we properly identify you, such requests will only be actioned in respect of, and confirmed by way of reply email to, the specific email address from which the request was made. Note we will refuse requests made in respect of email addresses which a user cannot access. User requests will be answered as soon as possible but not later than one month after they are made or such other time that may be required under applicable privacy laws.

Withdrawing consent from Rokt for direct marketing communications / unsubscribing

To unsubscribe from:

  • any specific electronic correspondence from Rokt by using the ‘unsubscribe’ link contained in emails we send you or replying “STOP” to any SMS message you receive;
  • all future email correspondence from Rokt, please send an email to privacy@rokt.com with the subject “Withdraw Consent” and we will unsubscribe you from all communications we send you.

Note: if you withdraw consent, we will keep a copy of your email address on file to record that you have withdrawn your consent, and we will retain any information not provided on the basis of consent, and any information to the extent necessary to establish, exercise or defend legal rights.

Withdrawing consent from Partners, such as unsubscribing

In order to withdraw consent from Partners, to exercise your data subject rights or to otherwise access, update or delete any of your Personal Information retained by them, you should contact them directly.

In every marketing communication delivered to your calendar, you may exercise your right to unsubscribe through Rokt’s preference center, and will be confirmed at the time of making the unsubscribe.

Otherwise, if you wish to unsubscribe from any further electronic correspondence from Partners, you should submit a request to those organizations directly using the unsubscribe facility provided by them, or otherwise as described in their communications to you, or as set out in their Privacy Policy.

Opting out from Partner Offers

Even if you Opt Out you will still see information in your calendar of choice. Please contact the Partner whose calendar you have added for further information on removing any such calendar.

Children’s Privacy

Rokt does not allow advertisements to be targeted at individuals under the age of 16.

Rokt does not knowingly collect Personal Information from or about children under the age of 13. If we learn that we have collected Personal Information on a child under the age of 13, we will delete that data from our systems.

Rokt encourages parents and guardians to monitor their children’s activities online.

Complaints

Rokt treats complaints relating to privacy very seriously. If you submit a concern or complaint, we will endeavor to deal with it comprehensively and reach an outcome with which all parties are satisfied. If you have any questions concerning any element of this privacy policy, or privacy complaints, please contact the privacy team at privacy@rokt.com

Changes to this Privacy Policy

Rokt may update this privacy policy at any time. If we do so, we will post any Privacy Policy changes on our website, which you can review at any time. You will also be presented with this Privacy Policy whenever you are shown Offers on Rokt Sites. Your continued use of such services after any change will signify and confirm your assent to changes to our Privacy Policy.

Whom to contact about this policy

Rokt’s Data Protection Officer can be contacted via dpo@rokt.com.

Rokt Pte Ltd is the parent company of the Rokt Group, with subsidiary companies operating in Australia, the United Kingdom, Japan, the Netherlands, Germany and the USA. For a list of our offices, and contact details, go to https://rokt.com/about-us/.

Lionheart Squared (Europe) Ltd., with offices at 2 Pembroke House, Upper Pembroke Street 28-32, Dublin, D02 EK84 Ireland is designated as a representative within the European Union for Rokt Pte Ltd and all other members of the Rokt Group that are located outside of the European Union. Lionheart Squared (Europe) Ltd. shall be addressed in addition to other members of the Rokt Group by supervisory authorities and data subjects on all issues related to processing for the purposes of ensuring compliance with the General Data Protection Regulation (Regulation 2016/679).

Further, Rokt’s UK Representative is Rokt (UK) Limited, located at Aviation House 125 Kingsway, London WC2B 6NH United Kingdom.

Version: August 2022