If you are located in the European Union (“EU”), United Kingdom, Lichtenstein, Norway, Iceland or Switzerland, you may have additional rights with respect to your Personal Data, as further outlined below. These rights may include rights under the EU’s General Data Protection Regulation (“GDPR”), if you are located in the EU, United Kingdom, Lichtenstein, Norway or Iceland.
WHAT INFORMATION WE COLLECT
What Personal Data Do We Collect From You? We collect Personal Data about you when you provide such information directly to us, when third parties such as our business partners or service providers (including, but not limited to, social networks and analytics services) provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Service. In some cases, we combine non-Personal Data about you with Personal Data we have about you.
Information We Collect From You Directly: We receive Personal Data directly from you when you provide us with such Personal Data, including without limitation the following:
• Registration: You can browse our Website without providing Personal Data, but you must create an account in order to access some of the features of our Website. When you create an account, we collect Personal Data, such as your email address, Internet Protocol (“IP”) address, user name and password and date of birth. If you take part in any interactive features of the Service (such as any contests, games, promotions, quizzes, surveys, research or other services or features), you may provide us with additional types of Personal Data. We also collect information from you if you correspond with us directly.
• Profile Information: After you set up your account, you can also choose to provide additional information which is shared through public profiles. This information includes, without limitation, your user name, an avatar to represent yourself (which may or may not be a photo of you), and a personal narrative. Note that information you provide in your profile will be publicly available. If you do not wish to have information in your public profile, please do not add it.
• User Content: We collect User Content you provide on the Website, and we display it publicly on your user profile. For example, your profile page can display information about the pages, artists, or works upon which you have commented. Such information may include “favorites” such as artists, songs, and comments. Other users can post to a wall in this profile, where the public can view references to your comments you have made on the Website. User Content will include Personal Data if you provide Personal Data in your User Content.
Information We Receive From Third Party Sources: Some third parties, such as our business partners and service providers, provide us with Personal Data about you, such as the following:
• Information We May Receive From Social Network Sites: If you choose to connect your social media account(s), such as Facebook or Twitter, to your user profile on the Service, we display some information from your social media sites on our Service, and such information can include Personal Data. When you interact with our Website or Service through social media platforms, including Facebook, Google, Spotify, or Twitter, such as when you login with or link to your social media account, “Like” us on Facebook or share content through a social media site, we receive information from the social network such as your profile information, profile picture, gender, user name, user ID associated with your social media account, birth date, email address, age range, language, country, friends list, and any other information you permit the social network to share with third parties. The data we receive is dependent upon your privacy settings with the social network. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our Website or Service.
• Analytics and Advertising: We use third-party service providers to provide site metrics and other analytics services. These third parties provide us with information regarding your behavior on our Service.
Information We Automatically Collect When You Use Our Service. Some Personal Data is automatically collected when you use our Service, such as the following:
o Essential Cookies: Essential cookies are required for providing you with features or services that you have requested. For example, certain cookies enable you to log into secure areas of our Website or use a shopping cart feature within our Service. Disabling these cookies will make certain features and services unavailable.
o Functional Cookies: Functional cookies are used to record your choices and settings regarding our Service, maintain your preferences over time and recognize you when you return to our Service. These cookies help us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
o Performance/Analytical Cookies: Performance/analytical cookies allow us to understand how visitors use our Website and Service such as by collecting information about the number of visitors to the Website, what pages visitors view on our Website and how long visitors are viewing pages on the Website. Performance/analytical cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Service’s content for those who engage with our advertising.
o Retargeting/Advertising Cookies: Retargeting/advertising cookies collect data about your online activity and identify your interests so that we can provide advertising that we believe is relevant to you.
• Log Information: We collect log file information from your browser or mobile device each time you access the Service. Log file information includes information such as your web request, IP address, browser type, identity of your internet service provider, information about your mobile device, referring/exit pages and URLs, the number and duration of page views, number of clicks and how you interact with links on the Service, domain names, landing pages, and other such information.
• Mobile Identifiers: When you access our Website through a mobile device, we receive or collect and store a unique identification number associated with your device and other device information.
• Clear Gifs: We employ clear gifs (also known as web beacons) which are used to anonymously track the online usage patterns of our Users. In addition, we also use clear gifs in some HTML-based emails sent to our users to track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of the Service.
• Analytics Data: We collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for the Service. These tools collect information sent by your browser or mobile device, including the pages you visit, your use of third party applications, and other information that assists us in analyzing and improving the Service.
• Comments: When a user posts an anonymous comment on the Service while not logged into his or her account, we collect Personal Data associated with the comment including the user’s email and IP address.
How Do We Use Your Personal Data? We process Personal Data to operate, improve, understand and personalize our Service. For example, we use Personal Data to:
• Operate, maintain and provide our features and services on the Service;
• Create and manage user accounts;
• Verify the identity of users;
• Contact you about Service announcements, updates or offers, and send transactional emails related to the Service;
• Respond to user inquiries;
• Provide support and assistance for the Service;
• Personalize content and communications based on your preferences;
• Maintain interoperability with third party services, such as Spotify;
• Conduct online behavioral advertising;
• Remember information so that you will not have to re-enter it during your visit or the next time you visit the Website;
• Customize your user experience;
• Provide and monitor the effectiveness of our Service;
• Prevent spam or fraudulent or abusive activity on the Service;
• Serve relevant advertisements;
• Monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our website and our Service;
• Diagnose or fix technology problems;
• Otherwise to plan for, improve and enhance our Service;
• Meet contract or legal obligations; and
• Complete corporate transactions such as mergers and acquisitions.
Online Behavioral Advertising: Some of our advertising (“Behavioral Advertising”) involves using tracking tools such as cookies, pixel tags, and web beacons, to collect information about a user’s online activities (over time and across non-affiliated websites and applications) and providing ads to the user based the user’s interests (as inferred from the user’s online activity) or use of our Service. Behavioral Advertising may appear on our Service or on other websites or services. We work with third parties to provide Behavioral Advertising, such as advertising networks, data exchanges, traffic measurement service providers, marketing analytics service providers, and other third-party service providers (collectively, “Advertising Service Providers”). Advertising Service Providers perform services such as facilitating targeting of advertisements and measuring and analyzing advertising effectiveness on the Service (collectively, all such services, “Targeting Services”). Targeting Services help us display Behavioral Advertising, prevent you from seeing repeated ads, and enable us to research the usefulness of ads.
• We adhere to self-regulatory principles for online behavioral advertising issued by the Digital Advertising Alliance (“DAA”) and the European Interactive Digital Advertising Alliance (“EDAA”) (collectively, the “OBA Principles”). More information about the OBA Principles can be found at http://digitaladvertisingalliance.org/principles and http://www.edaa.eu/european-principles/.
• You have the option to opt out of Behavioral Advertising. For more information, see the section below titled “Your Choices Regarding Your Data.”
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below.
• Contractual Necessity: We process some Personal Data as a matter of “contractual necessity”, meaning that we need to process the data to perform under our Terms of Service with you, which enables us to provide you with the Service. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Service that require such data.
• Legitimate Interest: We process Personal Data for certain purposes when we believe it furthers the legitimate interest of us or others (e.g. our users). Examples of these legitimate interests include:
o Operation and improvement of our business and Service
o Marketing of our Service
o Serving relevant advertisements
o Provision of customer support
o Protection from fraud or security threats
o Spam prevention
o Compliance with legal obligations
o Completion of corporate transactions and provision of our Service after such transactions
• Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
• Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
2. SHARING PERSONAL INFORMATION WITH THIRD PARTIES
How and With Whom Do We Share Your Data?
We share your Personal Data in the instances described below. We also share information with others in an aggregated and anonymous form that does not reasonably identify you directly as an individual. For further information on your choices regarding your information, see the “Your Choices Regarding Your Data” section below.
Remember, our Service allows you to connect with others and share information about yourself with other individuals. Your profile information, including your user name, avatar, and personal narrative, and comments you make on the Website, will be available publicly to other members of the Service by default and in some cases will be searchable by search engines which can display your information publicly.
Similarly, your name and avatar will be displayed alongside any comments you make on the Website and will be displayed on our homepage alongside your IQ if you make The Weekly IQ Leaderboard, on our Contributors list, or in connection with your comments and reactions to our blog and to other contributors. By using the Service, you acknowledge that you understand and agree that your profile information will be displayed publicly.
• Fraud prevention and spam service providers;
• Ad networks and exchanges;
• Analytics service providers;
• Hosting service providers;
• Monitoring service providers;
• Data management platforms;
• Security service providers;
• Payment processors;
• Business partners who offer services to you jointly with us, for example, when running a co-sponsored contest or promotion; and
• Other third parties who we think can offer you products or services you would enjoy.
We also share information with third parties when you give us consent to do so.
We also share Personal Data when we believe it is necessary to:
• Satisfy any applicable law, regulation, subpoena/court order, legal process or other government request;
• Enforce our Terms of Service, including the investigation of potential violations thereof;
• Investigate and defend ourselves against any third party claims or allegations;
• Protect against harm to the rights, property or safety of Hallyu Idol, its users or the public as required or permitted by law;
• Detect, prevent or otherwise address criminal (including fraud or stalking) security or technical issues; and
• Maintain the security of our Service.
We would share Personal Data with third parties in connection with any company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party or in the event of bankruptcy or related or similar proceedings. For example, if we choose to buy or sell assets, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party, and we would share Personal Data with the party that is acquiring our assets. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Data as set forth in this policy.
We also share Personal Data with third parties for their marketing purposes if we determine they have products or services which may be of interest to you.
Our online merchant store is currently hosted by Shopify Inc. (“Shopify”). Shopify provides us with the online e-commerce platform that allows us to sell certain merchandise to you. When you provide Personal Data in connection with a purchase on or through the Service, such Personal Data is stored through Shopify’s data storage, databases, and the general Shopify application. Shopify may transfer, process or store your data outside of the United States and such data may be subject to disclosure as required by applicable law. For more information, you can read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
3. YOUR CHOICES REGARDING YOUR DATA
Marketing Communications: If you do not want to receive promotional emails from us, you can click the “unsubscribe” button on the promotional email communications or email us at firstname.lastname@example.org with the subject “Marketing Opt-Out”. Note that you will not be able to unsubscribe or opt-out of non-promotional messages regarding your account, such as account verification, password reminders, changes or updates to features of the Service, or technical and security notices.
We share your Personal Data, such as email address and user name, with some third parties for their marketing purposes if we determine they have products or services which may be of interest to you. If you wish to have your user name and email address excluded from any such sharing with partners, please email email@example.com with the subject “Marketing Opt-Out.” If you have any questions about this opt-out or our marketing practices, please email us at firstname.lastname@example.org.
Behavioral Advertising and Tracking Tools: You can opt-out of certain Behavioral Advertising activities by doing one or more of the following. Please note that you will need to opt-out of each browser and device for which you desire to apply these opt-out features.
• Service Provider Opt Out: You can opt-out directly from some Advertising Service Providers and providers of Tracking Tools by using their opt-out tools. Some of these service providers, and links to their opt-out tools, are:
• Industry Opt Out Tools: Some Advertising Service Providers or providers of Tracking Tools may participate in the Network Advertising Initiative's (NAI) Opt-Out Tool (http://www.networkadvertising.org/choices/) and/or the Digital Advertising Alliance (DAA) Consumer Choice Page (http://www.aboutads.info/choices/), and you can opt-out of certain services and learn more about your choices by visiting the links included here. Users in the EU can visit http://www.youronlinechoices.eu/ for more information about your choices and to opt out of participating service providers.
• Web Browser Controls: You can prevent the use of certain Tracking Tools, such as cookies, on a device-by-device basis using the controls in your web browser. These controls can be found in the Tools > Internet Options (or similar) menu for your browser, or as otherwise directed by your browser’s support feature. Through your web browser, you may be able to:
o Delete existing Tracking Tools
o Disable future Tracking Tools
o Set your browser to provide you with a warning each time a cookie or certain other Tracking Tools are being set
• Mobile Opt Out: Your mobile devices may offer settings that enable you to make choices about the collection, use, or transfer of mobile app information for Behavioral Advertising. You may also opt-out of certain Tracking Tools on mobile devices by installing the DAA’s AppChoice app on your mobile device (for iTunes, visit https://itunes.apple.com/us/app/appchoices/id894822870?mt=8, for Android, visit https://play.google.com/store/apps/details?id=com.DAA.appchoices&hl=en). For more information, please visit http://support.apple.com/kb/HT4228, https://support.google.com/ads/answer/2662922?hl=en or http://www.applicationprivacy.org/expressing-your-behavioral-advertising-choices-on-a-mobile-device, as applicable.
• Do Not Track: Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. The Service does not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are using the Service and after you leave our Service. We collect certain persistent identifiers from your browser or mobile device to assist us with providing and improving the Service. Because we collect browsing and persistent identifier data (only for analytic and internal purposes), your selection of the “Do Not Track” option provided by your mobile browser will not have any effect on our collection of analytics information or the collection of a persistent identifier.
Please note the following with respect to opting out of Behavioral Advertising:
• Some opt-out features are cookie-based, meaning that when you use these opt-out features, an “opt-out” cookie will be placed on your computer or other device indicating that you do not want to receive Behavioral Advertising from certain companies. If you delete your cookies, use a different browser, or use a different device, you will need to renew your opt-out choice.
• Opting-out of Behavioral Advertising does not mean that you will no longer receive online ads. It only means that such ads will no longer be tailored to your specific viewing habits or interests. You may continue to see ads on and about the Service.
Data Retention: We retain Personal Data about you for a period of time consistent with the original purpose of collection, whether or not you have an account with us. For instance, we may retain your Personal Data for as long as you have an open account with us or as otherwise necessary to provide you the Service, and for a reasonable period of time afterward. In some cases we retain Personal Data for longer, if doing so is necessary to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes or collect fees owed, enforce our agreements, or as otherwise permitted or required by applicable law, rule or regulation. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally. If you wish to change or delete your profile and Personal Data, you can contact us at email@example.com, and we will amend or delete your Personal Data within a reasonable time after your request, if feasible, or if you reside in the EU, as set forth in Section 8 below. Because of the crowd-sourced and collaborative nature of our service, however, we will not be able to delete content you post to public areas of our site. We may be able to anonymize your information such that you will no longer be reasonably identifiable.
4. SECURITY AND STORAGE OF DATA
Hallyu Idol cares about the security of your information and uses commercially reasonable physical, administrative, and technological safeguards to preserve the integrity and security of all information we collect. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
5. TRANSFERS OF PERSONAL DATA
The Service is hosted and operated in the United States (“U.S.”) through Hallyu Idol and its service providers, and if you are not located in the U.S., laws in the U.S. may differ from the laws where you are located. By using the Service, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Hallyu Idol in the U.S. and will be hosted on U.S. servers, and you authorize Hallyu Idol to transfer, store and process your information to and in the U.S., and possibly other countries. You hereby consent to the transfer of your data to the U.S. pursuant to EU-US Privacy Shield Framework, the details of which are further set forth below.
Hallyu Idol has been certified to the EU-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection and use of Personal Data transferred from the EU. For more information about the Privacy Shield Program, and to view Hallyu Idol’s certification, please visit www.privacyshield.gov. Hallyu Idol is committed to the Privacy Shield Principles of (1) notice, (2) consent, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access and (7) recourse, enforcement and liability, with respect to all Personal Data received from within the EU in reliance on the Privacy Shield. The Privacy Shield Principles require that we remain potentially liable if any third party processing Personal Data on our behalf fails to comply with these Privacy Shield Principles (except to the extent we are not responsible for the event giving rise to any alleged damage). Hallyu Idol’s compliance with the Privacy Shield is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Please contact us at firstname.lastname@example.org with any questions or concerns relating to our Privacy Shield Certification. If you do not receive timely acknowledgment of your Privacy Shield-related complaint from us, or if we have not resolved your complaint, you can also resolve a Privacy Shield-related complaint through JAMS, an alternative dispute resolution provider located in the United States. You can visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint, at no cost to you. Under certain conditions, you can also be entitled to invoke binding arbitration for complaints not resolved by other means.
6. CHILDREN'S PRIVACY
We do not knowingly collect or solicit Personal Data from anyone under the age of 13 (or if you are in the EU, we do not knowingly collect or solicit Personal Data from anyone under the age of 16). If you are under 13 (or under 16 in the EU), please do not attempt to register for the Service or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 13 (or under age 16 in the EU), we will delete that information as quickly as possible. If you believe that a child under 13 (or under 16 in the EU) may have provided us Personal Data, please contact us at email@example.com. Please contact us at firstname.lastname@example.org if you have any questions about children's privacy.
7. LINKS TO THIRD PARTY WEBSITES
The Service, from time to time, contains links to and from third party websites of our partner networks, advertisers, partner merchants, retailers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.
8. YOUR PRIVACY RIGHTS
Under California Civil Code Sections 1798.83-1798.84, Hallyu Idol users who are residents of California may request certain information about our disclosure of Personal Data during the prior calendar year to third parties for their direct marketing purposes. To make such a request, please send us an email at email@example.com with the words “California Privacy Rights” in the subject line.
If you are located in the EU, the United Kingdom, Lichtenstein, Norway, or Iceland, and use or access the Service, you may have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email firstname.lastname@example.org. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need to you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
o Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by logging into your account.
o Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your account. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.
o Erasure: You can request that we erase some or all of your Personal Data from our systems.
o Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Service.
o Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
o Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes.
o Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
o Right to File Complaint: You have the right to lodge a complaint about Hallyu Idol’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.