Privacy Policy

Introduction

1. This is Centro, Inc.’s (“Centro” or “we”) privacy policy, and applies to our websites, services that we provide to you through our website or technology platform, and ads we display to you on other websites. It is effective as of July 8, 2019 (“Effective Date“).
2. This policy is incorporated into, and subject to, Centro’s Terms of Service.
3. By using Centro’s site, or any product or service offered, you acknowledge that you have read, and agree to, this policy.

What is in this document?

This document provides information about our website and our digital advertising technology platforms (“Basis DSP”, “Basis Platform”) which enables our clients to buy digital advertising, and then describes our policies about data collection and use. It also provides information on the type of data we collect and utilize when serving ads to individuals.

CONSUMER OPT-OUT CHOICES

Centro supports empowering you to make informed decisions about the type of advertisements that are delivered to you online, and, as such, we are providing you the opportunity to opt out of the tailored ads delivered to you by Centro based on your interests, previous visits to other sites, and information stored in your web browser or mobile device.

If you select this option, you will still see just as many ads, but they will no longer be personalized based on the information Centro has collected, (i.e. the ads will likely be less relevant to you and your interests) and any information we have collected thus far will be dissociated from your device, thereby preventing its use. If our systems detect that your computer or mobile device is located in the European Economic Area and you opt-out, we will treat that opt-out as a request for the Basis DSP to cease processing your personal data.

Feel free to opt out here if you so desire:

Basis DSP

1. For desktop and mobile web, click here. The opt-out requires a cookie to be stored by your browser, in order to signal your opt-out status to us during future ad calls. By opting-out, you consent to Centro’s opt-out cookie being stored by your browser.
2. For mobile app:
   1. Find your phone’s Android Advertising Identifier (for Android devices) or Apple Identifier for Advertising (for iOS devices).
      1. On Android 6, open the Settings app and select “Google”. Select “Ads”. Choose “Opt out of Ads Personalization”, and make a note of your advertising ID. In earlier versions of Android, this is found in a separate Google Settings app instead.
      2. On iOS, open the Settings App and select “Privacy”. Select “Advertising”, and enable “Limit Ad Tracking”. On iOS 10 and above, this will set your Identifier for Advertising to “0”, and no further action is needed, as this prevents its use. On iOS 9 and below, for additional confidence, you may wish to download an app such as My TUNE Device to determine your Identifier for Advertising and enter it in the box below.
   2. Enter it here:
      
      
      
      

It should also be noted that Centro is committed to industry self-regulation, and as such, is a member in good standing with the Interactive Advertising Bureau, (“IAB”) and is a participant in the Digital Advertising Alliance (“DAA”) following the Self-Regulatory Principles for Online Advertising, including its “AdChoices” program.

You may also visit the self-regulatory program opt-out pages:

http://www.aboutads.info/choices or
http://www.networkadvertising.org/managing/opt_out.asp

for the USA, http://www.youronlinechoices.com

for the EU, http://www.youradchoices.com

Basis DSP PRIVACY PRACTICES

What is Basis DSP?

Basis DSP provides tools for advertisers, or media buyers, to purchase digital ad space on website and mobile sites and applications. To accomplish these goals, advertisers and media buyers use Basis DSP to engage in a variety of techniques, including interest-based advertising, real-time (programmatic) advertising, contextual, and location-based advertising. Basis DSP also provides buyers other tools, like the ability to measure how effective their ads were, designed to make the buying of ad space seamless.

What information does Basis DSP collect?

Basis DSP is designed to use certain types of data. It includes data generated through Basis DSP as well as data clients receive from other sources and then use on Basis DSP, or that they buy through Basis DSP. This may include pseudonymous information about Internet users’ browsers and devices, such as:

• the type of browser and its settings,
• information about the device’s operating system,
• cookie information,
• information about other identifiers assigned to the device, and
• the IP address from which the device accesses a client’s website or mobile application
• Information about whether an Internet user has visited a Centro client’s website, based on web beacons placed on the site by our customer
• information about the geographic location of the device when it accesses a website or mobile application
• inferences or information about users’ interests that are created, acquired, bought, sold, or used by our clients

Pseudonymous information is considered personal data in some places like the European Union. However, the pseudonymous information used on the Basis DSP can’t be used to identify an actual person.

How does Basis DSP use the information that it collects?

We use the information we collect to serve targeted ads to individuals.

More specifically, the platform enables our users to use this information to:

• Determine what ad to show an individual, and to serve that ad (including behaviorally targeted ads) to that individual
• Customize ads to particular types of audiences;
• Customize ads to the type of web page an individual is viewing;
• Perform analysis of how effective the ads served are;
• Learn more about their own customers;
• Limit the number of times an individual sees an ad;
• Detect fraud; and
• Troubleshoot platform or campaign issues.

How long is the information stored and kept?

For data collected via browsers and stored in cookies, Basis DSP stores pseudonymous targeting segments for up to 60 days. For data collected via mobile application advertising and stored via mobile advertising IDs Basis DSP stores this data for up to 180 days. Our systems typically reset the retention period each time we encounter the same user.

How does Basis DSP collect this information?

Basis DSP uses cookies, beacons, mobile SDKs, tags and other technology to collect data associated with particular devices or web browsers. Customers then use this data within Basis DSP to enhance and refine digital ad campaigns.

Does Basis DSP use web beacons (aka clear GIFs or web bugs)?

Yes. “Web beacons” are small images (generally a single transparent pixel) with a unique identifier, served to you as part of a web page or other document. Web beacons may be used in parts of our Services for purposes such as site traffic reporting, unique visitor counts, advertising auditing and reporting, and personalization. For more information on web beacons, see http://www.allaboutcookies.org/faqs/beacons.html

How does Centro use the information provided by Basis DSP advertisers?

We use any information provided by Basis DSP and Basis Platform advertising customers for the following service-related purposes:

• To provide, operate, manage, maintain and enhance the platform. We internally perform statistical and other analysis on information we collect (including usage data, device data, referral data, and information from page tags) to analyze and measure user behavior and trends, to understand how people use our services, and to monitor, troubleshoot and improve our Services.
• To assist the enforcement of our Terms of Service.
• To prevent potentially illegal activities.
• To screen for undesirable or abusive activity.
• To contact you about your service or account. We occasionally send you communications of a transactional nature (e.g. service-related announcements, billing-related matters, changes to our services or policies, welcome emails when you first register, etc.). You can’t opt out of these communications, since they are necessary in order for us to effectively provide our services to you.
• To contact you for marketing purposes. We will only do this if you have given us your express permission to contact you for this purpose.
• To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
• To create new services, features or content. We may use any information you provide us (e.g. via email or through our ticketing system) to create and provide new services, features or content.

As a Basis DSP or Basis Platform customer, will Centro share my information?

1. We share aggregate information collected from the Basis DSP for marketing purposes. For example, we may issue a press release announcing that users who have visited travel sites have a higher click-thru rate on finance related web pages.
2. Billing and Contact information – We work with trusted agents and service providers to assist us in billing and account maintenance for our clients.  For example, if you fund your platform account with a credit card, we use a credit card processing company to bill you for the Services and share your address and billing details with them in order to do so. These service providers do not retain, share, store or use that information for any other purpose. In certain instances, we may share information with our suppliers (data and inventory exchanges).
3. To provide the Services – Centro may provide customer platform data to partners and service providers for the purpose of operating, managing, maintaining, or enhancing Centro’s Services, including for the safety and security of the platform and the online industry, or as required by law. Centro does not share the information collected on the platform with other third parties, unless legally required.

Legal Disclaimer: We reserve the right to disclose your information as required by law, and when we believe that disclosure is necessary to protect our rights and/or to comply with any applicable judicial proceeding, court order, or legal process.

As a Basis DSP user or Basis Platform customer, what communications can I expect from Centro?

1. Special Offers and Updates – We will occasionally send you information on products, services, special deals, and promotions (if you opt-in on our registration page). If you no longer wish to receive this type of communication, you can opt-out through the link in the email communication.
2. Surveys or Contests – From time to time, we may provide you the opportunity to participate in contests or surveys on our site. If you participate, we may request certain personally identifiable information from you. Participation in these surveys or contests is completely voluntary, and you therefore have a choice whether or not to disclose this information. We use this information to notify contest winners and award prizes, and to process and analyze survey results. We use a third party service provider to conduct these surveys or contests; that company is prohibited from using our users’ personally identifiable information for any other purpose.
3. Service-related Announcements – We will send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our service is undergoing temporary maintenance, we might send you an email. Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account.
4. Customer Service – Based upon the personally identifiable information you provide us, we will send you a welcoming email to verify your username and password. We will also communicate with you in response to your inquiries, to provide the services you request, and to manage your account. We will communicate with you through our ticketing system, via email, and by phone.

If you no longer wish to receive our promotional communications, you may unsubscribe by following the instructions included in each communication.

Through our partners, we use web beacons in our HTML-based emails to let us know which emails recipients have opened. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns.

Supplementation of Information: In order to provide certain services to you, we may supplement the personal information you submit to us with information from third party sources, including in respect of credit worthiness and verification of any information provided.

CENTRO.NET WEBSITE VISITORS

What information does the Centro website collect, and how is it used?

We collect usage data about you whenever you interact with our website. This may include which of our pages you visit, what you click on, when you performed those actions, and so on. Additionally, like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses. We collect data from the device and application you use to access our services, such as your IP address and browser type. We may also infer your geographic location based on your IP address. If you arrive at our website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us. We use third party tracking services that employ cookies and page tags (also known as web beacons) to collect aggregated and anonymized data about visitors to our websites. This data includes usage and user statistics, but not personally identifiable information.

Does Centro.net use cookies?

Yes. “Cookies” are pieces of information (actually, alphanumeric identifiers) generated by web servers, and stored on your web browser for future access. Cookies cannot view or retrieve data from other cookies, nor can they capture files or data stored on your computer. We do not link the information that we store in cookies to any information that may be used to ascertain your real world identity. We use both session ID cookies and persistent cookies. We use session cookies to make it easier for you to navigate our site. A session ID cookie expires when you close your browser. A persistent
cookie remains on your hard drive for an extended period of time. You can remove persistent cookies by following directions provided in your web browser’s “help” file. We set a persistent cookie to store your passwords, so you don’t have to enter it more than once. Persistent cookies also enable us to track and target the interests of our users to enhance the experience on our site. If you reject cookies, you may still use our site, but your ability to use some areas of our site will be limited. For more information on cookies, see: http://www.allaboutcookies.org/faqs/cookie-file.html

GENERAL PRIVACY INFORMATION

How do I access my information?

You have the right to access, update, and correct inaccuracies in certain information in our custody and control, subject to certain exceptions prescribed by law. You may request access, updating and corrections of inaccuracies in the personal information we have in our custody or control by emailing us at privacy@centro.net. We may request certain personal information for the purposes of verifying your identity when requesting access to or correction of your personal information records. If your personally identifiable information changes, or if you no longer desire our Service, you may correct, update, delete or deactivate it by emailing us at privacy@centro.net. EU data subjects may be entitled to additional rights as described below.

Is my information secure?

Yes, the portions of our website (and our other Services) that handle sensitive confidential information are secure. We are committed to maintaining the security of your information and have measures in place to protect against the loss, misuse, and alteration of the information under our control. We employ industry-standard techniques to protect our systems from intrusion by unauthorized individuals. Our data center utilizes state-of-the-art physical security measures to prevent unauthorized access to the facility. In addition, all information is stored in a secure location behind firewalls and other sophisticated security systems with limited (need-to-know) administrative access. All provider employees who have access to, or are associated with, the processing of personal information are contractually obligated to respect the confidentiality of your information and abide by the privacy standards we have established. Please be aware that no security measures are perfect or impenetrable. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Onward Transfer – Will my information be transferred?

Centro may share information with trusted third-party partners such as billing and payment processing vendors and hosting providers for the Centro website and DSP. These third-party contractors are prohibited from using the information for purposes other than performing services for Centro.

The above notwithstanding, we may disclose any of the information we collect when we believe that we have a legal obligation to do so or to protect the safety, property or rights of Centro or of any third party. For example, we may disclose any of the above in order to (i) protect our rights and/or comply with a judicial proceeding, court order, or legal process served, (ii) for law enforcement or national security purposes including sharing data of EU and Swiss individuals in response to lawful requests from public authorities to meet national security and law enforcement requirements, or (iii) protect or defend our proprietary rights.

Centro is responsible for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third-party acting as an agent on its behalf. Centro shall remain liable under the Privacy Shield principles if its agent process such personal information in a manner inconsistent with the Privacy Shield principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

We will also provide an EU or Swiss individual with opt-out or opt-in choice before we share their personal data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. If you’re located in the EU or Switzerland and seek to limit the use and disclosure of your information, please submit a written request to privacy@centro.net.

In the event that Centro (or its parent or subsidiary companies) goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personally identifiable information will likely be among the assets transferred. You will be notified via prominent notice on our site for 30 days of any such change in ownership or control of your personal information.

Does the Centro privacy policy apply to other sites?

This site contains links to other sites that are not owned or controlled by Centro. We are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our site, and to read the privacy statements of each and every site that collects personally identifiable information. This privacy statement applies only to information collected by Centro.

What if Centro changes this privacy policy?

We reserve the right to modify this privacy statement at any time, so please review it frequently. If we decide to change our privacy policy, we will post the updated version, together with an updated Effective Date, on this page. We encourage you to check this page periodically for any changes.

EUROPEAN UNION DATA SUBJECTS

The General Data Privacy Regulation (“GDPR”) affords additional rights to EU data subjects. Those rights include the right to complain to EU Supervisory Authorities and the right to access, correct, port to another party and delete certain personal data processed by Centro.

With respect to EU data subjects, personal data includes pseudonymous information such as an IP address, a mobile advertising ID or a cookie ID. Where Centro is a controller of data (e.g., via our Basis DSP), the legal basis will be both legitimate interest and consent depending on the type of information subject to processing and the information we receive from upstream partners. Where we rely upon legitimate interest, we have assessed the processing is not high risk and will not violate fundamental human rights of EU data subjects.

Where Centro receives from an EU data subject a request to cease processing of data via one of the choice mechanisms listed above, Centro will stop all data processing with respect to the opted out browser or device unless such processing is required by law.

If you’re an EU data subject and believe Centro is processing your pseudonymous information (e.g., Centro cookie ID or mobile advertising ID) or your contact information (e.g., email address, telephone number) and you wish to exercise your right to access, delete, port or remove such information, please send an email to privacy@centro.net and we will respond to your request within 30 days.

Centro’s Data Protection Officer and EU representative is Dr. Christoph Bauer, CEO at ePrivacy GmbH and he may be contacted at privacy@centro.net.

Privacy Shield

Centro complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland transferred to the United States pursuant to Privacy Shield.  Centro has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Centro is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

In compliance with the Privacy Shield Principles, Centro commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should contact privacy@centro.net.

Alternatively, you may contact us at the address below:

Centro, Inc.
11 E Madison St., 6th Floor
Chicago, IL
60602
United States

We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at: https://www.privacyshield.gov/article?id=ANNEX-I-introduction