Welcome to Vi—a company that helps the world’s largest organizations maximize acquisition, enrollment, engagement, retention, and optimize health outcomes and financial returns. This Privacy Notice explains how Vi Labs Ltd d/b/a Vi (“Vi”) collects, uses, discloses, and otherwise processes personal data when you visit our website at https://vi.co or engage with us in other related ways, including any sales, marketing, or events. It also describes the way we collect, use, disclose, and otherwise process personal data in connection with our data solutions and consumer analytics products (“Data Services”). We may also choose or be required by law to provide different or additional disclosures relating to the processing of personal data about residents of certain countries, regions, or states. Please refer to the Region-Specific Disclosures section below for additional disclosures that may be applicable to you.

This Privacy Notice does not address our privacy practices relating to Vi job applicants, employees and other employment-related individuals, nor data that is not subject to applicable data protection laws (such as deidentified or publicly available information). This Privacy Notice is also not a contract and does not create any legal rights or obligations not otherwise provided by law.

---

OUR ROLE IN PROCESSING PERSONAL DATA 

Data protection laws sometimes differentiate between “controllers” and “processors” of personal data. A “controller” determines the purposes and means (the why and how) of processing personal data. A “processor,” which is sometimes referred to as a “service provider,” processes personal data on behalf of a controller subject to the controller’s instructions.

This Privacy Notice describes our privacy practices where we are acting as the controller of personal data. However, this Privacy Notice does not cover or address how our customers may process personal data when they use our services, or how we may process personal data on their behalf in accordance with their instructions where we are acting as their processor. As a result, we recommend referring to the privacy notice of the customer with which you have a relationship for information on how they engage processors, like us, to process personal data on their behalf. In addition, we are generally not permitted to respond to individual requests relating to personal data we process on behalf of our customers, so we recommend directing any requests to the relevant customer.

If you access our services or otherwise interact with us from the European Economic Area, United Kingdom, or Switzerland, please see the Controller Details and Privacy Contacts section of our Additional European Economic Area, United Kingdom, and Switzerland Privacy Disclosures for more information about our legal entities operating as the controllers of your personal data.

OUR COLLECTION AND USE OF PERSONAL DATA

The categories of personal data we collect depend on how you interact with us and our services. For example, you may provide us your personal data directly when you send us a message or engage with us at an event.

We also collect personal data automatically when you interact with our websites and other services and may also collect personal data from other sources and third parties.

Personal Data Provided by Individuals

We collect the following categories of personal data individuals provide us:

• Contact Information, including first and last name, email address, mailing address, and communication preferences. We use this information primarily to fulfill your request or transaction, to communicate with you directly, and to send you marketing communications in accordance with your preferences.
• Account Information, including first and last name, email address, phone number, account credentials or one-time passcodes, and the products or services you are interested in, purchased, or have otherwise used. We use this information primarily to administer your account, provide you with our products and services, communicate with you regarding your account and your use of our products and services, and for customer support purposes.
• Payment Information, including payment card information, billing address, and other financial information (such as, routing and account number). Please note that we use third-party payment processing providers to process payments made to us. We do not retain any personally identifiable financial information, such as payment card number, you provide these third-party payment processing providers in connection with payments. Rather, all such information is provided directly by you to our third-party payment processing providers. The payment processing provider’s use of your personal data is governed by their privacy notice. To view Stripe’s privacy policy, please click here.
• Event and Survey Information, including information provided when you sign up for an event or complete a survey. We use this information primarily to administer and facilitate our products and services, respond to your submission, communicate with you, conduct market research, inform our marketing and advertising activities, improve and grow our business, and facilitate the related event or survey.
• Feedback and Support Information, including the contents of custom messages sent through the forms, email addresses, or other contact information we make available to customers, as well as recordings of calls with us, where permitted by law (including through the use of automated tools provided by us or our third-party providers). We use this information primarily to investigate and respond to your inquiries, to communicate with you, and to improve our products and services.

If you choose to contact us, we may need additional information to fulfill the request or respond to your inquiry. We may provide additional privacy disclosures where the scope of the request we receive or personal data we require fall outside the scope of this Privacy Notice. In that case, the additional privacy disclosures will govern how we may process the information you provide at that time.

Personal Data Automatically Collected

We, and our third-party partners, automatically collect information you provide to us and information about how you access and use our products and services when you engage with us. We typically collect this information through the use of a variety of our own and our third-party partners’ automatic data collection technologies, including (i) cookies or small data files that are stored on an individual’s computer and (ii) other, related technologies, such as web beacons, pixels, embedded scripts, mobile SDKs, location-identifying technologies and logging technologies (collectively, “Data Collection Technologies”). Information we collect automatically about you may be combined with other personal data we collect directly from you or receive from other sources.

We, and our third-party partners, use automatic data collection technologies to automatically collect the following data when you use our services or otherwise engage with us:

• Information About Your Device and Network, including the device type, manufacturer, and model, operating system, IP address, browser type, Internet service provider, and unique identifiers associated with you, your device, or your network (including, for example, a persistent device identifier or advertising ID). We employ third-party Data Collection Technologies designed to allow us to recognize when two or more devices are likely being used by the same individual and may leverage these technologies (where permitted) to link information collected from different devices.
• Information About the Way Individuals Use Our Services and Interact With Us, including the site from which you came, the site to which you are going when you leave our services, how frequently you access our services, whether you open emails or click the links contained in emails, whether you access our services from multiple devices, and other browsing behavior and actions you take on our services (such as the pages you visit, the content you view, the communications you have through our services, and the content, links and ads you interact with). We employ third-party technologies designed to allow us to collect detailed information about browsing behavior and actions that you take on our services, which may record your mouse movements, scrolling, clicks, and keystroke activity on our services and other browsing, search or purchasing behavior. These third-party technologies may also record information you enter when you interact with our products or services, or engage in chat features or other communication platforms we provide.

All of the information collected automatically through these Data Collection Technologies allows us to improve your customer experience. For example, we may use this information to enhance and personalize your user experience, to monitor and improve our products and services, and to improve the effectiveness of our products, services, offers, advertising, communications and customer service. We may also use this information to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the site; (b) provide custom, personalized content and information, including targeted content and advertising; (c) identify you across multiple devices; (d) provide and monitor the effectiveness of our services; (e) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our website; (f) diagnose or fix technology problems; and (g) otherwise to plan for and enhance our products and services.

For information about the choices you may have in relation to our use of automatic data collection technologies, please refer to the Your Privacy Choices section below. For additional details about the cookies we use on our websites and to adjust your preferences with regard to those cookies, please visit our “Cookie Preferences” manager linked in the footer of our websites.

Personal Data from Other Sources and Third Parties

We may receive the same categories of personal data as described above from the following sources and other parties:

• Employers: If you interact with our services in connection with your employment, we may obtain personal data about you from your employer or another company for which you work. For example, we may obtain your contact information from your employer to allow us to communicate with you about your employer’s customer relationship with us.
• Social Media: When you interact with our services through other social media networks, such as when you follow us or share our content on other social networks, we may receive some information that you permit the social network to share with third parties. The data we receive is dependent upon your privacy settings with the social network, and may include profile information, profile picture, username, and any other information you permit the social network to share with third parties. You should always review and, if necessary, adjust your privacy settings on third-party websites and social media networks and services before sharing information and/or linking or connecting them to other services. We use this information primarily to operate, maintain, and provide to you the features and functionality of our products and services, as well as to communicate directly with you, such as to send you messages about products and services that may be of interest to you.
• Advertisers, Influencers, and Publishers: We engage in advertising both on our services and through third-party services. Advertisers, influencers, and publishers may share personal data with us in connection with our advertising efforts. For example, we may obtain information about whether an advertisement on our services led to a successful engagement between you and a third-party advertiser.
• Service Providers: Our service providers that perform services on our behalf, such as analytics and certain marketing providers, collect personal data and often share some or all of this information with us. For example, we receive personal data you may submit in response to requests for feedback to our survey providers.
• Other Sources: We may also collect personal data about you from other sources, including publicly available sources, third-party data providers, brand partnerships, or through transactions such as mergers and acquisitions.
• Inferences: We may generate inferences or predictions about you and your interests and preferences based on the other personal data we collect and the interactions we have with you.

Personal Information Collected in Connection with Our Data Services

We also receive personal data from third-party sources in connection with the provision of our Data Services. When we provide our Data Services, we leverage personal data we receive from a variety of third-party sources, including through websites and mobile apps, public records and other publicly available sources, government entities, market research, social networks, our customers, consumer data resellers, our own in-house research teams, and other data compilers.

The personal information we collect from the various sources may include (on the individual, household, or geographic level), such as:

• Contact information, such as your name, address, and other contact information.
• Particular interests, such as media consumption patterns, search histories, or businesses you may visit.
• Demographic information, such as age, race, income, education, geographic region, gender, and marital status.
• Information from Data Collection Technologies, as defined above.
• Mobility and Spatial Data, such as device locations.
• Publicly available information, such as information that available in the public domain or from government public records.
• Inferences, which may include conclusions drawn from any of the categories of personal information listed in this section.

We use the information collected through our Data Services for various purposes, including the following:

• Data Marketing Services: Our Data Services include providing marketing information to our customers, generally regarding which of their customers or prospective customers are most likely to be interested (or disinterested) in certain products, or how to best contact or identify those customers. Similarly, we help our customers identify and understand their customers better, by providing certain insights about them.
• Targeting Advertising: We sometimes create defined audience segments based on common demographics and/or shared (actual or inferred) interests or preferences. When we do this, we may work with data partners that “match” our information, including through de-identification techniques, with online cookies and other identifiers in order to target and measure ad campaigns online across various display, mobile and other media channels. You may learn more about how to opt out of this and other online ad targeting in the Your Privacy Choices section of this Privacy Notice.
• Market Research: We sometimes use the information to help our customers understand specific markets and what influences the purchase decision and behavior of their target audiences.
• General Geolocation Analysis: We sometimes use the information to help our customers better understand market opportunities at various locations.
• Additional Marketing Services: Other services we may provide to our customers (or that they may provide to their own customers), which may overlap with or supplement the above, may involve (i) helping target and optimize direct mail, email campaigns, display, social and mobile marketing; (ii) measuring how effective marketing campaigns have been by determining which messages are most likely to be seen or opened by which types of consumers, or which types of ads are most likely to lead to purchases; (iii) analyzing and optimizing our customers’ (or their service providers’) proprietary databases, or helping customers to detect and prevent crime and fraud; or (iv) providing “validation” or data hygiene services, which is how companies update and/or correct their databases by verifying, removing or correcting old, incorrect or outdated information.
• To Operate Our Services: We also use the information for our own internal purposes – such as to improve, test, update and verify our own database; to develop new products; and to operate, analyze, improve, and secure our services and our databases and servers.

Additional Uses of Personal Data

In addition to the primary purposes for using personal data described above, we may also use personal data we collect to:

• Fulfill or meet the reason the information was provided, such as to fulfill our contractual obligations, to facilitate payment for our products and services, or to deliver the services requested.
• Manage our organization and its day-to-day operations.
• Communicate with you, including via email, chat, social media and/or telephone calls.
• Facilitate the relationship we have with you and, where applicable, the company you represent.
• Request you provide us feedback about our product and service offerings.
• Address inquiries or complaints made by or about an individual in connection with our products or services.
• Create and maintain accounts for our users.
• Verify your identity and entitlement to our products and services.
• Register you for and provide you access to events and surveys.
• Market our products and services to you, including through email, phone, and social media.
• Administer, improve, and personalize our products and services, including by recognizing you and remembering your information when you return to our products and services.
• Develop, operate, improve, maintain, protect, and provide the features and functionality of our products and services.
• Identify and analyze how you use our products and services.
• Infer additional information about you from your use of our products and services, such as your interests.
• Create aggregated or de-identified information that cannot reasonably be used to identify you, which information we may use for purposes outside the scope of this Privacy Notice.
• Conduct research and analytics on our user base and our products and services, including to better understand the demographics of our users.
• Improve and customize our products and services to address the needs and interests of our user base and other individuals we interact with.
• Test, enhance, update, and monitor the products and services, or diagnose or fix technology problems.
• Help maintain and enhance the safety, security, and integrity of our property, products, services, technology, assets, and business.
• Defend, protect, or enforce our rights or applicable contracts and agreements (including our Terms of Use), as well as to resolve disputes, to carry out our obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties.
• Detect, prevent, investigate, or provide notice of security incidents or other malicious, deceptive, fraudulent, or illegal activity and protect the rights and property of Vi and others.
• Facilitate business transactions and reorganizations impacting the structure of our business.
• Comply with contractual and legal obligations and requirements.
• Fulfill any other purpose for which you provide your personal data, or for which you have otherwise consented.

OUR DISCLOSURE OF PERSONAL DATA

We disclose or otherwise make available personal data in the following ways:

• To Customers of Data Services: We may make any information that we collect for our Data Services as described in this Privacy Notice available to our partners and to our customers.
• To Your Employer: If you interact with our services in connection with your employment, we may disclose personal data to your employer or another company for which you work. For example, we may provide information to your employer about your usage of our services in connection with your work for them.
• To Marketing Providers: We coordinate and share personal data with our marketing providers in order to advertise and communicate with you about the products and services we make available.
• To Ad Networks and Advertising Partners: We work with third-party ad networks and advertising partners to deliver advertising and personalized content on our services, on other websites and services, and across other devices. These parties may collect information automatically from your browser or device when you visit our websites and other services through the use of cookies and related technologies. This information is used to provide and inform targeted advertising, as well as to provide advertising-related services such as reporting, attribution, analytics, and market research.
• To Service Providers: We engage other third parties to perform certain services on our behalf in connection with the uses of personal data described in the sections above. Depending on the applicable services, these service providers may process personal data on our behalf or have access to personal data while performing services on our behalf.
• To Other Businesses as Needed to Provide Services: We may share personal data with third parties you engage with through our services or as needed to fulfill a request or transaction including, for example, payment processing services.
• In Connection with a Business Transaction or Reorganization: We may take part in or be involved with a business transaction or reorganization, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may disclose, transfer, or assign personal data to a third-party during negotiation of, in connection with, or as an asset in such a business transaction or reorganization. Also, in the unlikely event of our bankruptcy, receivership, or insolvency, your personal data may be disclosed, transferred, or assigned to third parties in connection with the proceedings or disposition of our assets.
• To Facilitate Legal Obligations and Rights: We may disclose personal data to third parties, such as legal advisors and law enforcement:
  • in connection with the establishment, exercise, or defense of legal claims;
  • to comply with laws or to respond to lawful requests and legal process;
  • to protect our rights and property and the rights and property of our agents, customers, and others, including to enforce our agreements, policies, and terms of use;
  • to detect, suppress, or prevent fraud;
  • to reduce credit risk and collect debts owed to us;
  • to protect the health and safety of us, our customers, or any person; or
  • as otherwise required by applicable law.
• With Your Consent or Direction: We may disclose your personal data to certain other third parties or publicly with your consent or direction. For example, with your permission, we may post your testimonial on our websites.

YOUR PRIVACY CHOICES

The following privacy choices are made available to all individuals with whom we interact. You may also have additional choices regarding your personal data depending on your location or residency. Please refer to our Region-Specific Disclosures below for information about additional privacy choices that may be available to you.

Communication Preferences

• Email Communication Preferences: You can stop receiving promotional email communications from us by clicking on the “unsubscribe” link provided in any of our email communications. Please note you cannot opt-out of service-related email communications (such as, account verification, transaction confirmation, or service update emails).
• Phone Communication Preferences: You can stop receiving promotional phone communications from us by informing the caller you no longer wish to receive promotional phone calls from us, following the instructions provided on the call for opting out of promotional phone calls (where available), or replying STOP to any one of our promotional text messages. Please note we may need to continue to communicate with you via phone for certain service-related messages (such as, sending a verification code to your phone via call or text for purposes of verifying the authenticity of a log-in attempt).
• Direct Mailing Preferences: You can stop receiving promotional direct mail communications from us by contacting us at privacy@vi.co. Please note this opt-out does not affect any mailings that are controlled by third parties that may feature or mention our services.

Automatic Data Collection Preferences

Certain of our services may provide you the ability to adjust your preferences regarding our use of automatic data collection technologies. For example, there is a “Cookie Preferences” manager linked in the footer of our websites that allows you to adjust your preferences regarding certain automatic data collection technologies on the specific website you are visiting for the specific device and browser you are using at that time (which means you will need to change your preferences on each device and browser you use to interact with the specific website you are visiting).

Where a Vi-specific preference manager or privacy setting is not available, you may be able to utilize third-party tools and features to further restrict the use of automatic data collection technologies. For example, (i) most browsers allow you to change browser settings to limit automatic data collection technologies on websites, (ii) most email providers allow you to prevent the automatic downloading of images in emails that may contain automatic data collection technologies, and (iii) many devices allow you to change your device settings to limit automatic data collection technologies for device applications. Please note that blocking automatic data collection technologies through third-party tools and features may negatively impact your experience using our services, as some features and offerings may not work properly or at all. Depending on the third-party tool or feature you use, you may not be able to block all automatic data collection technologies or you may need to update your preferences on multiple devices or browsers. We do not have any control over these third-party tools and features and are not responsible if they do not function as intended.

Targeted Advertising Preferences

We engage third parties to help us facilitate targeted advertising designed to show you personalized ads based on predictions of your preferences and interests developed using personal data we maintain and personal data our third-party partners obtain from your activity over time and across nonaffiliated websites and other services. The data we and our third-party partners use for purposes of facilitating targeted advertising, as well as to provide advertising-related services such as reporting, attribution, analytics, and market research, are primarily collected through the use of a variety of automatic data collection technologies, including cookies, web beacons, pixels, embedded scripts, mobile SDKs, location-identifying technologies and logging technologies. We may share a common account identifier (such as a hashed email address or user ID) with our third-party advertising partners to help link the personal data we and our third-party partners collect to the same person, or otherwise target advertising to an individual on a third-party website or platform.

In addition to taking the steps set forth in the Automatic Data Collection Preferences section above, you may be able to further exercise control over the advertisements that you see by leveraging one or more targeted advertising opt-out programs. For example:

• Device-Specific Opt-Out Programs: Certain devices provide individuals the option to turn off targeted advertising for the entire device (such as Apple devices through their App Tracking Transparency framework or Android devices through their opt out of ads personalization feature). Please refer to your device manufacturer’s user guides for additional information about implementing any available device-specific targeted advertising opt-outs.
• Digital Advertising Alliance: The Digital Advertising Alliance allows individuals to opt out of receiving online interest-based targeted advertisements from companies that participate in their program. Please follow the instructions at https://optout.aboutads.info/?c=2&lang=EN for browser-based advertising and https://www.youradchoices.com/appchoices for app-based advertising to opt out of targeted advertising carried out by our third-party partners and other third parties that participate in the Digital Advertising Alliance’s self-regulatory program.
• European Interactive Digital Advertising Alliance: The European Interactive Digital Advertising Alliance similarly allows individuals to opt out of receiving online interest-based targeted advertisements from companies that participate in their program. Please follow the instructions at https://www.youronlinechoices.eu to opt out of browser-based targeted advertising carried out by our third-party partners and other third parties that participate in the European Interactive Digital Advertising Alliance’s program.
• Network Advertising Initiative: The Network Advertising Initiative similarly allows individuals to opt out of receiving online interest-based targeted advertisements from companies that participate in their program. Please follow the instructions at https://optout.networkadvertising.org/?c=1 to opt out of browser-based targeted advertising carried out by our third-party partners and other third parties that participate in the Network Advertising Initiative’s self-regulatory program.
• Platform-Specific Opt-Out Programs: Certain third-party platforms provide individuals the option to turn off targeted advertising for the entire platform (such as certain social media platforms). Please refer to your platform provider’s user guides for additional information about implementing any available platform-specific targeted advertising opt-outs.

Please note that when you opt out of receiving interest-based advertisements through one of these programs, this does not mean you will no longer see advertisements from us or on our services.  Instead, it means that the online ads you do see from relevant program participants should not be based on your interests.  We are not responsible for the effectiveness of, or compliance with, any third parties’ opt-out options or programs or the accuracy of their statements regarding their programs. In addition, program participants may still use automatic data collection technologies to collect information about your use of our services, including for analytics and fraud prevention as well as any other purpose permitted under the applicable advertising industry program.

Partner-Specific Preferences

Certain of our third-party providers and partners offer additional ways that you may exercise control over your personal data, or automatically impose limitations on the way we can use personal data in connection with the services they provide:

• Device-Specific / Platform-Specific Preferences: The device and/or platform you use to interact with us (such as your mobile device or social media provider), may provide you additional choices with regard to the data you choose to share with us. For example, many mobile devices allow you to change your device permissions to prevent our products and services from accessing certain types of information from your device (such as your contact lists or precise geolocation data), and many social media platforms allow you to change your platform permissions to prevent integrated products and services from accessing certain types of information connected with your profile. Please refer to your device or platform provider’s user guides for additional information about implementing any available platform-specific targeted advertising opt-outs.

CHILDREN’S PERSONAL DATA

Our services are not directed to, and we do not intend to, or knowingly, collect or solicit personal data from children under the age of 18. If an individual is under the age of 18, they should not use our services or otherwise provide us with any personal data either directly or by other means. If a child under the age of 18 has provided personal data to us, we encourage the child’s parent or guardian to contact us to request that we remove the personal data from our systems. If we learn that any personal data we collect has been provided by a child under the age of 18, we will promptly delete that personal data.

RETENTION OF PERSONAL DATA

We will usually retain the personal data we collect about you for no longer than reasonably necessary to fulfil the purposes for which it was collected, and in accordance with our legitimate business interests and applicable law. However, if necessary, we may retain personal data for longer periods of time as required under applicable law or as needed to resolve disputes or protect our legal rights.

To determine the appropriate duration of the retention of personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of personal data and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting, and other applicable obligations.

Once retention of the personal data is no longer reasonably necessary for the purposes outlined above, we will either delete or deidentify the personal data or, if that is not possible (for example, because personal data has been stored in backup archives), we will securely store the personal data and isolate it from further active processing until deletion or deidentification is possible.

THIRD-PARTY WEBSITES AND SERVICES

Our services may include links to third-party websites, plug-ins, applications and other services. Except where we post, link to or expressly adopt or refer to this Privacy Notice, this Privacy Notice does not apply to any personal data practices of third parties. To learn about the personal data practices of third parties, please visit their respective privacy notices.

REGION-SPECIFIC DISCLOSURES

We may choose or be required by law to provide different or additional disclosures relating to the processing of personal data about residents of certain countries, regions or states. Please refer below for disclosures that may be applicable to you:

• United States: If you are a resident of the United States, please click here for additional U.S.-specific privacy disclosures, including a description of the personal data rights made available to residents of certain states under applicable law.
• European Economic Area, United Kingdom or Switzerland: If you are located in the European Economic Area (Member States of the European Union together with Iceland, Norway, and Liechtenstein), the United Kingdom, or Switzerland, please click here for additional European-specific privacy disclosures, including a description of the personal data rights made available to individuals located in those jurisdictions under applicable law.

UPDATES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time to time. When we make changes to this Privacy Notice, we will change the date at the beginning of this Privacy Notice. If we make material changes to this Privacy Notice, we will notify individuals by email to their registered email address, by prominent posting on this website or our other platforms, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided.

CONTACT US

If you have any questions or requests in connection with this Privacy Notice or other privacy-related matters, please send an email to privacy@vi.co.

 

---

ADDITIONAL UNITED STATES PRIVACY DISCLOSURES

These disclosures supplement the information contained in our Privacy Notice by providing additional information about our personal data processing practices relating to individual residents of certain states in the United States. For a detailed description of how we collect, use, disclose, and otherwise process personal data, please read our Privacy Notice.

If you are a resident of the state of Nevada in the United States, you have the right to opt out of the sale of your personal data. Although we do not currently sell personal data of Nevada residents (as defined under Nevada law), you may submit a request to opt-out of the sale of your personal data by emailing us at privacy@vi.co.

If you are a resident of other certain states of the United States, the following supplementary disclosures apply to you.

NOTICE: We may sell your sensitive personal data. Please read the disclosures below for more details.

PERSONAL DATA DISCLOSURES, SALES AND TARGETED ADVERTISING

We disclose all of the categories of personal data we collect to the categories of recipients set forth in the Our Disclosure of Personal Data section of our Privacy Notice. Our disclosure of personal data to the following categories of third parties qualifies as the sale of personal data or the sharing or processing of personal data for the purpose of displaying advertisements that are selected based on personal data obtained or inferred over time from an individual’s activities across businesses or distinctly-branded websites, applications, or other services (otherwise known as “targeted advertising” or “cross-context behavioral advertising”) under certain privacy laws:

• Our Customers: We may share inferences that we generate as part of our Data Services.
• Our Advertising Partners: We may share information about you to our advertising partners for marketing purposes on our own behalf or on behalf of our customers.

Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to limit or opt-out of the sale of personal data or the processing of personal data for purposes of targeted advertising (as described in the Your Additional U.S. Privacy Choices section below).

Please note we do not sell the personal data of individuals we know to be less than 16 years of age or use or share such information for targeted advertising purposes.

SENSITIVE PERSONAL DATA

The following personal data elements we collect may be classified as “sensitive” under certain privacy laws:

• Race, ethnicity or national origin
• Health data, including information regarding an individual’s medical history, mental or physical health condition, or medical treatment or diagnosis
• Precise geolocation information
• Inferences related to the above

We use sensitive personal data for the purposes set forth in the Our Collection and Use of Personal Data section of our Privacy Notice. Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to limit, or withdraw your consent for, our processing of sensitive personal data (as described in the Your Additional U.S. Privacy Choices section below).

DEIDENTIFIED INFORMATION

We may at times receive, or process personal data to create, deidentified information that can no longer reasonably be used to infer information about, or otherwise be linked to, a particular individual or household. Where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by law.

AUTOMATED DECISION-MAKING AND PROFILING

We do not conduct automated processing of personal data for the purposes of evaluating, analyzing, or predicting an individual’s personal aspects in furtherance of decisions that produce legal or similarly significant effects. As a result, we do not provide a right to exercise control over such forms of automated decision-making and profiling.

YOUR ADDITIONAL U.S. PRIVACY CHOICES

Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to exercise some or all of the following rights:

• Right to Know: The right to confirm whether we are processing personal data about you and, under California law only, to obtain certain personalized details about the personal data we have collected about you, including:
  • The categories of personal data collected;
  • The categories of sources of the personal data;
  • The purposes for which the personal data were collected;
  • The categories of personal data disclosed to third parties (if any), and the categories of recipients to whom this personal data were disclosed;
  • The categories of personal data shared for targeted advertising purposes (if any), and the categories of recipients to whom the personal data were disclosed for these purposes; and
  • The categories of personal data sold (if any) and the categories of third parties to whom the personal data were sold.
• Right to Access & Portability: The right to obtain access to the personal data we have collected about you and, where required by law, the right to obtain a copy of the personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.
• Right to Correction: The right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing of the personal data.
• Right to Control Over Sensitive Personal Data: The right to exercise control over our collection and processing of certain sensitive personal data.
• Right to Control Over Automated Decision-Making / Profiling: The right to direct us not to use automated decision-making or profiling for certain purposes.
• Right to Opt-Out of Targeted Advertising: The right to direct us not to use or share personal data for certain targeted advertising purposes.
• Right to Opt-Out of Sales: The right to direct us not to sell personal data to third parties, including the right to opt-out of the disclosure of personal data to third parties for the third parties’ direct marketing purposes under California’s “Shine the Light” Law.
• Right to Deletion: The right to have us delete personal data we maintain about you.

Depending on your state of residency, you may also have the right to not receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights. However, the exercise of the rights described above may result in a different price, rate or quality level of product or service where that difference is reasonably related to the impact the right has on our relationship or is otherwise permitted by law.

Submitting Privacy Rights Requests

Please submit a request specifying the right you wish to exercise by emailing us at privacy@vi.co.

To exercise your right to opt-out as it relates to the use of cookies and related technologies that involve the sale of personal data or the use of personal data for targeted advertising purposes, please click the “Cookie Settings” link in the footer of the website and adjust your preferences accordingly. If you are visiting our site with the Global Privacy Control enabled, any cookies that constitute sales or are used for targeted advertising should already be turned off automatically in our cookie preference manager. Please note this opt-out tool is website, device, and browser-specific, so you will need to change your preferences on each device and browser you use to interact with the specific website you are visiting. In addition, you can also opt-out of cookie-based sales by businesses that participate in the Digital Advertising Alliance’s CCPA Opt-Out Tool by visiting https://www.privacyrights.info/. Lastly, you may follow the other steps set forth in the Automatic Data Collection Preferences and Targeted Advertising Preferences sections of the Your Privacy Choices section of our Privacy Statement to further exercise control over automatic data collection technologies.

Before processing your request to exercise certain rights (including the Right to Know, Access & Portability, Correction, and Deletion), we will need to verify your identity and confirm you are a resident of a state that offers the requested right(s). In order to verify your identity, we will generally either require the matching of sufficient information you provide us to the information we maintain about you in our systems. As a result, we require requests submitted through our online form and toll-free number to include sufficient information so that we may identify your data.

In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity or locate your information in our systems, or where you are not a resident of one of the eligible states.

Submitting Authorized Agent Requests

In certain circumstances, you are permitted to use an authorized agent to submit requests on your behalf through the designated methods set forth above where we can verify the authorized agent’s authority to act on your behalf. In order to verify the authorized agent’s authority, we generally require evidence of either (i) a valid power of attorney or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided and your state of residency, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request.

Appealing Privacy Rights Decisions

Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by replying to the communication resolving your original request.

ADDITIONAL CALIFORNIA-SPECIFIC DISCLOSURES

The following disclosures only apply to residents of the State of California.

California Categories of Personal Data

California law requires we provide disclosures to you about what personal data we collect by reference to the enumerated categories of personal data set forth within California law. To address this obligation, we have identified the relevant enumerated California personal data category for the personal data described in the Our Collection and Use of Personal Data section of our Privacy Notice below:

• Identifiers, such as real name, postal address, Internet Protocol address, and email address.
• Customer records, such as Name, contact information, education, employment, and financial information.
• Protected classification characteristics, such as age, race, and gender.
• Commercial information, such as purchasing histories or tendencies.
• Internet/network information, such as information regarding a consumer’s interaction with an Internet website application, or advertisement.
• Geolocation data, such as device lat/long and MAID.
• Professional / employment information.
• Education information.
• Sensitive personal data, such as race, ethnicity, national origin, or health data.

Inferences drawn from any other collected personal information to create a profile or a summary about, for example, an individual’s preferences and characteristics.

California Privacy Rights Request Statistics

The following chart reflects the California privacy rights requests that we have processed in the 2023 calendar year (January 2023 – December 2023):

 

 

Type of Consumer Request	Requests Received	Requests Fulfilled in Whole or Part	Requests Denied	[Median or Mean] Number of Days to a Substantive Response
Right to Know	0	0	0	0
Right to Access & Portability	0	0	0	0
Right to Correction	0	0	0	0
Right to Control Over Sensitive Personal Data	0	0	0	0
Right to Control Over Automated Decision-Making / Profiling	0	0	0	0
Right to Opt-Out of Targeted Advertising	0	0	0	0
Right to Opt-Out of Sales	0	0	0	0
Right to Deletion	0	0	0	0

 

ADDITIONAL EUROPEAN ECONOMIC AREA, UNITED KINGDOM, AND SWITZERLAND PRIVACY DISCLOSURES

 

These disclosures supplement the information contained in our Privacy Notice by providing additional information about our personal data processing practices relating to individuals who access our services or otherwise interact with us from the European Economic Area (“EEA”), United Kingdom (“UK“), and Switzerland. For a detailed description of how we collect, use, disclose, and otherwise process personal data, please read our Privacy Notice.

CONTROLLER DETAILS AND PRIVACY CONTACTS

EEA, UK, and Swiss Controller

Vi Labs Ltd (“Vi”) a company duly incorporated and organised under the laws of Israel, having its registered address at 110 E 25th Street, New York, NY 10010, USA, is the “controller” responsible for the processing of personal data in connection with our EEA, UK, and Swiss services and operations. This means Vi determines and is responsible for how your personal data is used. You may contact Vi by emailing us at privacy@vi.co or by mail at our registered address.

Our Data Protection Officer

We have appointed a Data Protection Officer who is responsible for monitoring our compliance with applicable data protection law. You can contact our Data Protection Officer with any questions or complaints you may have about our privacy practices by emailing us at privacy@vi.co.

Additional Questions or Complaints

If you have a concern about our processing of personal data, you have the right to lodge a complaint with the Data Protection Authority where you reside, where you work, or where an alleged violation of the law has occurred. Contact details for applicable Data Protection Authorities can be found using the links below:

• European Economic Area: https://edpb.europa.eu/about-edpb/board/members_en
• United Kingdom: https://ico.org.uk/global/contact-us/
• Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

We would, however, appreciate the chance to handle your concerns directly prior to a complaint being filed, so please contact us directly at privacy@vi.co if you have any concerns.

PURPOSES AND LEGAL BASES OF PROCESSING

When we process your personal data, we will do so in reliance on the following lawful bases:

• Contract: Where the processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract with you. This applies to any processing where you sign a contract with us, for example when you become our customer or deliver services to us as a vendor or contractor. This may also include processing necessary for the performance of our Terms of Use.
• Legitimate Interest: Where the processing is necessary for the purposes of a legitimate interest that are not overridden by your interests or fundamental rights and freedoms (e.g., to provide, maintain, and improve our products and services, conduct data analytics, and communicate with you regarding our services).
• Vital Interest: Where the processing is necessary to protect the vital interests of you or another person (e.g., to protect your physical safety).
• Public Interest: Where the processing is necessary to perform tasks carried out in the public interest or in the exercise of official authority vested in us (e.g., to cooperate in an ongoing law enforcement investigation).
• Legal Obligation: Where the processing is necessary to comply with our legal obligations (e.g., to maintain a record of your personal data to comply with laws and regulations related to bookkeeping, accounting, taxation, and employment).
• Consent: Where we have your consent for the processing (e.g., when you opt in to receive marketing communications from us). When consent is the legal basis for our processing of your personal data, you may withdraw your consent at any time.

When we process special categories of personal data (including race or ethnic origin, we do so only where (i) the processing relates to personal data which are manifestly made public by you, (ii) the processing is necessary for the establishment, exercise, or defense of legal claims, (iii) the processing is necessary for reasons of substantial public interest, or (iv) you have given us explicit consent.

You are not required to provide personal data to us, but we do rely on your personal data to provide certain of our products and services. For example, we need your personal data to facilitate and deliver an order that you request. If you choose not to provide us with your personal data, we may not be able to provide you with a service or product you request. We will inform you at the point that we collect personal data from you if the provision of certain personal data is mandatory or optional for receipt of our products and services.

AUTOMATED DECISION-MARKING AND PROFILING

We do not conduct automated processing of personal data, including profiling, for the purposes of making decisions about you.

RETENTION OF PERSONAL DATA

We will usually retain the personal data we collect about you for no longer than reasonably necessary to fulfil the purposes for which it was collected, and in accordance with our legitimate business interests and applicable law. However, if necessary, we may retain personal data for longer periods of time as required under applicable law or as needed to resolve disputes or protect our legal rights.

The criteria used to determine the period of time for which personal data about you will be retained varies depending on the legal basis under which we process your personal data:

• Contract: Where we are processing personal data based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
• Legitimate Interest: Where we are processing personal data based on legitimate interests, we generally will retain the information for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects.
• Vital Interest: Where we are processing personal data based on vital interests, we generally will retain the information for the period of time necessary to protect the vital interests of the relevant person plus some additional limited period of time that represents any applicable statute of limitations for legal claims that could arise out of the related events.
• Public Interest: Where we are processing personal data to perform tasks carried out in the public interest or in the exercise of official authority vested in us, we generally will retain the information for a reasonable period of time based on the public interest / official authority, taking into account any obligations we may have to retain the information for a longer period of time.
• Legal Obligation: Where we are processing personal data based on a legal obligation, we generally will retain the information for the period of time necessary to fulfill the legal obligation plus some additional limited period of time that represents the statute of limitations for legal claims that could arise from the legal obligation.
• Consent: Where we are processing personal data based on your consent, we generally will retain the information for the period of time necessary to fulfill the purposes for which you have provided your consent.

In certain circumstances, we may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved. In all cases, in addition to the purposes and legal bases identified above, we consider the amount, nature and sensitivity of personal data, as well as the potential risk of harm from unauthorized use or disclosure of personal data, in determining the relevant retention period.

Once retention of the personal data is no longer reasonably necessary for the purposes outlined above, we will either delete or deidentify the personal data or, if that is not possible (for example, because personal data has been stored in backup archives), we will securely store the personal data and isolate it from further active processing until deletion or deidentification is possible.

INTERNATIONAL TRANSFERS OF PERSONAL DATA

We operate and engage third-party partners and providers in various jurisdictions. Therefore, we and our third-party providers may transfer personal data to, or store, access, or process personal data in, a country other than the one in which it was collected, including, but not limited to, the United States. The country to which personal data is transferred may not provide the same level of protection for personal data as the country from which it was transferred.

We may transfer personal data about you outside of the EEA, UK, and Switzerland, and when we do so we rely on appropriate or suitable safeguards recognized under applicable law, including adequacy decisions, standard contractual clauses, and the EU-US Data Privacy Framework. If you would like more information on the specific safeguards we use (and obtain a copy of such safeguards, where applicable), please contact us at privacy@vi.co.

12. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

Adequacy Decisions

We may transfer personal data about you to countries that the relevant regulatory authority have deemed to adequately safeguard personal data, either automatically or in connection with a specific safe harbor framework.

Standard Contractual Clauses

Certain regulatory authorities have adopted standard contractual clauses, which provide safeguards for personal data transferred outside of the originating jurisdiction. We may use these standard contractual clauses when transferring personal data to a third country that has not been deemed to adequately safeguard personal data.

EU-U.S. Data Privacy Framework

The EU-U.S. Data Privacy Framework was designed by the U.S. Department of Commerce and the European Commission to ensure adequate protection for personal data transferred to a company participating in the EU-U.S. Data Privacy Framework. If we transfer any personal data about you from the EEA to a third party outside the EEA who is participating in the EU-U.S. Data Privacy Framework, we may rely on their participation in the Framework to ensure adequate protection for personal data so transferred.

YOUR ADDITIONAL EEA, UK, AND SWISS PRIVACY CHOICES

Subject to certain limitations at law, you may be able to exercise the following rights:

• Right to Access: The right to obtain confirmation of whether we are processing personal data about you, access to and a copy of the personal data we are processing about you, and information relating to its processing, including:
  • The categories of personal data being processed;
  • The purposes of the processing;
  • The categories of the sources of the personal data;
  • The categories of recipients to whom the personal data have been or will be disclosed;
  • The envisaged period for which the personal data will be stored, or the criteria used to determine that period;
  • Any automated decision-making or profiling performed in connection with your personal data; and
  • The safeguards relied upon for the transfer of personal data to any third country.
• Right of Portability: The right to obtain a copy of the personal data we have collected about you in a structured, commonly used, and machine-readable format, and the right to transmit that personal data to another controller without hindrance.
• Right to Rectification: The right to correct or update any personal data about you that is inaccurate or incomplete.
• Right to Restriction of Processing: The right to require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where the accuracy of the personal data is contested by you.
• Right to Object to Processing: The right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
• Right to Withdraw Consent: The right to withdraw your previously provided consent to our processing of your personal data. Please note withdrawing your consent will not affect the lawfulness of our use of your personal data before your consent was withdrawn, nor our processing of personal data pursuant to a different lawful basis for processing.
• Right to Erasure: The right to have us erase your personal data if the continued processing of that personal data is not otherwise justified.

Please note that if the exercise of these rights limits our ability to process personal data, we may not be able to provide our services to you, or otherwise engage with you in the same manner.

Submitting Privacy Rights Requests

Please submit a request specifying the right you wish to exercise by emailing us at privacy@vi.co.

To exercise your right to object as it relates to the use of automatic data collection technologies (including cookies) that facilitate our online targeted advertising activities, please click the “Cookie Settings” link in the footer of the website and adjust your preferences accordingly. Please note this preferences tool is website, device, and browser specific, so you will need to change your preferences on each device and browser you use to interact with the specific website you are visiting. In addition, you may follow the other steps set forth in the Automatic Data Collection Preferences section of the Your Privacy Choices section of our Privacy Notice to further exercise control over automatic data collection technologies.

Before processing your request to exercise certain rights (taking into account the confidential nature of any personal data we maintain), we will need to verify your identity and confirm you are accessing our services or otherwise interacting with us from the EEA, UK, or Switzerland. In order to verify your identity, we will generally either require the successful authentication of your account, or the matching of sufficient information you provide us to the information we maintain about you in our systems. As a result, we require requests submitted through our online form to include sufficient information so that we may identify your data.

In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity as needed to protect your personal data or locate your information in our systems, or where you are not accessing our services or otherwise interacting with us from the EEA, UK, or Switzerland.