Last Updated: January 27, 2020
The information we gather falls into three categories: (1) information voluntarily supplied by users; (2) information automatically gathered; and (3) information we collect from third parties.
Throughout this Policy, we discuss in detail the specific pieces of personal information we collect from and about users. The California Consumer Protection Act ("CCPA") requires us to provide you with the "categories" of personal information we collect. The categories we collect are: identifiers (such as name, address, email address, IP address, device identifiers, and login information); commercial information (such as subscription and delivery history); financial data (such as credit card information); internet or other network or device activity (such as browsing history or what content you access on our Sites or Applications); geolocation information (e.g., your city and state based on IP address or precise location information from your mobile device with your consent and consistent with your mobile device settings); professional or employment related data; potentially protected classifications (such as gender, nationality, marital status, veteran status, and age); physical characteristics or description (such as when you voluntarily submit a photo to our Site or Application); and other information that identifies or can be reasonably associated with you (such as information you make available on message boards or through email).
We and our service providers may use the categories of personal information we collect from and about you consistent with the various business purposes and commercial we discuss throughout this Policy. Please see the relevant section(s) for more information.
We collect and store information that you voluntarily supply to us.
When you register as a PROTOCOL member, we collect information including your name, company, title, zip code, e-mail address, password, and information regarding tip sheets and author alerts you would like to receive.
When you request information about our subscriptions, we collect information including your name, e-mail address, title, job type, phone number, organization name, organization type, country, industry field of interest, interested products, and locations of interest.
When you order a subscription to PROTOCOL or pay your bill online, we will collect all information necessary to complete the transaction, including your name, credit card, and other related information.
When you sign up for our electronic newsletters, we collect your e-mail address.
When you respond to our surveys, we will collect all the information requested in the surveys, including any applicable contact information and demographic information such as your e-mail, first name, last name, location, place of employment, type of employment, industry, household income, race, age, and gender.
We also collect information at other points in our Sites and Application which state information is being collected.
You do not have a statutory obligation to provide us with your information. If you are a PROTOCOL subscriber, you have a contractual obligation to provide us with information necessary to enter into a subscription agreement and provide our services to you. If you are not a subscriber, you do not have a contractual obligation to provide us with your information, but if you do not, we may not be able to provide you with services you have requested or you may be limited in your use of our services (e.g., if you do not provide us with your e-mail address, we will not be able to send you newsletters).
We also may collect and store information that is generated automatically as you navigate through our Sites or Applications.
To make our Sites and Applications more useful to you, our servers (which may be hosted by a third-party service provider) may collect information from your computer or device, including but not limited to:
If you allow our Application to have access to your location information and you have enabled location services on your phone, we collect your precise location information.
We may also collect information about you through non-affiliated third parties, such as market research firms and public sources. Depending on the source, this information collected from third parties could include information such as demographic information and brand and media consumption information. We may combine information that we collect about you through the Sites and Applications with information that we obtain from such third parties.
To help make the Sites and Applications more responsive to the needs of users, we employ a standard software feature, called a "cookie," to assign each user a unique, random number that resides on a user's computer or device. The cookie by itself does not personally identify the user; it merely identifies the computer or device with which the user accesses a Site or Application. Cookies help us track user trends and patterns. They also prevent you from having to re-enter your preferences on certain areas of a Site or Application where you have entered preference information before.
When we post videos, third parties may use local shared objects, known as flash cookies to store your preferences for volume control or to personalize certain video features. Flash cookies are different from cookies because of the amount and type of data and how the data is stored.
We also may use web beacons (also known as "pixel tags") to access cookies and to count users who visit our Sites, use our Applications, or open our HTML-formatted e-mail messages. Pixel tags are graphic images with a unique identifier, similar in function to cookies, that are used to track online movements of our users. In contrast to cookies, which are stored on a user's computer hard drive, pixel tags are embedded invisibly in web pages and e-mail messages. We may collect information about your interactions with our e-mail messages, such as the links you click on and whether you open or forward a message, the date and time of these interactions and the device you use to read our e-mails.
We also collect anonymized, cookie-based demographics data from third parties to analyze the composition of our audience.
Our Site also makes use of various third-party cookie data collection and linking services. PROTOCOL and third-party vendors, including Google, Teads and others, may use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the Google Ad Manager cookie) together to (i) inform, optimize, and serve ads based on your past visits to our website and (ii) report how your ad impressions, uses of ad services, and interactions with the foregoing are related to your visits to the Site. In addition, we may use Google Analytics data, including but not limited to, geographic, demographics, and interest reporting information to recognize and understand user preferences, make improvements, and for other business purposes. You can learn more about how Google manages data in its ads products, through which you can learn how to opt out of Google Analytics for display advertising or customize Google display network ads, by visiting the Google Ads Settings page. Learn more about how Teads uses data.
Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our website for third party purposes, and that is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals. To learn more about Do Not Track, you can do so here.
We use the information we collect about you to:
We may create aggregated or de-identified records based on information we collect about you (such as by removing your name). We reserve the right to use such data for any purpose and disclose such data to third parties in our sole discretion. For instance, when you respond to a survey, we may use, disclose and/or publish the responses you provide to us. However, we will not publish or disclose your name in connection with your response without your prior consent.
The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your personal data. To the extent those laws apply, our legal grounds for processing your personal data are as follows:
Please also keep in mind that whenever you voluntarily make your information available for viewing by third parties online — for example on message boards, through e-mail or web logs, or in chat areas — that information can be seen, collected and used by others besides PROTOCOL LLC. We cannot control who reads your postings or what other users may do with the information that you voluntarily post, so it is very important that you do not put data such as private contact information which you do not want to make available to the public in your posts. Once you have posted information publicly, while you may still be able to edit and delete it on our Site or Application, you will not be able to edit or delete such information cached, collected, and stored elsewhere by others (e.g., search engines).
We may share your information with our vendors and other third-party service providers to: provide you with the services that we offer through our Sites and Applications; process your payments; conduct quality assurance testing; facilitate creation of accounts; provide technical support; and/or provide other services to PROTOCOL LLC and our Affiliates. Our third-party service providers are obligated to only use the information for providing, maintaining, and improving the services on our behalf.
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your "personal information" as defined in the California Consumer Privacy Act ("CCPA").
We may disclose the following categories of information about you or your use of the Sites and Applications for business purposes (as defined by applicable law) or as required by applicable law:
Identifiers (such as name, address, email address, IP address, device identifiers, and login information); commercial information (such as subscription and delivery history); financial data (such as credit card information); internet or other network or device activity (such as browsing history or what content you access on our Sites or Applications); geolocation information (e.g., your city and state based on IP address or precise location information from your mobile device with your consent and consistent with your mobile device settings); professional or employment related data; potentially protected classifications (such as gender, nationality, marital status, veteran status, and age); physical characteristics or description (such as when you voluntarily submit a photo to our Site or Application); and other information that identifies or can be reasonably associated with you.
The California Consumer Privacy Act (CCPA) sets forth certain obligations for businesses that "sell" personal information. Based on the definition of "sell" under the CCPA and under current regulatory guidance, we may have sold the following categories of information about you in the past twelve months: Identifiers (such as name, address, email address, IP address, or device identifiers); internet or other network or device activity; geolocation information; professional or employment related data; potentially protected classifications (such as gender, nationality, marital status, veteran status and age); physical characteristics or description (such as when you voluntarily submit a photo to our Site or Application); and inferences related to the information identified.
If you wish to opt out of the sale of your personal information, please email firstname.lastname@example.org.
For online payments, we use the payment services of CyberSource which incorporates the services of FDC Nashville Global. We do not process, record, or maintain your credit card information. For more information on how payments are handled, or to understand the data security and privacy protections afforded to such information, please refer to CyberSource.
We have implemented administrative, technical, and physical security measures to protect against the loss, misuse, and/or alteration of your information. These safeguards vary based on the sensitivity of the information that we collect and store. However, we cannot and do not guarantee that these measures will prevent every unauthorized attempt to access, use, or disclose your information since despite our efforts, no Internet and/or other electronic transmissions can be completely secure.
To the extent that PROTOCOL's affiliates in the EEA make such transfers, they will rely on Standard Contractual Clauses approved by the European Commission. Individuals whose personal data is transferred pursuant to the Standard Contractual Clauses may request a copy of the clauses by contacting us as described below.
The Sites and Applications are not directed to children under the age of thirteen and we do NOT knowingly collect personal information, as that term is defined in the Children's Online Privacy Protection Act ("COPPA") from children under the age of thirteen. If we discover that a child under 13 has submitted personal information to us, we will attempt to delete the information as soon as possible.
We do not knowingly process data of EU residents under the age of 16 without parental consent. If we become aware that we have collected data from an EU resident under the age of 16 without parental consent, we will take reasonable steps to delete it as soon as possible. We also comply with other age restrictions and requirements in accordance with applicable local laws.
If you believe that we might have collected any personal information from a child under 13 or a resident of the EU who is under 16, please contact us at email@example.com.
If you register with us, you have the opportunity to review, update, change or delete the registration data we have collected about you at any time by editing your personal data in your account settings or by sending an e-mail to us at firstname.lastname@example.org. You may request deletion of your registration data by us, and we will use commercially reasonable efforts to honor your request, but please note that we may be required to keep such information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from our active database, but may remain in our archives. We may also retain your information for fraud prevention or similar purposes.
Individuals in the EEA and other jurisdictions have certain legal rights to obtain confirmation of whether we hold personal data about them, to access personal data we hold about them, and to obtain its correction, update, amendment, or deletion in appropriate circumstances. You may also have rights to object to our handling of your personal data, restrict our processing of your personal data, and to withdraw any consent you have provided. To exercise these rights, please contact us as described below with the nature of your request. While we strongly encourage you to first raise any questions or concerns about your personal data with us, you also have a right to contact the relevant supervisory authority.
Many of the rights described here are subject to significant limitations and exceptions under applicable law (e.g., objections to the processing of personal data, and withdrawals of consent, typically will not have retroactive effect). Individuals in the EEA may send an email to email@example.com.
If you are a California resident, you may have certain rights. California law may permit you to request that we:
You may have the right to receive information about the financial incentives that we offer to you (if any). You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law. For example, we need certain types of information so that we can provide the Services to you and for compliance with applicable law. If you ask us to delete certain information, you may no longer be able to access or use the Services.
California customers may request, once per year, that we disclose the identity of any third parties with whom we have shared personal information for the third parties' direct marketing purposes within the previous calendar year, along with the type of personal information disclosed.
California residents under age 18 who are registered users of online sites, services or applications may request and obtain removal of content or information they have publicly posted. Your request should include a detailed description of the specific content or information to be removed. Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.
If would like to exercise any of these rights, please contact us at firstname.lastname@example.org. You may be required to verify your identify before we fulfill your request. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.
Under Nevada law, certain Nevada consumers may opt out of the sale of "personally identifiable information" for monetary consideration to a person for that person to license or sell such information to additional persons. "Personally identifiable information" includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online.
If you are a Nevada resident who has purchased or leased goods or services from us, you may submit a request to opt out of any potential future sales under Nevada law by emailing us at email@example.com. Please note we will take reasonable steps to verify your identity and the authenticity of the request.
If you have subscribed to one of our e-mail newsletters, you will always have the opportunity to unsubscribe from future mailings by logging into to your account and modifying your preferences. You will also have the opportunity to "opt-out" of commercial e-mail from the applicable PROTOCOL service by following the unsubscribe instructions provided in the e-mail you receive or by contacting us directly (please see contact information above).
If you have elected to participate in our survey panel, you may elect whether you would like to receive e-mail notices of new surveys by logging into your account and modifying your preferences.
If you decide at any time that you no longer wish to accept cookies for any of the purposes described above, then you can instruct your browser or mobile device, by changing its settings, to stop accepting cookies or to prompt you before accepting a cookie from the websites and/or applications. If you do not accept cookies, however, you may not be able to use all portions of, or all functionalities of, the Sites or Applications, as applicable. If you have any questions about how to disable or modify cookies, please let us know at the contact information provided above.
Cookie management tools will not remove flash cookies. Learn how to manage privacy and storage settings for flash cookies.
If you decide at any time that you no longer wish to have your SNS account linked to your PROTOCOL membership account, please refer to the privacy settings of the SNS to determine how you may adjust our permissions and manage the interactivity between the Sites and/or Application with your social media account.
If have elected to allow us to track your location information on your mobile device and you later decide you no longer want us to collect your location information, you can disable location services through your mobile device's application settings.
You can stop all collection of information by the Application by uninstalling the Application. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.