Privacy Policy

Last Updated: June 18, 2021.

Hivestack Inc., a Canadian company with a registered office at 118 Rue Saint-Pierre, Montréal, QC H2Y 2L7, Canada.

This policy explains how Hivestack Inc., as well as its affiliated and related companies (“Hivestack”, “we” or related possessive pronouns) use, share and otherwise treat Information for the purpose of its location-based marketing services, described in more detail on this website, including our Home page as well as our Platform page.

Hivestack takes your privacy seriously. We work diligently to ensure that our practices meet or exceed legal and industry standard compliance including transparency regarding our use and treatment of data.

1. INFORMATION FOR VISITORS OF THE HIVESTACK WEBSITE

In general, you can visit our Website without telling us who you are or submitting any personal Information. We collect Device-based Information (“Analytics”), the cookie ID and IP addresses of visitors to our Website and other Information about your visit, such as page requests, browser type, operating system and average time spent on our Website. We use this Information to help us understand our Website activity, and to monitor and improve our Website. Users can control the use of cookies at the individual browser level. For more Information about cookies, please visit All About Cookies.

2. DESCRIPTION OF HIVESTACK’S SERVICES

Hivestack is a leading advertising company that provides a technology platform which gives marketers a powerful solution to deliver digital out-of-home (“DOOH”) advertising campaigns. Hivestack has developed a proprietary technology platform that enables clients to reach their desired target audience, and measure the efficacy of their campaigns.

Hivestack partners with location data provider companies who collect and use precise location data to help advertisers provide more relevant offers to mobile application users, and to inform the delivery and measurement of DOOH advertising. Hivestack does not collect this location data directly; all location Information is provided by Hivestack’s partners, such as Cuebiq who are one of our data providers.

Hivestack receives this location Information from its partners as a file in a secure AWS S3 transfer. This location Information includes lat/long (latitudinal and longitudinal) data, i.e., GPS-level data associated with a mobile advertising ID, such as an IDFA or an Google Android Advertising ID (“GAAID”) and time and date Information as a timestamp.

We use the Information we receive to understand the optimal times and locations to best reach defined audiences on DOOH screens. This allows Hivestack to deliver ads to DOOH screens and to understand movement patterns.

The location data we receive is also used to understand which mobile Device IDs (IDFA and GAAID) were in proximity to a DOOH location at a time when DOOH campaign creative was displayed and build a list of those Device IDs. That list of mobile Device IDs in proximity to DOOH locations, may then be used to build an audience for targeting delivery of mobile in-app advertisements. These Mobile Advertising IDs can be used for certain advertising purposes. They can be used to limit the number of times a specific advertisement is presented to the same Device, track a Device to show that the Device interacted with an ad (i.e. “clicked” on it, watched a video ad, or downloaded an application as a result of an advertisement).

Hivestack does not permit any data collected to be used for Personalized Advertising relating to sensitive health segments, or sexual orientation.

This location Information we receive from our partners may additionally be used to perform aggregated “attribution” analysis for DOOH campaigns. This analysis can help marketers understand in aggregate which users have been exposed to which DOOH ad campaigns and if Devices exposed to a DOOH advertising were then measured at that advertiser’s physical retail location. This is done so that an ad campaign’s success may be understood.

3. THE DATA ELEMENTS WE USE IN PROVIDING OUR SERVICES

Hivestack receives these pieces of Information from their location partners:

  • Time and Date Information as a Timestamp

  • Unique Device identifiers for advertising (Google Advertiser ID or IDFA)

  • Geolocation as both a Latitude and Longitude

We do not receive personally identifiable data such as names, phone numbers, email addresses or physical addresses.

4. HOW WE SHARE INFORMATION WE COLLECT

Hivestack does not share user-level data with third parties for Personalized Advertising, DOOH Advertising, or ADR purposes. We may share your Information with third parties:

  • If the Information is provided to help complete a transaction requested by you.

  • If you request or authorize it.

  • If the Information is provided to: (1) comply in good faith with applicable laws, rules, regulations, governmental and quasi-governmental requests, court orders, or subpoenas; (2) enforce our Terms of Use or other agreements; or (3) protect our rights, property, or safety or - the rights, property, or safety of our users or others.

  • If the disclosure is done as part of a purchase, transfer, or sale of services or assets (e.g., in the event that substantially all of our assets are acquired by another party, your Information may be one of the transferred assets, or in the course of due diligence for such an event) or in the event of bankruptcy.

  • If the Information is provided to our third-party vendors or service providers to perform functions on our behalf (e.g., analyzing data, providing marketing assistance, providing customer service, processing orders, etc.).

  • As otherwise described in this Privacy Policy, or with your prior consent.

5. YOUR PRIVACY CHOICES AND OPT-OUT RIGHTS

When we receive location Information (including precise location Information) from location data provider partners, we endeavour to work with partners that provide disclosures to their own users regarding the use of mobile data for interest-based advertising purposes, and regarding consumer opt out rights.

You may manage certain collection and sharing of Information in connection with the Hivestack Site and the Services as follows:

  • You may control how your browser responds to cookies by adjusting the privacy and security settings of your web browser.

  • You may limit the disclosure of certain Information by your mobile Device to us and Publishers by adjusting the settings on your mobile Device.

  • For iOS mobile Devices, go to “Settings” from your Device’s home screen; scroll down to “Privacy”; select “Advertising”; and turn on “Limit Ad Tracking.”

  • For Android mobile Devices, go to “Google Settings” on your Device; select “Ads”; and check the box labeled “Opt Out of Interest-Based Ads.”

Our data partners honour these “limit” or “opt out” instructions or “flags” by removing recognized Devices from our cross-app advertising or ad delivery and reporting solutions, on a going-forward basis.

You may opt out of certain advertisers’ cookies and browser-enabled, interest-based advertising by visiting Network Advertising Initiative Mobile Choice page.

Please note that these opt outs apply to interest-based advertising by participating advertisers. You may still receive other types of online advertising from participating advertisers, and the websites you visit may still collect Information for other purposes. In addition, the opt-out choices you select are stored in opt-out cookies only in the browser that you use to visit the opt-out websites, so you should separately set your preferences for other browsers or Devices you may use. Deleting browser cookies can remove your opt-out preferences, so you should visit these opt-out websites periodically to review your preferences or update your preferences to apply to new participating advertisers.

Publishers and Advertisers may also provide ways for you to opt out from or limit their collection of Information from and about you. Please refer to the privacy policies for the Apps to learn more about the privacy practices of Publishers and Advertisers. Please note, however, that we are not responsible for the privacy practices of Publishers, Advertisers, and other third parties.

You may opt not to receive promotional emails from us by contacting us as indicated in our contact details at the end of this document or by following the “unsubscribe” instructions in any promotional email you receive from us, or by contacting us at privacy@hivestack.com. Please note, however, that we may still send you non-promotional, transactional or service-related emails about your relationship with us.

6. DATA RETENTION

We continue to use mobile advertising IDs for analytics purposes and other purposes unrelated to interest-based advertising and reporting (for instance, in aggregated form for market research) for up to 24 months (outside of EEA countries and Switzerland) or 13 months (in EEA countries and Switzerland), provided that we may retain them if we have a legal or significant operational or legal need to do so, such as for auditing, corporate record-keeping, compliance, record-keeping, accounting or security and bug-prevention purposes.

7. SECURITY

We have administrative, technical, and physical safeguards in place in our physical facilities and in our computer systems, databases, and communications networks that are designed to protect Information contained within our systems from loss, misuse, or alteration. No method of electronic transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security of your Information. If you have any questions about the security of your Information, please contact us as described below.

8. THIRD-PARTY WEBSITES

When you access the Hivestack Site, you may be directed to other websites that are beyond our control. We may also allow third-party websites or applications to link to the Hivestack Site. We are not responsible for the privacy practices of third parties or the content of linked websites, and we encourage you to read the applicable privacy policies and terms and conditions of such third parties and websites. This Privacy Policy only applies to the Hivestack Site and Services.

9. INTERNATIONAL TRANSFERS

We may store and process your Information in Canada and the United States.  By accessing the Hivestack website or our Services, you consent to the transfer of your Information to Canada and the United States and other countries. Please note that the laws in Canada and the United States and other countries regarding processing Information may be less stringent than in your country.

10. OUR MEMBERSHIPS

Hivestack is a member of the Network Advertising Initiative (NAI), and we undergo annual certifications that we adhere to their strict Code of Conduct. To learn more about the NAI or how to opt out of receiving targeted advertising from other third party services that belong to the NAI, please follow this link.

11. THE EU GENERAL DATA PROTECTION REGULATION (GDPR)

As of May 25, 2018, a new data privacy law known as the EU General Data Protection Regulation (or the “GDPR”) has been in effect through the EEA countries and Switzerland.   The GDPR requires Hivestack as an organisation handling location data to provide users with certain Information about the processing of their “Personal Data.”  “Personal Data” is a term used in Europe that means, generally, data that identifies or can identify a particular unique user or Device – for instance, names, addresses, cookie identifiers, mobile Device identifiers, precise location data and biometric data. To comply with the GDPR, we provide the below representations and Information, which are specific to persons located in EEA countries or Switzerland.

a. Legal grounds for processing your Personal Data

The GDPR requires us to tell you about the legal basis we’re relying on to process any Personal Data about you. The legal basis for us processing your Personal Data for the purposes set out in Sections 2 and 3 above will typically be because:

  • You provided your consent. In order to provide our services that involve use of precise location Information related to other Personal Data, (and to store and gain access to Information stored on your Device such as mobile advertising IDs), we rely on your consent. To obtain this consent, we rely on our web and mobile partners’ compliance steps, designed to ensure that consent is collected and passed on to Hivestack, and to ensure that we only process legally obtained data. We do this to fulfill our obligations under the ePrivacy Directive. We may choose to obtain consent in other cases as well, in which case we will adhere to applicable laws relating to such consent and its withdrawal.

  • The processing is in our legitimate interest. In some cases, we use legitimate interest as a legal basis for processing Personal Data. We rely on legitimate interest when we use Personal Data to maintain the security of our services, such as to detect fraud or to ensure that bugs are detected and fixed. We also rely on legitimate interest when we use our own customers’ data to communicate with them about our Services.

  • Legal Obligations. Some processing of data may be necessary for us to comply with our legal or regulatory obligations.

b. Transfers of Personal Data

As Hivestack works with global companies and technologies, we may need to transfer your Personal Data outside of the country from which it was originally provided. For instance, we may transfer your data to third parties that we work with who may be located in jurisdictions outside the EEA or Switzerland, and which have no data protection laws or laws that are less strict compared with those in Europe.


When we transfer Personal Data outside of the EEA or Switzerland, we take steps to make sure that appropriate safeguards are in place to protect your Personal Data. In general, our data transfers of our Personal Data are safeguarded by European Standard Contractual Clauses and Data Processing Agreements where this is required by European Data Protection Law. Feel free to contact us at the contact Information below for more Information about the safeguards we have put in place to protect your Personal Data and privacy rights in these circumstances.

c. Personal Data Retention

As a general matter, we retain your Personal Data for as long as necessary to provide our Services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements. We generally continue to use mobile advertising IDs for analytics purposes and other purposes unrelated to interest-based advertising and reporting for 13 months (in EEA countries and Switzerland) from receipt of consent. We may retain this (and other) Information whenever and so long as we have a legal or significant operational need to do so, such as for auditing, corporate record-keeping, compliance accounting or security and bug-prevention purposes.

If you are a customer of ours and thus have an account with us, we will typically retain your Personal Data for the length of time necessary for the purposes for which the data was collected, such as to provide services and Information to our customers, business associates, and similar parties.

d. Your Rights as a Data Subject

The GDPR provides you with certain rights in respect of Personal Data that data controllers hold about you, including certain rights to access Personal Data, to request correction of the Personal Data, to request to restrict or delete Personal Data, and to object to our processing of your Personal Data.


Right to Access: If you wish to exercise your right to access Personal Data we process as a data controller, you may do so by requesting access through the e-mail address privacy@hivestack.com. When we receive your request, we will provide you with current, step-by-step instructions to follow in order to obtain access. As we are required to verify a requestor’s identity prior to providing Personal Data, we will assess requests to exercise certain data access rights on a case-by-case basis: in doing so, we consider (a) the difficulty of verifying whether data that we hold and data we have linked to it truly and solely belongs to the data subject making the request, along with (b) the potential adverse affects on disclosure of personal data to the wrong individual. Because such improper disclosure would likely adversely affect the privacy rights and freedoms of the data subject, we may limit the Personal Data we make available.

Please note that we will only grant requests for access for Personal Data for which we are a data controller, as explained further in sub-section (e) below. Where we act as a processor for one of our customers, we will refer your request to that customer. Please identify the customer your request refers to (if possible), to simplify this process.


Right to Correct: If you wish to exercise your right to correct Personal Data, you may do so by contacting us at the contact Information below.


Right to Object to Processing or to Withdraw Consent: By using the Device-based “opt-out” signals described in Section 5 of this Privacy Policy, you may withdraw consent for processing on which our location data partners rely on consent. If you do so, they will cease processing your Personal Data for purposes of our services within 30 days or less. Our location partners either collect these opt-out signals themselves or receive them from the mobile apps they work with.


Right to Erasure. You also have the right to obtain the erasure of Personal Data concerning you that we hold as a controller. The above opt-out process satisfies this right on a going-forward basis.


When a user opts out through our partners (or through mobile Device settings), and those location partners receive that signal, they no longer collect Personal Data to provide for Hivestack’s services. We will also manually delete your Personal Data if preferred that we do so; please contact us at privacy@hivestack.com for further instructions if you wish to exercise this right manually. Please note, however, that we may retain copies of certain Personal Data on inactive or back-up files, for our own internal and necessary purposes, such as auditing, accounting and billing, legal or bug-detection. We will in most cases delete such data within 24 months, absent a compelling reason to retain it.


Right to Lodge Complaints. You have the right to lodge a complaint with a supervisory authority. However, we hope that you will first consult with us, so that we may work with you to resolve any complaint or concern you might have.

e. Hivestack as a data controller and a data processor

EU data protection law makes a distinction between organisations that process Personal Data for their own purposes (known as “data controllers”) and organisations that process Personal Data on behalf of other organisations (known as “data processors”). As noted above, we are not always a data controller of the data in our possession, but are sometimes a data processor for other companies such as our customers. In such cases, we may direct your inquiry to the relevant data controller, since data controllers are the ones with primary responsibility for your Personal Data.

12. CHANGES TO PRIVACY POLICY

From time to time, we may change this Privacy Policy by posting a notice of such change on our website. You should visit our website periodically to review any such change. When you continue to use or interact with Hivestack Services after such change, your subsequent provision of Information (e.g., personally identifiable Information) to us will be subject to such change. If such change materially expands our rights to use your personally identifiable Information that we have collected, we will notify you through email or a prominent posting on our website.

13. CONTACTING US

Our privacy practices are in accordance with all federal and provincial laws and regulations, including the Personal Information Protection and Electronic Documents Act ("PIPEDA").

If you have any questions about this policy, please contact Hivestack’s Chief Privacy Officer at:

Hivestack
118 Rue Saint-Pierre, Montréal, QC H2Y 2L7
Tel : +1 866-552-9924
Email : Privacy@hivestack.com

Attention: Chief Privacy Officer

If you are in the European Union or the United Kingdom, you may address privacy-related inquiries to our EU or UK representative pursuant to Article 27 GDPR:

EU: EU-REP.Global GmbH, Attn: Hivestack, Hopfenstr. 1d, 24114 Kiel, Germany

UK: DP Data Protection Services UK Ltd., Attn: Hivestack, 16 Great Queen Street, Covent Garden, London, WC2B

5AH, United Kingdom

hivestack@eu-rep.global

www.eu-rep.global

14. CCPA 2020 ANNUAL REQUEST METRICS (July 1, 2020 - 2021):

  • Requests to know - 7

  • Requests to delete - 13

  • Requests to opt-out - 12

  • Median response time in days - 1