Privacy Policy

Notice at Collection and Privacy Policy

Last Updated: February 28, 2024.

This Notice at Collection (“Notice at Collection”) and Privacy Policy (“Policy,” and together, the “Notices”) are provided to you by your mobile device carrier (“Carrier”) that puts great efforts into making sure that personal information related to you is secured and used properly.

Digital Turbine USA, Inc. (“Digital Turbine,” “our,” “we”) is a service provider of Carrier that will be processing your personal information on behalf of Carrier, solely to provide you with the services described below (“Services”) and/or when the Services are enabled on your mobile device.

The Carrier is providing the Services to you as a business (within the meaning of US Privacy Laws) or as a controller (within the meaning of the GDPR, UK GDPR, or the LGPD). We operate the Services as a service provider (within the meaning of US Privacy Laws) or as a processor (within the meaning of the GDPR, UK GDPR, or the LGPD) on behalf of the Carrier.

The term “personal information” refers to information that identifies an individual or relates to an identifiable individual or as otherwise defined under applicable data protection and privacy laws of the United States (“US Privacy Laws”), or to “personal data” as defined under the General Data Protection Regulation (“GDPR”) and under the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (“UK GDPR”), or the Brazil’s data protection law (“Lei Geral de Proteção de Dados Pessoais”, or “LGPD”), as applicable. This Notice also explains certain rights that Consumers have under US Privacy Laws and how they may exercise them.

The general part of this Policy applies to all end users of our Services, regardless of where they use our Services from. Annex 1 includes supplemental terms regarding our processing of personal information under the GDPR and UK GDPR, and Annex 2 includes supplemental terms about our processing of personal information under the LGPD. The summary of the Policy will give you a quick and clear view of our data processing practices when the Services are enabled and/or used on your mobile device. Please take the time to read the full Policy. If you disagree with this Policy, please do not access, or use the Services.

The Policy summary below will give you a quick and clear view of our practices. The first six headings in the summary also serve as the Notice at Collection.

A Summary of the Policy

Categories of personal information that we collect.

Read More below

We only collect and store your Android Advertising ID (AAID) in pseudonyms.

Categories of sensitive personal information

Read More below

Our Services do not collect any sensitive personal information related to you.

What do we do with personal information?

Read More below

The personal information related to you is processed to enable and measure the installation of mobile applications on your mobile device via the Services.

Who do we disclose, share, or sell personal information with or to?

Read More below

We share personal information related to you with third parties’ Mobile Measurement Partners (“MMPs”) when a mobile application is installed on your mobile device via the Services. We may also share the personal information related to you with our affiliate entities to support the Services and/or when we are required by applicable law to obey authorities’ orders and other lawful requirements to disclose such information.

How long do we retain personal information? Read More below

We retain personal information related to you for up to thirty (30) days and for legitimate and lawful purposes, as further explained in the data retention section of this Policy.

Your choices and rights

General

Read More below

Exercising your rights

US Laws

Read More below

We will give you various choices about how we use and share personal information related to you, and we will respect your choices. You also have rights under applicable laws, as further detailed in the Policy.

Aggregated and analytical information.

Read More below

Aggregated data is not identifiable and, therefore, not personal information. We use it for our legitimate business purposes.

Specific provisions for U.S. residents

Read More below

Suppose you reside in the United States (U.S.). In that case, further terms apply to our processing of personal information about you, and you have additional rights as a consumer under U.S. state privacy laws governing the protection of privacy and personal information, for example, the California Privacy Rights Act of 2022 (CPRA).

Transfer of Personal information outside your territory

Read More below

We store personal information related to you in the United States. Our service providers / sub-processors provide us with adequate security and confidentiality commitments.

Information Security

Read More below

We implement systems, applications, and procedures to secure personal information related to you to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information.

Dispute Resolution

Read More below

Contact us at privacy@digitalturbine.com or write us for any request or complaint. We will make good-faith efforts to resolve any existing or potential dispute with you.

Changes to this Privacy Policy

Read More below

We will update our policy from time to time after giving proper notice.

Incorporation of the Terms of Use

Read More below

This policy is an integral part of Digital Turbine’s Terms of Use.

Contact Us

Read More below

Don’t hesitate to contact us at privacy@digitalturbine.com for further information.

Description of the Services

  1. Dynamic Installs

Dynamic Installs seamlessly load mobile applications to a mobile device of Carrier without user interaction upon the mobile device’s first boot. The service’s code is embedded on the device and performs the download for pre-approved applications by the Carrier.

  1. AppSelect

AppSelect allows mobile device users to review pre-approved applications by Carrier before installing them on the device. AppSelect can be shown immediately after the Google Setup Wizard (GSW) flow completes, from a Notification provided by the service that prompts the device user to download the app or after Maintenance Release (MR).

  1. Notifications

Push notifications delivered via the Android Notification Drawer can encourage users to launch apps (i.e., open the app for the first time) that are currently on a device but have yet to be opened or to visit a specific mobile website.

  1. Single Tap Installs

Single Tap Installs (STI) provides seamless, one-tap installation of mobile apps from any call-to-action (ad banner, button, hyperlink, etc.) on the mobile device instead of via the mobile applications store. STI reduces app store friction, improves conversion, and ensures that mobile app installs are fraud-free.

Device users can uninstall all downloaded and installed mobile applications via the Services. To remove an app, go to the device Settings–>Apps or Application Manager. Then tap the app you want to uninstall (you may need to swipe right or left to find the app). Then tap ‘Uninstall’.

The Digital Turbine Privacy Policy

Categories of Personal Information We Collect

We collect and store your Android advertising ID (i.e., AAID) when a mobile application is downloaded to your mobile device via the Services. We then replace the Android advertising ID with a random, artificial identifier (a pseudonym).

What Do We Do with Personal Information?

We use personal information related to you in a pseudonymized form for the following purposes:

  • To enable the measurement of mobile apps installed on your mobile device via the Services.
  • To fix errors related to the Services and for operational and technical purposes in relation to us providing the Services to Carrier.

We obey the law and expect you to do the same. If necessary, we will use personal information related to you to enforce our terms, policies, and legal agreements, to comply with court orders and warrants, and assist law enforcement agencies, to collect debts, prevent fraud, misappropriation, infringements, identity thefts and any other misuse of our Services, and to take any action in any legal dispute and proceeding.

We commit to process personal information related to you solely for the purposes described in this Policy.

Who do we Disclose, Share, or Sell Personal Information related to you with?

We do not sell, rent, or lease personal information related to you.

Personal information related to you is shared with certain employees, external consultants, and our affiliates, all governed by this Policy.

We also share personal information related to you with our vendors and third-party service providers that process personal information related to you on our behalf. Such vendors and service providers are contractually bound to keep personal information related to you confidential and appropriately secure.

A merger, acquisition, or any other structural change will require us to transfer personal information related to you to another entity as part of the structural change, provided that the receiving entity will comply with this Policy.

We will share personal information related to you only subject to the terms of this Policy or subject to your prior consent.

We will need to disclose personal information related to you in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

How Long Do We Retain Personal Information?

For the provision of the Services, we will process personal information related to you to enable the Services and its measurement. We will retain personal information related to you for up to thirty (30) days solely to enable MMPs to measure the installation of mobile applications on your mobile device via the Services.

We retain different types of personal information related to you for different periods, depending on the purposes for processing the information, our legitimate business purposes, and pursuant to legal requirements under applicable law.

We will maintain your contact details when you provide them to help us stay in contact with you. You can contact our privacy team at privacy@digitalturbine.com and request that your contact details be deleted. Note that we will keep your details without using them if necessary and for the necessary period for legal requirements and proceedings.

We will retain personal information related to you after you stop using our Services if retention is reasonably necessary to resolve disputes between you and us or between you and the Carrier, to prevent fraud and abuse, or to enforce this Policy and our Terms of Use. We will keep aggregated non-identifiable information without limitation, and to the extent reasonable, we will delete or de-identify potentially identifiable information when we no longer need to process the information.

In any case, we will keep information about you for as long as the Services are enabled and/or used on your mobile device unless applicable law requires us to delete it or if we decide to remove it at our discretion, according to the terms of this Policy and our Terms of Use.

Your Choices and Rights

General
The section below applies to all mobile device users (“Users”), regardless of which laws apply to processing personal information related to them.

We will give you choices about how we use and share personal information related to you and respect your choices.

We collect and receive personal information related to you that we need for the purposes described in this Policy. You can stop using our Services at any time; thereafter, we will stop collecting personal information related to you. To stop the app, follow the following steps:

Step 1: Open the Settings apps. Step 2: Select the Apps or Apps & Notifications option. Step 3: You may need to select See All Apps to view all opened applications. Step 4: Tap the application you wish to force close.

Please note that, as detailed above, we will store and continue to use or make available certain personal information related to you.

You may also remove the mobile application installed on your device via the Services via the setting option on your device and, by doing so, disabling the Services on your device. To remove an app, go to the device Settings–>Apps or Application Manager. Then tap the app you want to uninstall (you may need to swipe right or left to find the app). Then tap ‘Uninstall’.

Upon disabling the Services’ app, the Services will no longer be available to you, and we will no longer process personal information related to you.

To delete the personal information, we have been collecting on you until now, on behalf of the Carrier, you may either (a) Reset your device advertising ID or (b) delete your device advertising ID. Both actions are available from the Android Settings menu > Google > Ads.

You may request a copy of the personal information related to you that we store about you by contacting us. You may also request that we transfer personal information related to you or provide you with copies of such personal information to enable its transfer to a third party.

When we delete personal information related to you that we have collected from or about you, it will be deleted from our active databases. Still, we will keep a reasonable number of copies in our archives. Although we will deactivate your account, we will continue to retain the personal information related to you for legitimate business purposes as set forth above.

Additional Rights Applicable to United States Residents

In addition to your rights under the general section above, if you are a resident of the United States (“US”), you are also entitled to the following specific rights under federal and state laws and regulations governing the protection of personal information and Privacy (“US Privacy Laws”), regarding personal information related to you:

  • Access and Data Portability. You have the right to request that we disclose certain information about our collection and use of personal information related to you over the past 12 months. Upon verification of your request, we will disclose to you on behalf of the Carrier:
    • The categories of personal information related to you we collected about you when you engaged with our Services or when our Services were enabled on your device by the Carrier;
    • The categories of sources for the personal information related to you we collected about you when you engaged with our Services or when our Services were enabled on your device by the Carrier;
    • Our business or commercial purpose for collecting that personal information when you engaged with our Services or when our Services were enabled on your device by the Carrier;
    • The categories of personal information related to you that we disclosed for a business purpose and the categories of third parties with whom we disclosed that particular category of personal information related to you when you engaged with our Services or when our Services were enabled on your device by the Carrier;
    • The specific pieces of personal information related to you that we collected about you when you engaged with our Services or when our Services were enabled on your device by the Carrier;
    • Suppose we disclose personal information related to you for a business purpose. In that case, we will provide you with a list identifying the categories of personal information related to you.
  • Correction. You have the right to request that the Carrier correct inaccurate personal information related to you that we maintain about you on the Carrier’s behalf.
  • Deletion. You have the right to request that we delete any personal information related to you. Upon confirmation of your deletion request from your Carrier, we will delete personal information related to you from our records unless an exception applies. Note that when we delete personal information related to you that we have collected from or about you, it will be deleted from our active databases. Still, we will keep a reasonable number of copies in our archives. We will continue to retain your personal information for legitimate business purposes, as set forth under the “Specific Provisions for US Residents” section in this policy.
  • Non-discrimination. You also have a right not to be discriminated against for exercising your rights under US Privacy Laws.

Exercising Your Rights

If you wish to exercise any of your rights in relation to personal information related to you, please send us an email to privacy@digitalturbine.com. We will respond to your request on behalf of your Carrier.

You may also control what personal information we collect from your device related to you by changing the permissions settings on your mobile device.

You can exercise the rights detailed under this section by submitting your request to us by emailing privacy@digitalturbine.com. We will respond to your request on behalf of your Carrier.

Note that only you or a person authorized to act on your behalf may make a request related to personal information related to you. A request for access can be made by you only twice within a 12-month period.

Also note that your request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative and describe your request with sufficient detail that allows us to understand, evaluate, and respond to it properly.

We cannot respond to your request or provide you with the requested personal information if we cannot verify your identity or authority to make the request and confirm the personal information related to you. We will only use the personal information provided in your request to verify your identity or authority to make the request.

We will do our best to respond to your request within 30 days of receipt. If we require more time (up to 30 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding receipt of your request. Our response will also explain why we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If the request warrants a fee, we will inform you of the reasons for such a decision and provide a cost estimate before completing your request.

We will not require that you create an account to exercise your rights under this Policy, and we will not charge any fee or decrease the availability of our Services based solely on the fact that you have chosen to exercise one of your rights.

After receiving our reply, you can appeal against our decision by contacting us or the Carrier. We will review your appeal and provide you with our answer and our explanation of the reasons for our decision(s) within 60 days of receiving it. We will also provide you with a link (to the extent available) where you can submit a complaint with the relevant Attorney General or Supervisory Authority, as applicable.

Aggregated and Analytical Information

We use anonymous, statistical, or aggregated information and will share it with our partners for legitimate business purposes. It does not affect your privacy because there is no reasonable way to extract data from the aggregated information that we or others can associate specifically with you.

Specific Provisions for United States Residents

This section applies solely to all visitors, users, and others who reside in the US.

Any terms defined under US Privacy Laws have the same meaning when used in this section.

Additionally, as used under this section and the rest of this Policy, personal information is defined under applicable US Privacy Laws.

This chapter supersedes any contradicting provisions under the other sections of this policy.

We have collected the personal information related to you described above under the sections titled “Categories of Personal Information You Provide Us” and “Categories of Personal Information that We Collect” of this Policy. Such Information consists of the following categories:

  • Identifiers and personal information categories are listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

We obtain the categories of personal information related to you listed above from the following source type:

  • Directly and indirectly from you, your device, and your engagement with our Services.

We use the personal information related to you that we collect or receive for the purposes mentioned under the section “What Do We Do with Personal Information?” of this Policy.

We disclose personal information related to you to third parties for business purposes as described above under the section titled “Who Do We Disclose, Share, or Sell Personal Information With?”.

We do not sell personal information related to you.

Categories of Sensitive Personal Information

The Services are not intended to collect sensitive personal information (within the meaning of US Privacy Laws). We do not knowingly collect or allow others to collect sensitive personal information about you, and we require you not to provide us with any such data.

Selling and Sharing Personal Information

We do not sell personal information related to you.

We do not knowingly sell or share consumers’ personal information of children under 16.

The categories of personal information collected by third parties in the preceding 12 months include the advertising identifier of your mobile device.

Storing of Personal Information in the United States

In the United States, we store, and process personal information related to you directly or using third parties, such as data hosting service providers. Digital Turbine has data centers in the United States.

Transfer of Personal Information

We at Digital Turbine participate in the EU-US Data Privacy Framework (“EU-US DPF”), the UK Extension to the EU-US DPF (“UK Extension”), and the Swiss-US Data Privacy Framework (“Swiss-US DPF”), as set forth by the US Department of Commerce.

Specifically, Digital Turbine’s following entities are covered by the EU-US DPF, UK Extension, and Swiss-US DPF: (1) Digital Turbine USA, Inc., (2) Digital Turbine Media, Inc., and (3) Mobile Posse, Inc. d/b/a “Digital Turbine.” Accordingly, the term ‘we’ in this chapter refers to the above three entities.

You can review our Data Privacy Framework registration at https://www.dataprivacyframework.gov/s/participant-search.

We have certified to the US Department of Commerce that we adhere to the EU-US Data Privacy Framework Principles (“EU-US DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-US DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-US DPF.

 

We have certified to the US Department of Commerce that we adhere to the Swiss-US Data Privacy Framework Principles (“Swiss-US DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-US DPF.

 

If there is any conflict between the terms in this notice or our policy with the EU-US DPF Principles (including the UK Extension) or the Swiss-US DPF Principles, the Principles will govern. To learn more about the Data Privacy Framework (“DPF”) program, visit the website here.

 

In accordance with the EU-US DPF, we commit to resolving DPF Principles-related complaints about our collection and use of personal data related to you. If you have any inquiries or complaints about our handling of personal data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF (as applicable), please contact us at privacy@digitalturbine.com. We will do our best to respond to your inquiry immediately.

In accordance with the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF, we commit to cooperate (respectively) with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC), as applicable, with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF.

 

You may also consider invoking the arbitration option under the DPF under certain conditions, which are detailed here for additional details.

 

We share personal data with third parties to perform services on our behalf.

When we share personal data received under the Data Privacy Framework with a third party, the third party’s access to, use, and disclosure of such personal data must also comply with our obligations under the Data Privacy Framework. We will remain liable under the Data Privacy Framework for any failure to do so by such a third party unless we can demonstrate that we are not responsible for the event giving rise to the damage.

We are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

 

Note that, as detailed above, we may be required to disclose personal data related to you in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

 

We already adhere to the required commitments under the UK Extension to the EU-US Data Privacy Framework and the Swiss-US Data Privacy Framework. We will rely on the UK Extension and the Swiss-US Data Privacy framework for applicable data transfers as of the date that they take effect.

Information Security

Digital Turbine is committed to ensuring the security of personal information. We and our hosting services implement systems, applications, and procedures to secure personal information related to you to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information. These measures provide sound industry-standard security.

However, please understand that security systems are only impenetrable. Although we make efforts to protect your privacy, we cannot guarantee that the Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.

Dispute Resolution

We do periodical assessments of our data processing and privacy practices to ensure that we comply with this Policy, update the Policy when we believe that we need to, and verify that we display the Policy properly and in an accessible manner. If you have any concerns about how we process personal information related to you, you are welcome to contact our privacy team at privacy@digitalturbine.com or write to us.

We will look into your query and make good-faith efforts to resolve any existing or potential dispute with you.

Changes to this Privacy Policy

From time to time, we will update this Policy. If the updates have minor, if any, consequences, they will take effect when we post them via AppSelect, which is available whenever we recommend new apps to you to download. Substantial changes will be effective 30 days after we initially posted the notice.

Until the new policy takes effect, if it materially reduces the protection of your privacy right under the then-existing policy, you can choose not to accept it and stop using our Services. Continuing to use the Services after the new policy takes effect means that you agree to the new policy. Note that if we need to adapt the policy to legal requirements, the new policy will become effective immediately or as required by law.

Incorporation of the Terms of Use

This Policy is an integral part of the Digital Turbine Terms of Use.

Contact Us

Don’t hesitate to get in touch with us at privacy@digitalturbine.com.

ANNEX 1

Supplemental Terms for Processing Personal Data Under the GDPR

We at DT describe our privacy practices and our relevant Services, on our Notice at Collection and Privacy Policy above (the “General Policy”). Please take the time to read our General Policy.

These terms supplement and are not a substitute for our General Policy. They add terms specifically related to our privacy practices associated with processing personal data under European data protection laws, namely the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

You should read both documents to understand the full scope of our privacy practices. If there are any overlapping provisions, these supplemental terms will prevail for our processing of personal data under the GDPR.

These terms use certain defined terms under the GDPR, such as “personal data”, “processing”, “consent”, “data controller” and “lawful grounds of processing”. If you are not familiar with these terms, please seek further guidance or contact our privacy team at: privacy@digitalturbine.com with any questions that you may have about these terms.

Lawful Grounds of Processing

We process personal data related to you as a data processor when you use any of the Services or when the Carrier enables the Services on your mobile device.

The Carrier solely determines the lawful grounds for processing personal data related to you:

  • We provide you with our Services subject to your consent to the contracts that govern them (such as the Carrier’s welcome screen, your mobile device Terms of Use, the Terms and Conditions that you opted in on first activation of your mobile device or when you opted in to selects apps (via the AppSelect Service) to be installed on your device).
  • We will process personal data related to you, to perform the contract between you and the Carrier.
  • We may process processes personal data related to you to comply with legal obligations and where necessary, to protect your and others’ vital interests.
  • Carrier may also rely on its legitimate interests, which it may have a good-faith belief that is not overridden by your fundamental rights and freedoms, for the following purposes:
  • To protect the Services and the networks and systems, including cyber security measures.
  • To provide support, customer relations, and for service operations.
  • To enhance and improve your and other users’ experience with the Services.
  • To detect, contain, prevent, and handle cases of fraud and misuse of our Services.
  • We may also rely on your consent for processing personal data related to you via the Services as stated above. Where consent is provided by you, we will also present you with an option to withdraw it.

Your Rights Under the GDPR

In addition to your applicable rights as described under our General Policy, you have the following rights:

  • AT ANY TIME, YOU CAN CONTACT US AND REQUEST TO WITHDRAW YOUR CONSENT TO THE PROCESSING OF PERSONAL DATA RELATED TO YOU VIA THE SERVICES. EXERCISING THIS RIGHT WILL NOT AFFECT THE LAWFULNESS OF PROCESSING BASED ON CONSENT BEFORE ITS WITHDRAWAL.
  • Request to access personal data that we keep about you and receive further information as described under the GDPR. If you find that the personal data related to you is not accurate, complete, or up to date, please provide us the necessary information to correct it.
  • Request to delete or restrict access to personal data related to you. We will review your request and use our judgment, pursuant to the provisions of the applicable law, to reach a decision about your request.

If we need to delete personal data related to you following your request, it will take some time until we completely delete residual copies of personal data related to you from our active servers and from our backup systems.

  • If you exercise one (or more) of the above-mentioned rights, in accordance with the provisions of applicable law, you may request to be informed that third parties that hold personal data related to you, in accordance with this Policy, will act accordingly.
  • You may ask to transfer personal data related to you in accordance with your right to data portability.
  • You may object to the processing of personal data related to you for direct marketing purposes, such as by unsubscribing from our newsletters and distribution lists. Additional information about this right is available under the choice section in this policy.
  • You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affecting you.
  • You have a right to lodge a complaint with a data protection supervisory authority of your habitual residence, your place of work or the place of an alleged infringement of your rights under the GDPR.

Please note that when you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and will ask you further questions to understand the nature and scope of your request.

If you have any concerns about the way we process personal data related to you, you are welcome to contact our privacy team at: privacy@digitalturbine.com. We will investigate your inquiry and make good-faith efforts to respond promptly. If we are unable to help, you also have the right to make a complaint to the applicable data protection supervisory authority, as aforementioned.

Our DPO and Representatives

Our Data Protection Officer can be reached at: privacy@digitalturbine.com.

Our EEA designated representative is: Rickert Rechtsanwaltsgesellschaft mbH and can be reached at: Colmantstraße 15, 53115 Bonn, Germany, art-27-rep-digitalturbine@rickert.law.    

Transfer of Personal Data Outside the EEA

Our Services are provided via your mobile device. We store and process information in the U.S. From time to time, we will make operational decisions which will have an impact on the sites in which we maintain personal data.

We make sure that our third-party service providers provide us with adequate confidentiality, data protection and security commitments in accordance with the GDPR, and we will take all steps reasonably necessary to ensure that personal data related to you is treated securely and in accordance with our General Policy and these supplemental terms.

We may transfer personal data related to you to other countries. Some of them are not recognized by the European Commission as providing adequate protection to personal data, and some of them, although recognized, required additional safeguards. We will use appropriate safeguards, in particular, by way of entering into the European Union (EU) Standard Contractual Clauses with the relevant recipients, by relying on self-certifications, or by complying with equivalent data transfer mechanisms. You can contact our privacy team at: privacy@digitalturbine.com to receive more information related to our data transfer practices.

Please also see the section “Transfer of Personal Information” in the General Policy” for additional information regarding our transfers of Personal Data outside the EEA to the US.

ANNEX 2

Supplemental Terms for Processing Personal Data Under the LGPD

We at DT describe our privacy practices and our relevant Services on our Notice at Collection and Privacy Policy (the “General Policy”). Please take the time to read our General Policy.

These terms supplement our General Policy. They add terms specifically related to our privacy practices associated with processing personal data under Brazilian data protection laws, namely the Brazilian General Data Privacy Law (Lei Geral de Proteção de Dados Pessoais). We will refer to them as the “LGPD”).

You should read both documents to understand the full scope of our privacy practices. If there are any overlapping provisions, these supplemental terms will prevail, for our processing of personal data under the LGPD.

These terms use certain defined terms under the LGPD, such as “personal data”, “processing”, “consent”, “data controller” and “lawful grounds of processing”, as translated from the official version of the LGPD in Portuguese. If you are not familiar with these terms, please seek further guidance or contact our privacy team at: privacy@digitalturbine.com with any question that you may have about these terms.

Lawful Grounds of Processing

We process personal data related to you as a data processor on behalf of your mobile device carrier (“Carrier”) when you use any of our Services based on the following lawful grounds determined solely by the Carrier:

  • We provide you with our Services subject to your consent to the contracts that govern them (such as the Carrier’s welcome screen, your mobile device Terms of Use, the Terms and Conditions that you opted in on first activation of your mobile device or when you opted in to selects apps (via the AppSelect Service) to be installed on your device).
  • We will process personal data related to you, to perform the contract between you and the Carrier.
  • We may process processes personal data related to you to comply with legal obligations and where necessary, to protect your and others’ vital interests.
  • Carrier may also rely on its legitimate interests, which it may have a good-faith belief that is not overridden by your fundamental rights and freedoms, for the following purposes:
  • To protect the Services and the networks and systems, including cyber security measures.
  • To provide support, customer relations, and for service operations.
  • To enhance and improve your and other users’ experience with the Services.
  • To detect, contain, prevent, and handle cases of fraud and misuse of our Services.
  • We may also rely on your consent for processing personal data related to you via the Services as stated above. Where consent is provided by you, we will also present you with an option to withdraw it.

Your Rights Under the LGPD

In addition to your applicable rights as described under our General Policy, you have the following rights in relation to personal data related to you:

  • Confirmation of the existence of the processing;
  • Access to the personal data related to you (i.e., obtain a copy);
  • Correction of incomplete, inaccurate or out-of-date personal data related to you;
  • Anonymization, blocking or deletion of unnecessary or excessive personal data related to you or personal data related to you processed in noncompliance with the provisions of the LGPD;
  • Portability of the personal data related to you to another service or service provider, by means of an express request and subject to commercial and industrial secrecy, pursuant to the regulation of the controlling agency;
  • Deletion of personal data related to you processed with your consent, except in the situations provided under the LGPD;
  • Information about public and private entities with which we shared personal data related to you;
  • Information about the possibility of denying consent and the consequences of such denial;
  • Revocation of your consent as provided under the LGPD.

Please note that when you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and will ask you further questions to understand the nature and scope of your request.

If you have any concerns about the way we process personal data related to you, you are welcome to contact our privacy team at: privacy@digitalturbine.com. We will investigate your inquiry and make good-faith efforts to respond promptly. If we are unable to help, you also have the right to make a complaint to the applicable data protection supervisory authority, as aforementioned.

Our DPO

Our Data Protection Officer can be reached at: privacy@digitalturbine.com.

Transfer of Personal Data Outside Brazil

Our Services are provided via your mobile device. We store and process information within the U.S. From time to time, we will make operational decisions which will have an impact on the sites in which we maintain personal data.

We make sure that our third-party service providers provide us with adequate confidentiality, data protection and security commitments in accordance with the LGPD, and we will take all steps reasonably necessary to ensure that personal data related to you is treated securely and in accordance with our General Policy and these supplemental terms.

We will transfer personal data related to you to other countries. Some of them provide a degree of protection of personal data appropriate to the provisions the LGPD. In other cases, we will use appropriate safeguards by way of entering into standard data transfer agreements with the relevant recipients, or by relying on other applicable data transfer mechanisms. You can contact our privacy team at: privacy@digitalturbine.com to receive more information related to our data transfer practices.