Privacy Notice for Euclid

Last Updated: May 17, 2018
Archived Versions: March 19, 2018 – Download PDF

We at Euclid Analytics, Inc. and Euclid Europe Limited (“we”, “us”, “our” or “Euclid”) respect your privacy. This privacy notice (“Privacy Notice”) explains who we are and how we collect, use and share personal information we receive from you in connection with our services (“Services”), which provide marketing and visitor analytics. If you have any questions, please don’t hesitate to contact us as set forth in the “Contacting Us” section at the bottom of this Privacy Notice.

This Privacy Notice does not cover any information collected by us through other means, such as through our websites, sales and marketing activities or otherwise in the course of operating the business. Please see our general website privacy policy for further information.

We recommend that you read this Privacy Notice in full to ensure you are informed. However, to make it easier for you to review those parts of this Privacy Policy which apply to you, we have divided up the document into the following sections:

 

Who We Are – back to top

Euclid is a company incorporated under the laws of the State of Delaware, USA and whose principal office is located at 400 Alabama Street, San Francisco, CA 94110. We provide consumer analytics and related services to various partners (“Partners”), that help our Partners provide more personalized marketing campaigns and improve customer satisfaction and loyalty. Our software integrates with Wi-Fi networks located in and around public locations, such as stores, restaurants, supermarkets, malls, and performance venues, etc. (collectively, “Locations”) allowing us to collect certain information broadcast from WiFi enabled mobile devices (like your smartphone) when you move around the Locations (for example, when you enter one of our Partner’s retail stores, restaurants or venues). You can find out more about our Services here.

What Information We Collect and How We Collect It – back to top

The information that we may collect about you broadly falls into the following categories:
Information we collect automatically.

General Visit Information: When you are near a Location’s WiFi network with a WiFi enabled mobile device, the WiFi access points (i.e. the hardware device that allows a WiFi enabled mobile device to connect to a WiFi network) may automatically detect the presence of your mobile device and it’s “MAC Address” (meaning the number that your mobile device automatically broadcasts if the WiFi feature is turned on to help it connect to WiFi Access points). We refer to this information as “General Visit Information”. General Visit Information is collected as your mobile device moves across different Locations that use our technology.

For clarity, this information is automatically collected if your device’s WiFi is enabled – even if you do not actually “connect” to the Location’s WiFi network.

Important Note: As the Service is used across many different Locations for different Partners, we combine General Visit Information from each Location. For example, if you bring your mobile device to your favorite clothing store today that is a Location – and then a popular local restaurant a few days later that is also a Location – we may know that a mobile device was in both locations based on seeing the same MAC Address.

Activity Information: When you Register with the Euclid Service, we may also automatically collect additional information from your mobile device. In some countries, including countries in the European Economic Area (“EEA”), this information may be considered personal information under applicable data protection laws. We refer to this information as – “Activity Information”. This information does not reveal your specific identity but may include information about the specific mobile device you are using to access the Euclid Service, such your IP Address, your mobile devices ID, device and/or browser type and the mobile devices operating system. It may also include information about the websites you have visited, applications used and broad geographic location -related data (e.g. country or city-level location). We may use cookies and other tracking technologies to collect some of this Activity Information, as further explained under the section headed “How We Use Cookies and Similar Tracking Technologies”.

Information you provide voluntarily.

Euclid collects certain “Registration Information” when you “Register” for the Euclid Services, such as your name, email address, gender, age or home zip or postal code.

Registration for the Euclid Services can occur in a number of ways, for example:
When you are in the proximity of a Location and connect to its WiFi network with your WiFi enabled device, you may be asked to provide Registration Information as part of logging-in to the WiFi network (“Log-In”). A Partner may provide you with other opportunities to provide Registration Information, such as when you Register for a Partner customer loyalty program.

For clarity, Registration Information may be collected directly by Euclid or directly by its Partners (or Euclid or any Partner’s services providers) and then passed on to Euclid. Registration Information may also include information from third parties (see the section headed “Information we collect from third party sources” for more information).

You understand and agree that by providing Registration Information to Euclid, you are permitting us to: a) store and access your personal data; b) link your personal data to the MAC address and your location, as offered by your mobile device; and, c) use your Registration Information in such other ways which accord with the terms and conditions herein set forth.

Important Note: Once you first Register for the Euclid Services, we deem you Registered with the Euclid Service in general (meaning – if you Register for the Services with a Partner or at one Location, we treat that as Registration with the Euclid Services across our network (i.e. all Locations and Partners etc.). You will remain Registered with the Euclid Service and we and/or our Partners will continue to collect information as described in this Privacy Notice unless and until you opt out of the Service as explained in the “How You Can Opt Out” section below. Our Partners may also collect additional information. In such case, their own privacy policies may apply.

Information we collect from third party sources.

We may also combine information we collect about you with information we obtain from other sources, such as public databases, joint marketing partners, social media platforms, as well we other third parties. Examples of the information we receive from other sources, include: demographic data, location related data, data regarding your shopping activities, mobile device’s ID, the content you viewed and the action you take while on websites (such as what you clicked on) (“Third Party Data”). If you Log-In to the WiFi network via a third-party service, such as Facebook Login or Google OpenID, we and/or the third party that operates the WiFi network may access the information described in the third-party service’s request for authorization, such as your name, email address, gender, age, and home zip code. Please review your privacy settings with these third-party services to ensure you are sharing the information you wish to share.

How We Use Your Information – back to top

General Visit Information: The General Visit Information is used to help Euclid and its Partners better understand how large groups of people behave. We do this by providing Partners with reports and other analytics products generated from such data. We aggregate and combine your General Visit Information with the General Visit Information of many people across our network. Partners use the reports and other analytics products for a variety of purposes, such as to:

Please note, once you are Registered with the Euclid Services your General Visit Information is combined with your Registration Information and Activity Information – and may be disclosed to our Partners – as set forth in the “Registration Information and Activity Information” section below. Such data may also be combined with Third Party Data and used for research and analytics and/or to help serve advertising.

Unless otherwise prohibited by applicable law in certain jurisdictions, the time that you Register with the Euclid Services, we combine Registration Information and Activity Information with General Visit Information from your mobile device that may date back to July 19, 2016, the launch date of the “Euclid Connect” service.

Registration Information and Activity Information: As noted above, once you Register with the Euclid Services, we may combine and associate your Registration Information and Activity Information with your General Visit Information. All such information may be used by our Partners and/or by us for the following purposes:

Other Uses: We also use your information to:

How We Use Cookies and Similar Tracking Technologies – back to top

We may use cookies and similar tracking technology (collectively “Cookies”) to collect and use Activity Information about you (including to serve interest based advertising). For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Cookie Notice.

Who We Share Your Information With – back to top

Partners: We share information with our Partners (and their service providers acting on their behalf) for the purposes described in the “How We Use Your Information” section above. We do not share information from EU data subjects with Partners.

“Advertising Companies”. We may share information with advertising companies in “hashed” form. Hashing is essentially a way of scrambling the information into a randomized string of numbers and letters. They may use this information for research and analytics. In addition, they may use this information to help serve advertisements based on such models. When used in this manner, your information is combined with the information of many other people.

Service Providers: We may employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you. For example, we may use third parties to provide marketing communications, infrastructure and IT services, provide customer service, and process and administer consumer surveys. In the course of providing such services, these third party providers may have access to your information. A current list of our service providers is available upon request.

Business Transfers: In the event that Euclid is acquired by or merged with a third-party entity or is potentially going to be acquired by or merged with a third party entity, if its substantial assets are acquired by a third party, in any partial or total sale of assets including in the event of bankruptcy, or in any other corporate change, Euclid may transfer or assign the information as part of that actual or potential merger, acquisition, sale, or other change of control. The promises in this Privacy Notice will apply to your data as transferred to the new entity.

Protection of Euclid and Others: We reserve the right to access, read, preserve, and disclose any information that we believe is necessary to comply with law or court order; enforce or apply our terms of use; detect and handle payment fraud, or otherwise to protect the rights, property, or safety of Euclid, our employees, our users, or others.

How You Can Opt Out – back to top

Opting Out of Online Interest Based Advertising: Euclid adheres to the Digital Advertising Alliance (“DAA”) Self-Regulatory Principles. As provided by these principles, you may elect to opt out of the collection of Activity Information from your device’s browser for interest-based advertising (“IBA”) purposes by Euclid and other companies that participate in the DAA choice tool by visiting here. IBA involves the use of Activity Information to make inferences about your interests to help our clients deliver ads that are more relevant to those interests to this browser and other browsers and devices associated with it. If you choose to opt out of IBA on this browser, data will not be collected from this browser for IBA in apps on this device or associated devices, and data will not be collected on those devices and used on this browser for IBA.

To opt out of the collection of Activity Information from applications on your mobile device for IBA purposes from Euclid and other companies that participate in the DAA’s AppChoices tool, visit here to learn how to download AppChoices. If you choose to opt out of IBA on this device, data will not be collected from apps on this device for IBA on this device or associated devices, and data will not be collected on those devices and used in apps on this device for IBA.

If you elect to opt out, you may still receive ads, but those ads may be less relevant to your interests. In addition, we may still collect Activity Information for other purposes, including analytics. Note that if you delete your cookies, or use a different browser or device, you may need to renew your opt out choices. To control the collection of precise location data from your mobile device, you can use the location data controls that may be available in your device’s settings.

Mobile Location Analytics Opt Out: Euclid complies with the Mobile Location Analytics Code of Conduct. As provided for in the code, you may elect to opt out of associating information about your presence at a location with a device’s MAC Address (meaning General Visit Information as defined in this privacy notice) at: https://smart-places.org/. If you opt out, we will use your device’s MAC Address only to maintain the device’s opt-out status.

Euclid Services Opt Out: If you want to opt out of (i) Euclid’s use, and Euclid’s provision to third parties for their use, of your information for direct marketing purposes; and (ii) Euclid’s collection of Registration Information and Activity Information please click http://go.euclidanalytics.com/euclid-services-opt-out. For clarity, we may still collect and use (except for direct marketing purposes) your MAC Address. For your choices in this regard – please see the “Mobile Location Analytics Code of Conduct” section above). The foregoing includes your opt out rights pursuant to California Civil Code 1798.83.

Data Protection Rights: – back to top

You also have the following data protection rights:

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws

Data Storage and Retention – back to top

If you do not Register with the Euclid Services, we will retain General Visit Information for 24 months only after “hashing”. Hashing is essentially a way of scrambling the information into a randomized string of numbers and letters. If you are Registered, General Visit Information, Registration Information and Activity Information is retained for as long as we deem reasonably necessary to continue to provide our services

Legal Basis for Processing Personal Information (EEA End Users and visitors only) – back to top

If you are an individual from the EEA, where we are collecting and using your personal information as a controller, our legal basis for doing so will depend on the personal information concerned and the specific context in which we collect it. However, we normally rely on our legitimate interest to collect personal information from you, except where such interests are overridden by your data protection interests or fundamental rights and freedoms. Where we rely on our (or our Partner’s) legitimate interests to process your personal information, they include the interests described in the sections above headed “How We Use Your Information”. In some cases, we may rely on our consent or have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

If we rely on consent to collect and/or process your personal information, we will obtain such consent in compliance with applicable laws. If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide it). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party) which are not referred to in this Privacy Policy, we will make clear to you at the relevant time what those legitimate interests are.

If you are an individual from the EEA, when you Register with the Euclid Services, we do not combine Registration Information and Activity Information with General Visit Information previously collected from your mobile device.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contacting Us” heading below.

International Data Transfers – back to top

Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). Specifically, our servers are located in the U.S., and our group companies and third party service providers operate around the world. This means that when we collect your personal information we may process it in any of these countries. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice.

EU-U.S. Privacy Shield Privacy Shield Framework – back to top

Euclid Analytics, Inc. complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from the European Economic Area (“EEA”) and Switzerland.

Euclid has certified that it adheres to the Privacy Shield principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitations, access, and recourse, enforcement and liability. Euclid complies with the Privacy Shield principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. To learn more about the Privacy Shield program, and to view our certification page, please visit www.privacyshield.gov.

Euclid’s participation in the Privacy Shield applies to all personal data collected from the EEA and Switzerland, respectively through the Euclid Services (described at http://geteuclid.com/products/).

Euclid will endeavor to resolve complaints about your and our collection or use of your personal information. EEA or Swiss citizens with inquiries or complaints regarding our privacy practices should first contact Euclid at privacy@euclidanalytics.com. Euclid has further committed to refer unresolved privacy complaints to an independent dispute resolution mechanism – the Judicial Arbitration and Mediation Service (“JAMS”). If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Euclid, you may contact JAMS (https://www.jamsadr.com) to file a complaint.

As a last resort and under limited circumstances, EU and Swiss individuals with residual privacy complaints not resolved pursuant to the foregoing mechanisms may invoke a binding arbitration option before the Privacy Shield Panel. For more information regarding the submission of complaints, please see https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint.

Euclid is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

How We Keep Your Personal Information Secure – back to top

We use appropriate administrative, organizational, technical, and physical safeguards to protect the personal information we collect and process about you. The measure we use are designed to provide a level of security appropriate to the risk of processing your personal information and to help ensure that your data is safe, secure, and only available to you and to those you provided authorized access (e.g., your users). Specific measures we use include using secure socket layer protection (which you can look up on your favorite search engine). However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so you should take care in deciding what information you send us in this way.

Changes to this Privacy Notice – back to top

We may update this Privacy Notice from time to time. This Privacy Notice applies to information we collect while that notice is in effect. If there are new material Privacy Notice changes – they apply to information collected after the new Privacy Notice comes into effect (unless we get your consent to have it retroactively apply). The date of the latest version of this Privacy Notice is listed at the top of this notice.

Contacting Us – back to top

If you have any questions regarding our privacy policies, please send us a detailed message to privacy@euclidanalytics.com or Euclid, Inc. (ATTN: Privacy), 400 Alabama Street, San Francisco, CA 94110. Please write the following in the subject heading: “Privacy Notice Inquiry”.

For EEA Residents

For the purposes of EU data protection legislation, the “data controller” of your personal information is Euclid Analytics, Inc. Euclid has appointed Adam Zagaris to be its representative. You can contact them directly regarding the processing of your personal information by Euclid Analytics, Inc. by email at privacy@euclidanalytics.com.

Thank you!