Privacy Policy

Movology LLC is serious about protecting your online privacy. This Privacy Statement explains our views and practices concerning privacy and how they may pertain to you as a user of both our website and our services, what data we collect, and our intent for collecting that data. If any terms seem confusing, please review the section titled “Definitions.” In general, information is collected through our sites or on behalf of customers on their respective websites for the sake of improving marketing services.

All information transmitted, printed or otherwise submitted to www.movology.com via this website shall be deemed to be the property of Movology LLC and Movology LLC shall be free to use such information for any lawful purpose as detailed herein.

Our site contains links to other sites and we are not responsible for the privacy practices or the content of such sites. We reserve the right to release such information to law enforcement or other governmental officials as we, in our sole and absolute discretion, deem necessary to comply with the law.

While our customers are bound to our terms of use, this privacy policy does not directly apply to the collection and data processing of personal information through our customers or that is done on their behalf. Our customers determine the information to be collected as well as how it is to be processed and consequently are subject to their own respective privacy policies.

Our terms of use can be found at https://movology.com/termsofuse/.

If at any point you do not agree with any points of this policy, it is recommended that you cease using the platform and exercise any of the rights you feel necessary to outlined in the section titled “Controlling Your Data”.

Definitions

“We” or “Our” or “Us” means Movology LLC.

“Our site” means www.movology.com or any other website we own or manage.

“Visitor” or “Consumer” means a user that has visited our or any of our customer’s sites.

“Movology Services” means our collection of marketing automation services including: patented form abandonment solutions, visitor and form tracking and analytics, email remarketing, proprietary software, manual services, and other marketing services we offer.

“Movology Platform” means our websites, social media pages, emails, and any other of our content related to Movology services including but not limited to trade shows, presentations, and promotional media. Our platform uses our service to provide better service for our visitors.

“Customer” means a business or individual that is a paying, trial, or free tier customer of Movology services for the purpose of using any of our services.

“User”, “You” or “Your” means a customer, visitor, or any user of the Movology platform, or any of Movology’s services.

“Partner” means a business or third party that has been determined by us to be reputable, respects the privacy guidelines set forth by the E.U-U.S. and Swiss-U.S. PrivacyShield requirements as well as that of the “CCPA” (California Privacy Act), and is an entity we have partnered with to provide marketing services or other business value for which users may share a legitimate interest.

Changes to our Privacy Policy

We reserve the right to change this policy at any time. This page will have the latest version of the policy along with the date of posted revisions. We will notify you of significant changes to our Privacy Policy by notifying you or by posting the changes online at our site.

If you have any questions about any changes please contact us by finding the section titled “Contact us”. In the case that you do not agree with changes to the Privacy Policy, we recommend you stop using our platform and/or services. You can make necessary changes to your data including deletion by following the steps in the section titled “Controlling Your Personal Data”.

Information We Collect And How We Collect It

Through our platform and services we collect, track, and/or process the following:

“Personal information” or “Personal data” is information that may directly or indirectly identify you. This includes but is not limited to your: email, name, company name, phone number, and address. The specific information collected will vary depending on customer forms and configurations. This is collected by filling out and/or submitting a form that uses our services on one of our or our customer’s sites.

“Navigational information” or information derived from your web browser/client that may identify you directly or indirectly. This includes your: http(s) headers, IP address, referral sources, browser agent data (information about which browser is being used), time on page, cookies, web beacons, and other data that is made available through the browser’s API. This is collected from users by getting data made available to us through your browser that may identify their device, provide additional information from vendors, and include other metadata.

“Form Information” or information that a visitor enters into one of our or our customers’ forms which includes but is not limited to your demographic information and information related to business interest such as impressions, experiences, and/or expectations. As with personal information, the breadth of this will vary depending on customer forms and configurations. This type of information is collected when a user begins filling out a form that has been configured through our services.

“Third party information.” We may collect additional information about you through our partners and other third-party services. This may include both personal and navigational information.

“Aggregated information” means a collection of any of the above information that has been anonymized and aggregated so that no individual can be identified.

“Payment information“, such as credit card numbers and billing information, is processed through third party PCI-compliant service providers and not stored in our databases. This data is temporarily collected and passed to our payment partner when a customer pays for Movology services.

Use of Information Collected

• The information listed in the section titled “Information We Collect And How We Collect It” will be used to:
• Notify you of information and/or offers of products/services in which you have expressed an interest in.
• For us and our customers to better understand our audiences.
• Improve both our own and our customers’ marketing efforts.
• Improve our and our customers’ forms.
• Communicate with you about information related to the Movology platform or services.
• Enable and fulfill certain Movology services and features.
• Render services through our partners.
• Improve Movology’s services such as our proprietary tracking technology.
• To fulfill purchases of Movology services.
• Improve the accuracy of customer relation data.
• Debug and manage our platform and services.
• Joint services involving our partners and customers.
• Enforce our terms and policies.
• Comply with regulations and legal requirements.

On our site,

We use your personal, demographic, and profile information to enhance your experience at our site and to enable us to present content we think you might be interested in. We use your contact information to send you information about our company and promotional material from our partners. We may also use your personal, demographic and profile data to improve our site, for statistical analysis, for marketing and promotional purposes, and for editorial or feedback purposes for our advertisers. Information collected by us may be added to our databases and used for future telemarketing, SMS text-messaging, emails, or postal mailings regarding site updates, new products and services, upcoming events, and/or status of orders placed online. By using this site, you agree that you may be contacted in any manner contemplated in this section even if your number is found on a do not call registry, in-house list or similar registry.

Text messages: By accepting the terms and conditions of this site and providing your cell phone number, you are expressly consenting to receive SMS, wireless or other mobile offering to your cell phone from us and other organizations. You understand that your wireless carrier’s standard charges and rates apply to these messages. For SMS text messages, you may remove your information by replying “STOP”, “END”, or “QUIT” to the SMS text message you have received and we will remove your personal information within 10 days of receiving such request.

Information Retention

Our website and services hosted from secure, enterprise-level platforms including Amazon Web Services (AWS) and Google Cloud Platform (GCP).

Personal, form, and navigational information are stored for only as long as there is a legitimate business need (such as continuing to send promotions to a subscriber). After this period, user data will be deleted or anonymized and archived. Aggregated, non-personal data will be stored on an ongoing basis. Sensitive information which needs to be preserved beyond business needs, will be anonymized, if possible, and stored securely in an isolated environment. Users may make requests regarding their data outlined in the section Controlling your Personal Data below.

Disclosure of Data to Customers and Partners

Any third party, partner, or customer we share, rent, sell, or otherwise make data available to will be pre-screened by us, determined by us to be reputable, and will use the personal data for marketing products and services which you might share a legitimate interest. Information will be transferred as an anonymous dataset or collated into metrics when it suffices.

Collected information is disclosed to third parties and/or partners for the following reasons:

As required by law whether that be to protect our rights or simply to comply with legal directives.

For marketing products and services which we determine you might find of interest.

For partners’/clients’ business intelligence or to better understand their user base for the intent of improving user experience and marketing.

To render services such as payment processing.

You may elect to have your data removed and filtered out from disclosure. Additional details can be found in the section titled “Controlling your Personal Data” below.

Controlling Your Personal Data

Regarding your personal data, you have the right to:

Request a copy of or to edit, amend, or delete collected personal information.

Request your data be anonymized and/or stored in isolation from our services.

Object to the processing of your personal information and/or disclosure to third-parties.

Opt out of the sale of your personal information to third parties.

Withdraw consent to process your personal information.

File a complaint with a data protection authority regarding handling of your personal information.

To exercise any of these rights, please contact us through our email: admin@movology.com or through our personal data rights page https://movology.com/personal-data-rights/. Please email us from the email which you’d like to exercise your personal information rights on. We may verify your request by contacting you at the email, phone number, or address you choose to verify your identify with.

In adherence to the PrivacyShield Framework and under certain conditions, you may also invoke binding arbitration. The details of how to do so can be found here: https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint

We may be required to retain certain information to complete transactions, detect wrongdoing, exercise legal rights, keep mandatory records, exercise free speech, enable internal uses that are aligned with user expectations or are based on the user’s relationship with us, and to comply with legal obligations.

We have designated Verasafe to be our independent dispute resolution body. Details are in the section titled “Dispute Resolution”.

Dispute Resolution

Within the scope of this privacy notice, if a privacy complaint or dispute cannot be resolved through Movology’s internal processes, Movology has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe under the Privacy Shield Dispute Resolution Procedure, please submit the required information to VeraSafe here:  https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/

E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

Movology LLC complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield  Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and/or Switzerland to the United States.  Movology LLC has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

We are also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission in matters regarding the transfer of personal data. As such, we may be required to disclose personal data in response to lawful requests or to meet national security and/or law enforcement requirements.

We abide by PrivacyShield’s principles and liability provisions in regards to onward transfers of data to third-party controllers and agents from the EU and/or Switzerland. Our compliance entails the following: customers will be notified of and have the option to opt out of data transfers, data transfers to third-parties will be limited in scope to specified purposes consented by users and contractually agreed upon, ascertaining that these third-parties are obligated to protect the transferred data in a way that is compliant with PrivacyShield’s principles, ceasing data transfer and processing in the case that a third-party can no longer meet these protective obligations, and providing a summary or representative copy of relevant privacy provisions to governing bodies upon request.

Opt-Out of Movology Communications

You may opt-out of receiving communications from us as well as remove your information from our marketing lists. If you remove your information from our marketing lists it will no longer be used by us to send promotional correspondence to you. You can remove your information from our marketing lists by sending your request in writing via email to admin@movology.com.

We Do Not Intend to Collect Data from Children

The information and services provided to us or our affiliates, sponsors, and advertisers are not intended to be viewed by children (under 18 years old). No information collected from children is knowingly used for any marketing or promotional purposes whatsoever, either inside or outside Movology LLC. No part of Movology LLC’s web site is structured to attract anyone under the age of 18.

Our Right to Contact You

We reserve the right to contact you regarding your account status and changes to subscriber agreements, privacy policy, or any other policies or agreements relevant to you.

Our Contact Information

If you have any questions about this privacy statement, the practices of this site, or your dealings with this website, you can contact us via email sent to: admin@movology.com or through mail addressed to:

Movology LLC

1600 N Kraemer Blvd

Anaheim, CA 92806

Anti Spam Policy. CAN-SPAM Act Compliance

Movology LLC is dedicated to ensuring compliance with the ‘CAN-SPAM Act’, which took effect January 1, 2004. You may receive email from Movology LLC in the following circumstances:

Acknowledging your application has been received and requesting additional action.

Requests for additional information to support your current application.

Response to your inquiries regarding the status of your loan, payment due dates, extension requests and other transactional requests.

Thanking you for your valued business.

Advertisements for our products, services, changes in services, new product availability.

Advertisements for third party products and services where we have determined that such product or service may be of interest to our customers.

To ensure compliance with the CAN-SPAM Act,

Movology LLC has implemented the following guidelines for email delivery:

All emails sent to you by Movology LLC will clearly identify Movology LLC as the sender

FROM / SENDER: Movology LLC

The Subject Line of any email you receive will always accurately describe the subject matter of the email.

Any email from Movology LLC will include the ability to unsubscribe from future email messages.

Unsubscribing will ensure the customer is removed from ALL lists at Movology LLC; this excludes customer service emails regarding the processing and status of a current product.

Advertising emails from Movology LLC will include information that the email is an advertisement, either in the body or footer of the email.

All emails sent to you directly by Movology LLC include valid postal address information in the footer.

All third party marketing partners are required to comply with the CAN-SPAM Act.

Emails sent to you directly by Movology LLC will include an email address and physical address where you can send suggestions, complaints or other correspondence.

Information for ISPs

Website: www.movology.com

Email Address: admin@movology.com

Movology LLC understands consumers’ concerns over the use of their personal information. We hope this information will relieve any concerns your company may have regarding our email policies. Movology LLC and its affiliated sites use only an “opt-in or opt out” method of obtaining customer information, and it is not our policy to send unsolicited email. We obtain email addresses and personal information from third parties that follow the same set of policies. Movology LLC email messages sent include information about the origin of the emails and include instructions on how recipients can unsubscribe from receiving future email messages.

From time to time, Movology LLC will enter into an arrangement with a third party website to allow individuals to opt into our marketing program on those third party websites. In each case the third party websites have represented and warranted to us, among other things:

That the data was collected voluntarily from individuals on website registrations and co-registrations.

That the sellers have a right, under any applicable privacy statements, to transfer the data to us.

That Movology LLC has the right to send marketing offers to the individuals.

We hope this information satisfies any questions or concerns you may have regarding the email practices of Movology LLC. If you have additional questions or wish to discuss this matter further, please contact us at admin@movology.com.

CCPA OVERVIEW

Many Capture® customers are reaching out to ask how our products and services are compliant with the California Consumer Privacy Act of 2018, particularly as the January 1, 2020 compliance deadline gets closer. Our communications team has put together this document to help you better answer some of the client questions you’ve received and forwarded to us.

Since CCPA was first introduced, Capture® has worked closely with other marketing industry leaders to address guidelines that help define what CCPA compliance looks like. We’re also watching new developments closely, including how proposed new amendments might affect compliance.

We’ve put together this Q&A to give you insight into CCPA and how Capture® will serve as a trusted partner to the changing world of privacy compliance.

IMPORTANT: While CCPA is a California-based set of regulations, history tells us that it’s only a matter of time before most states follow exact or modified stipulations of the regulations. It is also likely that there will federal statutes that are developed from this initiative. Regardless of where a company is based, if it meets the criteria noted below, CCPA-originated regulations will most likely apply.

Who must comply with CCPA? 

If you do business in California and your company meets one of the criteria below, you must comply with the California Consumer Privacy Act of 2018:

• Your company has a gross revenue of $25 million;
• It buys, receives, sells or shares person information of more than 50,000 consumers, households or devices for commercial marketing purposes; or
• It makes 50% or more of its annual revenue from selling the personal information of consumers.

What rights does CCPA give consumers? 

Generally speaking, the CCPA gives consumers the right to know and/or request:

• Whether data is being collected about them
• The Categories and specific pieces of personal information a business has collected

• The sources of Categories where that personal information was collected
• What purpose the data is being used for
• The Categories of third parties with whom the business shares/sells the personal information
• That the personal information be deleted
• That the personal information not be sold

In addition, consumers cannot be discriminated against for exercising any of these rights (although a business can provide financial incentives in exchange for data and can offer different prices based on a consumer’s data). Businesses also face more stringent regulations for consumers under 16.

The CCPA also expands the definition of protected personal information/personally identifiable information (PII) to include information such as IP addresses, geolocation data and Internet activity such as browsing. And it requires businesses to protect personal data with “reasonable” security.

In general, how is Capture® preparing for CCPA? 

Capture® is:

• Creating new processes, policies and technology to ensure compliance with CCPA.
• Working closely with its partners to ensure they will be compliant with the new law.
• Working with other marketing industry leaders to help define CCPA compliance and to stay abreast of new industry developments.

As outlined in the section Information We Collect, we collect personal information that “identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

Here is how the data we collect lines up with the 11 enumerated categories of consumer information that the CCPA has defined:

• Identifiers – Yes. Based on the customer relationship and form data configured by our customers as well as through our own website, we collect names, IP addresses and emails.
• Select Information in California Customer Records – Yes. We may acquire information including name, phone number, and business information either directly through our service or through a partner or third-party.
• Legally Protected Characteristics – No. We do not collect this type of information.
• Commercial Information – No. We do not collect this type of information.
• Biometric Information – No. We do not collect this type of information.
• Internet or Network Activity – Yes. We track user interactions with forms directly through our service both for our website and on behalf of our customers.
• Geolocation Data – Yes. We collect rough geolocation data through consumer IP addresses to help ourselves and our customers better understand our users.
• Sensory Data – No. We do not collect this type of information.
• Employment Information – No. We do not collect this type of information.
• Education Information – No. We do not collect this type of information.
• Inferences – No. We do not collect this type of information.

As detailed in the section titled “Controlling Your Personal Data” you have the following rights:

• Right to know – You may request the categories of information listed directly above pertaining to you that we collected in the preceding 12 months and was sold or disclosed for business purposes.
• Right to be forgotten – You may request that any personal information about you on any of our sites be removed. You may also request your personal information be deleted from our databases. Certain information may be preserved for evidence in litigation and other cases outlined in the section titled “Controlling You Personal Data”.
• Right to opt out of the sale of personal information to third parties – You may opt out of having your personal information sold to third parties.

Again, these rights can be exercised by sending us an email at admin@movology.com or through our page https://movology.com/personal-data-rights/. We may also be reached at our toll-free number (714) 855-1670.

Responses will be delivered by email or electronically within 45 days of your request.

As per the restrictions outlined by the CCPA, consumers have the right to exercise these specific rights twice in any 12-month period.

Where does Capture® get its data? 

All input data used (owned or acquired) is opt-in only or aggregated and anonymized to ensure privacy. Sourcing spans across multiple business and consumer categories ensuring marketers have the ability to deliver optimal scalable and targeted reach.

All Capture® data has been responsibly sourced data collected from:

Capture® Owned Data

• Public Sourced Data from Gov’t agencies (Census, BLS, etc.).
• Proprietary Syndicated Track Surveys are opt-in and Capture® is permitted use.
• Client authorized data collection is only possible if client privacy policy states what is being collected and aligns with permitted use.

3rd Party Licensed Data

• Capture® only works with reputable sources for its data
• Capture® requires privacy reviews for all data licensed from third parties. Third parties are evaluated through a rigorous vetting process.
• All data is obtained from consumers who have opted-in or the data is aggregated to protect PII
• Vendor privacy and security policies must be in alignment with Capture®

How do you ensure the Capture® segmentation adheres to privacy and compliance standards? 

Capture® segmentation solutions are built with responsibly sourced data, all data used (owned or acquired through 3rd party partners is opt-in only or aggregated and anonymized to ensure privacy.

Behavioral segments are modeled or aggregated with no personal information used or transmitted. Capture® does not target an individual specifically based on their actual purchase behavior or any PII. A segment is modeled as a Predictor or likelihood scores are applied based on consumer behavior or relevant consumer data attributes.

Do you have any PII in your identity graph? If so, where did you get it? 

Yes, we have PII data in our identity graph, which was responsibly sourced as explained in question #3. When we work with third parties to obtain data, we follow an in-depth auditing/vetting process that uses verification tools such as time/date stamps, privacy policy reviews and/or contractual agreements to ensure customers have opted in and agreed to provide the data in question.

How does Capture® tie other data to a physical address or other PII data in a privacy-compliant manner? 

Capture® uses consistent, privacy-compliant techniques to link the data in its identity graph – both PII and otherwise – to outside data, using multidimensional graph science techniques that are proprietary to Capture®.

How do you ensure privacy-compliance when you use website pixels (that identify even “anonymous” visitors) and then combine that data with PII back data such as postal/IP/email addresses or mobile IDs? 

One of Capture® key differentiators is being able to provide our clients with insight into formerly “anonymous” customers while still remaining compliant with privacy guidelines. How this is done:

• First, we ONLY work with clients that provide consumers with the proper notification that their activity on a website is being tracked. Following that, we make sure they are collecting the data appropriately.

• Second, we link that pixel-based website data to the Capture® identity graph, which has been built with responsibly sourced or public record data.
• Third, we make sure we analyze and use that data in a privacy-compliant manner, which includes stripping out or obscuring PII data when needed.

In general, how do you plan to ensure privacy compliance given the expanded definition of PII – which now includes information such as IP addresses, geolocation data and some Internet activity? 

Capture® already has processes in place to protect data that falls under the current definition of PII. We understand and fully agree that CCPA is critical for consumer privacy and are working diligently and proactively to implement the new process and technology changes required to comply with new PII definitions under CCPA. We fully expect to be compliant months in advance of the January 1, 2020 deadline.

How do you notify consumers that you are collecting data and obtain their consent? 

We notify consumers in our privacy policy and also require that similar language is included in the privacy policies of our partners.

What is your opt-out policy for consumers? 

Capture® gives consumers the opportunity to opt out directly from our website along with all other media touch points. We are currently updating both our data and portal policies to fully comply with CCPA, a process that will be completed before the end of the year. Specifically, CCPA requires companies to give consumers the ability to either:

• “Opt Out,” which means a consumer’s information CANNOT be sold to another company for use.

• Or be “Forgotten About,” which means that the consumers data CANNOT be used for any purpose.

Do you track the location or movement of customers? 

Capture® as company is willing to help our clients identify consumer location within a geofence as a one-off service, working through third-party vendors. Capture® does NOT track movement of consumers from one location to the next, nor do we keep that information in-house.

How do you currently ensure your data is protected and eliminates risks associated with data privacy, confidentiality breach or other security risks?

We take the threat of data breaches seriously, and we will have SOC 2 certification to support data security and privacy before CCPA goes into effect on January 1, 2020. We also contractually protect our data and our rights to the data.

Does Capture® have access to cardholder data? 

No, Capture® does NOT have access to cardholder data.

Does Capture® have a security audit available? 

That will be available as part of the Capture® SOC 2 certification.

Will there be any naming changes required for the Capture® segmentation models to adhere to CCPA? 

No. Our segmentation or segment names are not regulated, nor do they need to change for CCPA. Segmentation by its very nature is privacy friendly. Each segmentation schema  represents all 120MM+ households in the US fairly. We represent all adult ages, all incomes, etc. If we built segmentation schema for only households 55+, then it would be discriminatory, but this is NOT what Capture® does.

Therefore, for CCPA compliance, Capture®s position is that we do not need to change the names of any of our syndicated segmentation names.

Is Capture® prepared for the discoverability requirement/aspect of CCPA? If a customer asks for information on his/her personal data, how long do you expect it will take you to comply? 

We will be 100% prepared to provide client data upon request before CCPA goes into effect on January 1, 2020.

How are you prepared to quickly adapt as other privacy regulations are put into place? 

Capture® has taken a leadership role in the compliance area. We are working with many industry groups to help create guidelines for CCPA compliance, and we are proactively watching new developments in California, other states and on the Federal level. We anticipate other states will come online in the next few months with their own privacy legislation and eventually expect intervention on the Federal level.

Have you sought legal counsel on your own privacy policy? 

Yes.

Are you willing to indemnify my company when it comes to privacy compliance? 

Capture® is willing to indemnify clients for the aspects of privacy compliance that we provide to you, and we expect our clients to follow the privacy guidelines (like website tracking notification) that are under their control.

How are you ensuring your partners meet their CCPA obligations? 

We are working closely with our partners to make sure they are updating their policies, processes and technology to support CCPA companies. It is part of the ongoing in-depth auditing/vetting process that we put all of our partners through, particularly as new requirements come online.

GDPR OVERVIEW 

Capture® is committed to offering our clients sophisticated products and solutions that are both innovative and legally compliant. As part of this commitment, we have conducted an analysis regarding whether and how the European Union’s General Data Protection Regulation (GDPR) may impact our organization. As outlined in greater detail below, based on our review we have determined that Capture® is not subject to the GDPR at this time and therefore is not legally required to comply with the Regulation.

What is the GDPR? 

The GDPR is a complex and comprehensive overhaul of European data protection law. The GDPR was designed to harmonize privacy regulation across the EU and to address emerging risks associated with the processing of personal data in an evolving technological landscape. The GDPR applies to a broader array of companies than were subject to the 1995 EU Data Protection Directive, including some companies that have no physical operations in the EU or whose activities were not covered by the 1995 Directive.

Businesses that are subject to the GDPR must adhere to a number of specific requirements, among them heightened data security standards and transparency regarding their processing of EU personal data. EU data subjects have a variety of data protection rights they may exercise under the GDPR, including the right to know how their personal data may be collected, used, disclosed, transferred, shared, and retained, as well as the ability to control these data processing activities under certain

circumstances. A company’s failure to meet its GDPR obligations could result in regulatory

investigations and potentially steep financial penalties.

Does the GDPR apply to Capture®? 

At this time, the GDPR does not apply to Capture® or the organization’s data collection and processing activities. Broadly speaking, there are three ways a business located in the United States may be subject to the GDPR:

• If the business is “established” in the EU (for example, if it has a physical presence or

• employees in the EU);

• If the business is not established in the EU, but is processing EU personal data in conjunction with offering goods or services in the EU (whether or not the business is charging money for the goods or services); or

• If the business is processing EU personal data to monitor or track behavior in the EU.

GDPR. We have completed this analysis and determined that Capture® does not have to comply with the GDPR because:

• Capture® is not established in the European Union. We do not have any offices or employees outside the U.S., nor do we conduct business activities in the EU.
• Capture® does not offer goods or services to individuals or entities in the EU. Our business is focused exclusively on providing our U.S. clients with products and solutions that help them better identify, understand, and target consumers located in the United States. Though our website may be accessible to someone located in the EU who has access to the Internet, we do not market to people in the EU, nor do we target audiences in other countries.
• Capture® does not monitor the behavior of persons in the EU. The data portfolios that serve as the basis for our products and services consist solely of information collected in the U.S. We do not process EU personal data or otherwise track data subjects located in the European Union.

If we were to discover that we had inadvertently obtained EU personal data, we would promptly and securely delete such personal data in accordance with applicable law.

Looking Ahead 

Capture® has examined its potential obligations under the GDPR and confirmed that it is not subject to the Regulation. Our organization has always focused exclusively on the U.S. market, and we will continue to offer our U.S.-focused services to our clients. Capture® is aware that the scope of the GDPR may implicate certain organizations in the U.S., including some of our data partners and other entities with which we may do business; however, our operations do not fall within that scope, and we have no plans at this time to expand operations to include the processing of EU personal data.

To help ensure our continued compliance with applicable laws and regulations, we have added training for our employees and are implementing additional monitoring and other procedures that will assist Capture® in identifying potential compliance risks as we continue to develop and grow our business.