Notice at Collection and Privacy Policy

for Marketing Events

Last Updated: March 15, 2024

We at Digital Turbine, Inc., d/b/a “Digital Turbine” and our affiliated companies (collectively, “DT,” “we,” “us,” or “our”) put great efforts into making sure that we secure personal information and use it properly.

The notice at collection (the “Notice at Collection”) and Privacy Policy (the “Policy”) provided on this page explain to attendees of our marketing events our privacy practices for processing personal information related to them when they register for our marketing events.

We operate DT’s events as a business or a controller (within the meaning of such terms under applicable Privacy Laws).

The term “personal information” refers to information that identifies an individual or relates to an identifiable individual or as otherwise defined under applicable data protection and privacy laws of the United States (“US Privacy Laws”)  or to “personal data” as defined under the General Data Protection Regulation (“GDPR”) and under the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (“UK GDPR”), or Brazil’s data protection law (“Lei Geral de Proteção de Dados Pessoais”, or “LGPD”), as applicable. (collectively: “Privacy Laws”).

This Notice also explains certain rights that Consumers have under Privacy Laws and how they may exercise them.

The general part of this Policy applies to all the individuals that provide us with their personal information upon registration to or attending our event. ANNEX 1 includes supplemental terms regarding our processing of personal information under the GDPR and UK GDPR, and ANNEX 2 includes supplemental terms about our processing of personal information under the LGPD.

Please take the time to read our full Policy. If you disagree with the Notice at Collection and Policy, please do not register to our events.

Categories of personal information

When you (“you”) register to our event, we collect your contact information such as full name, job title, company email address, phone number. Occasionally we collect your food preferences restrictions (e.g., vegetarian/pescatarian/gluten free) or ask for your feedback about the sessions, speakers, and your overall experience in our event.

We may send you marketing communications with information about Digital Turbine’s future events, subject to your consent. You acknowledge that you can opt out of receiving such marketing communications at any time by clicking the unsubscribe link in the emails.

By registering for our event, you acknowledge and agree that we may take photographs and videos of you in public areas of the conference and use them in our marketing materials.

Categories of sensitive personal information

We are not intended to collect sensitive personal information (within the meaning of Privacy Laws). We do not knowingly collect sensitive personal information and require you not to provide us with any such information.

What do we do with personal information?

We use personal information related to you for the following purposes:

  • to host and/or organize and operate the event;
  • to provide you with information and reminders related to the event
  • to obtain your RSVP to our event;
  • to share your personal data with the co-hosts of the event or third parties’ vendors relevant for the organization and operation of the event.
  • To monitor the ROI (return on investment) of the event and the creation of a business relationship with your organization following the event (e.g., lead generation).
  • To improve next year’s event based on your attendance and feedback to this year’s event.

We obey the law and expect you to do the same. If necessary, we will use personal information related to you to enforce our terms, policies, and legal agreements, to comply with court orders and warrants, and assist law enforcement agencies, and to take any action in any legal dispute and proceeding.

We commit to only process personal information related to you for the purposes described in this policy.

Who do we disclose, share, or sell personal information with?

Personal information related to you is disclosed to certain members of our staff, external consultants and to our affiliates, who are all governed by this Policy.

We also disclose personal information related to you to with our co-hosts, speakers, event producers, professional photographer/videographers and other third-party service providers that process personal information about you on our behalf in relation to the event. Such agents and service providers will be contractually bound to keep personal information related to you confidential and appropriately secure.

A merger, acquisition, or any other structural change will require us to transfer personal information related to you to another entity as part of the structural change, provided that the receiving entity will comply with this Policy.

We will also need to disclose personal information related to you in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We will disclose, share, or sell personal information related to you only subject to the terms of this Policy or subject to your prior consent.

How long do we retain personal information?

We retain different types of personal information related to you for different periods, depending on the purposes for processing the information, our legitimate business purposes, and pursuant to legal requirements under applicable law.We may maintain your contact details to help us stay in contact with you in case such information was provided to us by you. You can contact our privacy team at: [email protected] and request to delete your contact details. Note that we will keep your details without using them if necessary, and for the necessary period, for legal requirements and proceedings.

We will keep aggregated non-identifiable information without limitation and to the extent reasonable, we will delete or de-identify potentially identifiable information, when we no longer need to process the information.

In any case, we will keep information about you for the duration of the event and for 12 months thereafter until next year event, unless applicable law requires us to delete it or if we decide to remove it at our discretion, according to the terms of this policy.

Children

We do not knowingly sell or share personal information related to children, as such term is defined under applicable Privacy Laws.

Your choices and rights

  • Access. You have the right to confirm whether we are processing personal information about you and to access such information, including to request to know:
    • what personal information we have collected about you;
    • the categories of personal information;
    • the categories of sources from which the personal information is collected;
    • the business or commercial purpose for collecting, selling, or sharing such information;
    • the categories of third parties to whom we disclose personal information; and,
    • the specific pieces of personal information we have collected about you.
  • Correction. You have the right to request that we correct inaccurate personal information that we maintain about you.
  • Deletion. You have the right to request that we delete personal information related to you that we have collected from you, subject to certain exceptions under applicable US Privacy Laws. Accordingly, note that when we delete personal information related to you that we have collected from or about you, it will be deleted from our active databases, but we will keep a reasonable number of copies in our archives. We will continue to retain the personal information related to you for legitimate business purposes as set forth above.
  • Portability. When exercising your right of access detailed above, you also have the right to obtain the personal information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another entity without hindrance. Note that you may only exercise this right no more than two times per calendar year. Also note that when responding to your request, we will omit any information that would disclose our trade secrets, as permitted by US Privacy Laws. You may also have the right to obtain a representative summary of personal data information that you previously provided to us.
  • Opt-out rights. You have the right to opt-out of the sale or sharing of personal information related to you by us, or otherwise the use of such information for targeted advertising or profiling for the purpose of making decisions that produce legal or similarly significant effects concerning you.
  • Limit the use of sensitive personal information. You have the right to request that we limit the use or disclosure of sensitive personal information related to you only to the purposes permitted under applicable US Privacy Laws. We do not actively collect sensitive personal information (within the meaning of US Privacy Laws) and do not infer characteristics from sensitive personal information.
  • Non-discrimination. You have the right not to receive discriminatory treatment by us for exercising your privacy rights detailed in this Policy.
  • If you are in the European Economic Area (EEA), you might have additional rights under the General Data Protection Regulation (GDPR). Please read our Supplemental Terms for Processing Personal Data Under the GDPR in ANNEX 1 attached hereto.
  • If you are a resident of Brazil, you might have additional rights under the LGPD (Lei Geral de Proteção de Dados Pessoais), the Brazil’s data protection law. Please read our Supplemental Terms for Processing Personal Data Under the LGPD in ANNEX 2 attached hereto.

Exercising your choices and rights

We will give you choices about the ways we use and share personal information related to you, and we will respect the choices you make.

You can exercise your rights by emailing us via [email protected].

Only you or a person authorized to act on your behalf may make a request related to personal information related to you. A request for access can be made by you only twice within a 12-month period.

The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with the requested personal information if we cannot verify your identity or authority to make the request and confirm the personal information related to you. We will only use the personal information provided in your request to verify your identity or authority to make the request.

We will do our best to respond to your request within 30 days of its receipt. If we require more time (up to additional 30 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for such a decision and provide you with a cost estimate before completing your request.

We will not require that you create an account in order to exercise your rights under this Policy.

After receiving our reply, you can appeal against our decision by contacting us. We will review your appeal and provide you with our answer and our explanation of the reasons for our decision(s) within 60 days of receiving it. We will also provide you with a link (to the extent available) to submit a complaint with the relevant Attorney General.

Transfer of personal information outside your territory

We store and process information from our Marketing Team in the United States, including personal information, either directly or using third parties. Digital Turbine has data centers in the United States. We use the applicable transfer mechanisms when transferring your personal data to the United States.

If you are a resident in a jurisdiction where transfer of personal information related to you to another jurisdiction requires your consent, then you provide us your express and unambiguous consent to such transfer.

We make sure that our third-party service providers/processors, provide us with adequate confidentiality and security commitments and we will take all steps reasonably necessary to ensure that personal information related to you is treated securely and in accordance with this policy.

Information security

We are committed to ensuring the security of personal information. We and our hosting services implement systems, applications, and procedures to secure personal information related to you, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information. These measures provide sound industry standard security.

However, please understand that no security system is impenetrable, and although we make efforts to protect your privacy, we cannot guarantee that the systems will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.

Dispute resolution

We do periodical assessments of our data processing and privacy practices, to make sure that we comply with this policy, to update the policy when we believe that we need to, and to verify that we display the policy properly and in an accessible manner. If you have any concerns about the way we process personal information related to you, you are welcome to contact our privacy team at: [email protected], or write to us.

We will look into your query and make good-faith efforts to resolve any existing or potential dispute with you.

Changes to this policy

From time to time, we will update this policy. If the updates have minor if any consequences, they will take effect 14 days after we post a notice on our Website at https://www.digitalturbine.com/. Substantial changes will be effective 30 days after we initially posted the notice.

Until the new policy takes effect, if it materially reduces the protection of your privacy under the then-existing policy you can choose not to accept it and cancel your registration to our event. Attending the event after the new policy takes effect means that you agree to the new policy. Note that if we need to adapt the policy to legal requirements, the new policy will become effective immediately or as required by law.

Contact Us

Please contact us at: [email protected]

ANNEX 1

Supplemental Terms for Processing Personal Data Under the GDPR

We, at DT describe our privacy practices in relation to our marketing events in our Notice at Collection and Privacy Policy above (the “General Policy”). Please take the time to read our General Policy.

These terms supplement and are not a substitute for our General Policy. They add terms specifically related to our privacy practices associated with processing personal data under European data protection laws, namely the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

You should read both documents to understand the full scope of our privacy practices. If there are any overlapping provisions, these supplemental terms will prevail for our processing of personal data under the GDPR.

These terms use certain defined terms under the GDPR, such as “personal data”, “processing”, “consent”, “data controller” and “lawful grounds of processing”. If you are not familiar with these terms, please seek further guidance or contact our privacy team at: [email protected] with any questions that you may have about these terms.

Lawful Grounds of Processing

We process personal data related to you as a data controller when you register to attend our events based on the following lawful grounds:

  • We will process personal data related to you based on your consent upon registration to our event.
  • We will process personal data related to you as necessary for your participation in our event (e.g., to access the event) based on our legitimate interests.
  • We will process personal data related to you to comply with our legal obligations and where necessary, to protect your and others’ vital interests.
  • To protect our systems and our networks and systems, including by using cyber security measures.
  • We will rely on our legitimate interests, which we have a good-faith belief that is not overridden by your fundamental rights and freedoms, for the following purposes:
    • To provide support, customer relations, and for event operations.
    • To enhance and improve your and other attendees’ experience with our events.
  • We will also rely on your consent for processing personal data related to you. Where consent is applicable, we will present you with an option to provide and withdraw it.

Your Rights Under the GDPR

In addition to your applicable rights as described under our General Policy, you have the following rights:

  • AT ANY TIME, YOU CAN CONTACT US AND REQUEST TO WITHDRAW YOUR CONSENT TO THE PROCESSING OF PERSONAL DATA RELATED TO YOU. EXERCISING THIS RIGHT WILL NOT AFFECT THE LAWFULNESS OF PROCESSING BASED ON CONSENT BEFORE ITS WITHDRAWAL.
  • Request to access personal data that we keep about you and receive further information as described under the GDPR. If you find that the personal data related to you is not accurate, complete or up to date, please provide us the necessary information to correct it.
  • Request to delete or restrict access to personal data related to you. We will review your request and use our judgment, pursuant to the provisions of the applicable law, to reach a decision about your request.

If we need to delete personal data related to you following your request, it will take some time until we completely delete residual copies of personal data related to you from our active servers and from our backup systems.

  • If you exercise one (or more) of the above-mentioned rights, in accordance with the provisions of applicable law, you may request to be informed that third parties that hold personal data related to you, in accordance with this policy, will act accordingly.
  • You may ask to transfer personal data related to you in accordance with your right to data portability.
  • You may object to the processing of personal data related to you for direct marketing purposes, such as by unsubscribing from our newsletters and distribution lists. Additional information about this right is available under the choice section in this policy.
  • You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affecting you.
  • You have a right to lodge a complaint with a data protection supervisory authority of your habitual residence, your place of work or the place of an alleged infringement of your rights under the GDPR.

Please note that when you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and will ask you further questions to understand the nature and scope of your request.

If you have any concerns about the way we process personal data related to you, you are welcome to contact our privacy team at: [email protected]. We will investigate your inquiry and make good-faith efforts to respond promptly. If we are unable to help, you also have the right to make a complaint to the applicable data protection supervisory authority, as aforementioned.

Our DPO and Representatives

Our Data Protection Officer can be reached at: [email protected].

Our EEA designated representative is: Rickert Rechtsanwaltsgesellschaft mbH and can be reached at: Colmantstraße 15, 53115 Bonn, Germany, [email protected].

Transfer of Personal Data Outside the EEA

We store and process information in the U.S. From time to time, we will make operational decisions which will have an impact on the sites in which we maintain personal data.

We make sure that our third-party service providers provide us with adequate confidentiality, data protection and security commitments in accordance with the GDPR, and we will take all steps reasonably necessary to ensure that personal data related to you is treated securely and in accordance with our General Policy and these supplemental terms.

We may transfer personal data related to you to other countries. Some of them are not recognized by the European Commission as providing adequate protection to personal data, and some of them, although recognized, required additional safeguards. We will use appropriate safeguards, in particular, by way of entering into the European Union (EU) Standard Contractual Clauses with the relevant recipients, by relying on self-certifications, or by complying with equivalent data transfer mechanisms. You can contact our privacy team at: [email protected] to receive more information related to our data transfer practices.

ANNEX 2

Supplemental Terms for Processing Personal Data Under the LGPD

We at DT describe our privacy practices in relation our events in our Notice at Collection and Privacy Policy (the “General Policy”). Please take the time to read our General Policy.

These terms supplement our General Policy. They add terms specifically related to our privacy practices associated with processing personal data under Brazilian data protection laws, namely the Brazilian General Data Privacy Law (Lei Geral de Proteção de Dados Pessoais). We will refer to them as the “LGPD”).

You should read both documents to understand the full scope of our privacy practices. If there are any overlapping provisions, these supplemental terms will prevail, for our processing of personal data under the LGPD.

These terms use certain defined terms under the LGPD, such as “personal data”, “processing”, “consent”, “data controller” and “lawful grounds of processing”, as translated from the official version of the LGPD in Portuguese. If you are not familiar with these terms, please seek further guidance or contact our privacy team at: [email protected] with any question that you may have about these terms.

Lawful Grounds of Processing

We process personal data related to you as a data controller when you register and/or attend our marketing events based on the following lawful grounds:

  • We will process personal data related to you to comply with our legal obligations and where necessary, to protect your and others’ vital interests.
  • We will rely on our legitimate interests, which we have good-faith belief that they are not overridden by your fundamental rights and freedoms, for the following purposes:
    • To communicate with you, including for direct marketing purposes.
    • To protect our systems and our networks and systems, including by using cyber security measures.
    • To provide support, customer relations and for event operations.
    • To enhance and improve yours and other attendees’ experience with our events.
  • We will also rely on your consent for processing personal data related to you. Where consent is applicable, we will present you with an option to provide it and an option to withdraw it.

Your Rights Under the LGPD

In addition to your applicable rights as described under our General Policy, you have the following rights in relation to personal data related to you:

  • Confirmation of the existence of the processing;
  • Access to the personal data related to you (i.e., obtain a copy);
  • Correction of incomplete, inaccurate or out-of-date personal data related to you;
  • Anonymization, blocking or deletion of unnecessary or excessive personal data related to you or personal data related to you processed in noncompliance with the provisions of the LGPD;
  • Portability of the personal data related to you to another provider, by means of an express request and subject to commercial and industrial secrecy, pursuant to the regulation of the controlling agency;
  • Deletion of personal data related to you processed with your consent, except in the situations provided under the LGPD;
  • Information about public and private entities with which we shared personal data related to you;
  • Information about the possibility of denying consent and the consequences of such denial;
  • Revocation of your consent as provided under the LGPD.

Please note that when you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and will ask you further questions to understand the nature and scope of your request.

If you have any concerns about the way we process personal data related to you, you are welcome to contact our privacy team at: [email protected]. We will investigate your inquiry and make good-faith efforts to respond promptly. If we are unable to help, you also have the right to make a complaint to the applicable data protection supervisory authority, as aforementioned.

Our DPO

Our Data Protection Officer can be reached at: [email protected].

Transfer of Personal Data Outside Brazil

We store and process information within the U.S. From time to time, we will make operational decisions which will have an impact on the sites in which we maintain personal data.

We make sure that our third-party service providers provide us with adequate confidentiality, data protection and security commitments in accordance with the LGPD, and we will take all steps reasonably necessary to ensure that personal data related to you is treated securely and in accordance with our General Policy and these supplemental terms.

We will transfer personal data related to you to other countries. Some of them provide a degree of protection of personal data appropriate to the provisions the LGPD. In other cases, we will use appropriate safeguards by way of entering into standard data transfer agreements with the relevant recipients, or by relying on other applicable data transfer mechanisms. You can contact our privacy team at: [email protected] to receive more information related to our data transfer practices.