Last Updated: January 11, 2023.
Hivestack Inc., a Canadian company with a registered office at 118 Rue Saint-Pierre, Montréal, QC H2Y 2L7, Canada.
This policy explains how Hivestack Inc., as well as its affiliated and related companies (“Hivestack”, “we” or related possessive pronouns) use, share and otherwise treat Information for the purpose of its location-based marketing services, described in more detail on this website, including our Home page as well as our Platform page.
Hivestack takes your privacy seriously. We work diligently to ensure that our practices meet or exceed legal and industry standard compliance including transparency regarding our use and treatment of data.
Hivestack is a leading advertising company that provides a technology platform which gives marketers a powerful solution to deliver digital out-of-home (“DOOH”) advertising campaigns. Hivestack has developed a proprietary technology platform that enables clients to reach their desired target audience, and measure the efficacy of their campaigns.
Hivestack partners with location data provider companies who collect and use precise location data to help advertisers provide more relevant offers to mobile application users, and to inform the delivery and measurement of DOOH advertising. Hivestack does not collect this location data directly; all location Information is provided by Hivestack’s partners, such as Cuebiq who are one of our data providers.
Hivestack receives this location Information from its partners as a file in a secure AWS S3 transfer. This location Information includes lat/long (latitudinal and longitudinal) data, i.e., GPS-level data associated with a mobile advertising ID, such as an IDFA or an Google Android Advertising ID (“GAAID”) and time and date Information as a timestamp.
We use the Information we receive to understand the optimal times and locations to best reach defined audiences on DOOH screens. This allows Hivestack to deliver ads to DOOH screens and to understand movement patterns.
The location data we receive is also used to understand which mobile Device IDs (IDFA and GAAID) were in proximity to a DOOH location at a time when DOOH campaign creative was displayed and build a list of those Device IDs. That list of mobile Device IDs in proximity to DOOH locations, may then be used to build an audience for targeting delivery of mobile in-app advertisements. These Mobile Advertising IDs can be used for certain advertising purposes. They can be used to limit the number of times a specific advertisement is presented to the same Device, track a Device to show that the Device interacted with an ad (i.e. “clicked” on it, watched a video ad, or downloaded an application as a result of an advertisement).
Hivestack does not permit any data collected to be used for Personalized Advertising relating to sensitive health segments, or sexual orientation.
This location Information we receive from our partners may additionally be used to perform aggregated “attribution” analysis for DOOH campaigns. This analysis can help marketers understand in aggregate which users have been exposed to which DOOH ad campaigns and if Devices exposed to a DOOH advertising were then measured at that advertiser’s physical retail location. This is done so that an ad campaign’s success may be understood.
Hivestack receives these pieces of Information from their location partners:
Time and Date Information as a Timestamp
Unique Device identifiers for advertising (Google Advertiser ID or IDFA)
Geolocation as both a Latitude and Longitude
We do not receive personally identifiable data such as names, phone numbers, email addresses or physical addresses.
Hivestack does not share user-level data with third parties for Personalized Advertising, DOOH Advertising, or ADR purposes. We may share your Information with third parties:
If the Information is provided to help complete a transaction requested by you.
If you request or authorize it.
If the disclosure is done as part of a purchase, transfer, or sale of services or assets (e.g., in the event that substantially all of our assets are acquired by another party, your Information may be one of the transferred assets, or in the course of due diligence for such an event) or in the event of bankruptcy.
If the Information is provided to our third-party vendors or service providers to perform functions on our behalf (e.g., analyzing data, providing marketing assistance, providing customer service, processing orders, etc.).
When we receive location Information (including precise location Information) from location data provider partners, we endeavour to work with partners that provide disclosures to their own users regarding the use of mobile data for interest-based advertising purposes, and regarding consumer opt out rights.
You may manage certain collection and sharing of Information in connection with the Hivestack Site and the Services as follows:
You may control how your browser responds to cookies by adjusting the privacy and security settings of your web browser.
You may limit the disclosure of certain Information by your mobile Device to us and Publishers by adjusting the settings on your mobile Device.
For iOS mobile Devices, go to “Settings” from your Device’s home screen; scroll down to “Privacy”; select “Advertising”; and turn on “Limit Ad Tracking.”
For Android mobile Devices, go to “Google Settings” on your Device; select “Ads”; and check the box labeled “Opt Out of Interest-Based Ads.”
Our data partners honour these “limit” or “opt out” instructions or “flags” by removing recognized Devices from our cross-app advertising or ad delivery and reporting solutions, on a going-forward basis.
You may opt out of certain advertisers’ cookies and browser-enabled, interest-based advertising by visiting Network Advertising Initiative Mobile Choice page.
Please note that these opt outs apply to interest-based advertising by participating advertisers. You may still receive other types of online advertising from participating advertisers, and the websites you visit may still collect Information for other purposes. In addition, the opt-out choices you select are stored in opt-out cookies only in the browser that you use to visit the opt-out websites, so you should separately set your preferences for other browsers or Devices you may use. Deleting browser cookies can remove your opt-out preferences, so you should visit these opt-out websites periodically to review your preferences or update your preferences to apply to new participating advertisers.
Publishers and Advertisers may also provide ways for you to opt out from or limit their collection of Information from and about you. Please refer to the privacy policies for the Apps to learn more about the privacy practices of Publishers and Advertisers. Please note, however, that we are not responsible for the privacy practices of Publishers, Advertisers, and other third parties.
You may opt not to receive promotional emails from us by contacting us as indicated in our contact details at the end of this document or by following the “unsubscribe” instructions in any promotional email you receive from us, or by contacting us at firstname.lastname@example.org. Please note, however, that we may still send you non-promotional, transactional or service-related emails about your relationship with us.
We continue to use mobile advertising IDs for analytics purposes and other purposes unrelated to interest-based advertising and reporting (for instance, in aggregated form for market research) for up to 24 months (outside of EEA countries and Switzerland) or 13 months (in EEA countries and Switzerland), provided that we may retain them if we have a legal or significant operational or legal need to do so, such as for auditing, corporate record-keeping, compliance, record-keeping, accounting or security and bug-prevention purposes.
We have administrative, technical, and physical safeguards in place in our physical facilities and in our computer systems, databases, and communications networks that are designed to protect Information contained within our systems from loss, misuse, or alteration. No method of electronic transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security of your Information. If you have any questions about the security of your Information, please contact us as described below.
We may store and process your Information in Canada and the United States. By accessing the Hivestack website or our Services, you consent to the transfer of your Information to Canada and the United States and other countries. Please note that the laws in Canada and the United States and other countries regarding processing Information may be less stringent than in your country.
Hivestack is a member of the Network Advertising Initiative (NAI), and we undergo annual certifications that we adhere to their strict Code of Conduct. To learn more about the NAI or how to opt out of receiving targeted advertising from other third party services that belong to the NAI, please follow this link.
As of May 25, 2018, a data privacy law known as the EU General Data Protection Regulation (or the “GDPR”) has been in effect through the EEA countries and Switzerland. The GDPR requires Hivestack as an organisation handling location data to provide users with certain Information about the processing of their “Personal Data.” “Personal Data” is a term used in Europe that means, generally, data that identifies or can identify a particular unique user or Device – for instance, names, addresses, cookie identifiers, mobile Device identifiers, precise location data and biometric data. To comply with the GDPR, we provide the below representations and Information, which are specific to persons located in EEA countries or Switzerland.
a. Legal grounds for processing your Personal Data
The GDPR requires us to tell you about the legal basis we’re relying on to process any Personal Data about you. The legal basis for us processing your Personal Data for the purposes set out in Sections 2 and 3 above will typically be because:
You provided your consent. In order to provide our services that involve use of precise location Information related to other Personal Data, (and to store and gain access to Information stored on your Device such as mobile advertising IDs), we rely on your consent. To obtain this consent, we rely on our web and mobile partners’ compliance steps, designed to ensure that consent is collected and passed on to Hivestack, and to ensure that we only process legally obtained data. We do this to fulfill our obligations under the ePrivacy Directive. We may choose to obtain consent in other cases as well, in which case we will adhere to applicable laws relating to such consent and its withdrawal.
The processing is in our legitimate interest. In some cases, we use legitimate interest as a legal basis for processing Personal Data. We rely on legitimate interest when we use Personal Data to maintain the security of our services, such as to detect fraud or to ensure that bugs are detected and fixed. We also rely on legitimate interest when we use our own customers’ data to communicate with them about our Services.
Legal Obligations. Some processing of data may be necessary for us to comply with our legal or regulatory obligations.
b. Transfers of Personal Data
Where we are able to do so, we collect, obtain, process or otherwise handle Personal Data within the same jurisdiction as where you reside. For example, the Personal Data of European Union (“EU”) residents is collected or obtained, processed, stored and otherwise handled within the EU.
However, Hivestack works with global companies and technologies, and so, depending on where you reside, we may need to transfer your Personal Data outside of your home country/state/province (e.g. from Canada to the United States). Rest assured that we will protect your Personal Data when it is transferred outside of your home jurisdiction by: (i) processing it in a territory that provides an adequate level of protection for Personal Data based on the receiving country’s data protection laws; and/or (ii) implementing appropriate safeguards to protect your Personal Data, such as requiring the recipient to comply with protective contractual clauses, or another lawful and approved transfer mechanism. However, please note that the laws in countries outside of your jurisdiction regarding the processing of Personal Data may be less stringent than those in your jurisdiction and may not give you the same rights as you currently have.
c. Personal Data Retention
As a general matter, we retain your Personal Data for as long as necessary to provide our Services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements. We generally continue to use mobile advertising IDs for analytics purposes and other purposes unrelated to interest-based advertising and reporting for 13 months (in EEA countries and Switzerland) from receipt of consent. We may retain this (and other) Information whenever and so long as we have a legal or significant operational need to do so, such as for auditing, corporate record-keeping, compliance accounting or security and bug-prevention purposes.If you are a customer of ours and thus have an account with us, we will typically retain your Personal Data for the length of time necessary for the purposes for which the data was collected, such as to provide services and Information to our customers, business associates, and similar parties.
d. Your Rights as a Data Subject
The GDPR provides you with certain rights in respect of Personal Data that data controllers hold about you, including certain rights to access Personal Data, to request correction of the Personal Data, to request to restrict or delete Personal Data, and to object to our processing of your Personal Data.
Right to Access: If you wish to exercise your right to access Personal Data we process as a data controller, you may do so by requesting access through the e-mail address email@example.com. When we receive your request, we will provide you with current, step-by-step instructions to follow in order to obtain access. As we are required to verify a requestor’s identity prior to providing Personal Data, we will assess requests to exercise certain data access rights on a case-by-case basis: in doing so, we consider (a) the difficulty of verifying whether data that we hold and data we have linked to it truly and solely belongs to the data subject making the request, along with (b) the potential adverse affects on disclosure of personal data to the wrong individual. Because such improper disclosure would likely adversely affect the privacy rights and freedoms of the data subject, we may limit the Personal Data we make available.Please note that we will only grant requests for access for Personal Data for which we are a data controller, as explained further in sub-section (e) below. Where we act as a processor for one of our customers, we will refer your request to that customer. Please identify the customer your request refers to (if possible), to simplify this process.
Right to Correct: If you wish to exercise your right to correct Personal Data, you may do so by contacting us at the contact Information below.
Right to Erasure. You also have the right to obtain the erasure of Personal Data concerning you that we hold as a controller. The above opt-out process satisfies this right on a going-forward basis.
When a user opts out through our partners (or through mobile Device settings), and those location partners receive that signal, they no longer collect Personal Data to provide for Hivestack’s services. We will also manually delete your Personal Data if preferred that we do so; please contact us at firstname.lastname@example.org for further instructions if you wish to exercise this right manually. Please note, however, that we may retain copies of certain Personal Data on inactive or back-up files, for our own internal and necessary purposes, such as auditing, accounting and billing, legal or bug-detection. We will in most cases delete such data within 24 months, absent a compelling reason to retain it.
Right to Lodge Complaints. You have the right to lodge a complaint with a supervisory authority. However, we hope that you will first consult with us, so that we may work with you to resolve any complaint or concern you might have.
e. Hivestack as a data controller and a data processor
EU data protection law makes a distinction between organisations that process Personal Data for their own purposes (known as “data controllers”) and organisations that process Personal Data on behalf of other organisations (known as “data processors”). As noted above, we are not always a data controller of the data in our possession, but are sometimes a data processor for other companies such as our customers. In such cases, we may direct your inquiry to the relevant data controller, since data controllers are the ones with primary responsibility for your Personal Data.
To learn about your opt-out rights under the California Consumer Privacy Act please click here.
Our privacy practices are in accordance with all federal and provincial laws and regulations, including the Personal Information Protection and Electronic Documents Act ("PIPEDA").
If you have any questions about this policy, please contact Hivestack’s Chief Privacy Officer at:
Hivestack118 Rue Saint-Pierre, Montréal, QC H2Y 2L7Email : Privacy@hivestack.com
Attention: Chief Privacy Officer
If you are in the European Union or the United Kingdom: you may address privacy-related inquiries to our EU or UK representative pursuant to Article 27 GDPR:
EU: EU-REP.Global GmbH, Attn: Hivestack, Hopfenstr. 1d, 24114 Kiel, Germany
UK: DP Data Protection Services UK Ltd., Attn: Hivestack, 16 Great Queen Street, Covent Garden, London, WC2B
5AH, United Kingdom