XUMO Privacy Policy

Last updated date: March 2020

To view our full Privacy Policy online, click here. To view our full Terms of Service, click here. To receive copies of all three documents, e-mail privacy@xumo.com. To review the full Privacy Policy, keep reading.

If you are a California resident, please make sure that you review the section “Additional information for California residents” below for important information, as required by California privacy laws, about the categories of personal information that we collect and disclose, and your rights under California privacy laws.

Introduction and Overview

XUMO, LLC (“XUMO”, “we”, “our” or “us”) offers a streaming television service that you can watch on the web, through a mobile app or through your smart TV, such as when our service is integrated into your TV or is an app on your TV or other streaming device. We refer to our television service, features, widgets, plug-ins, applications, content, downloads and/or other services as the “Services” in this Privacy Policy.

This Privacy Policy is designed to tell you what personal information XUMO collects, how we use, store and share it, and your rights and choices concerning the information we collect from you. This Privacy Policy applies to all personal information that we collect related to the Services that link to this Privacy Policy, whether you are accessing or using our Services directly, or you are otherwise interacting with us, such as by contacting user support.

In addition, please review the Service’s Terms of Service, which govern your use of the Service, and include among other things limits on our liability and your remedies, mandatory arbitration, and waiver of jury trial and class actions. By using our Service, you agree to our Terms of Service (which grant us rights from you, limit our liability to you and limit your remedies) and consent to our collection, use and sharing of your information and data, and other activities, as described below.

We will change this Privacy Policy from time to time. When we make changes, we will revise the date at the top of the Policy and, in some cases, will notify you through the Services, such as via our homepage, email or other communication.

1. Personal information that we collect

In this section, we explain what personal information we collect about you and how we collect it.

i.  Information that you provide

You can use most of our Services without actively submitting any information about yourself, but you may choose to provide us with personal information through the Services, and when you do this, we will collect the personal information that you provide. In particular:

  • If you desire localised content, we will collect your postal code
  • If you contact us about opportunities to partner with XUMO, we will collect information about you through our contact form, including your full name and email address. We may also collect information that you choose to provide to us in connection with such enquiry. 
  • If you contact us through our user support channels, we will collect information about you including your full name, email address and, optionally, information about your streaming device. We may also collect additional contact information, such as your postal address, phone number or any other information that you provide to us.
  • If you sign up for our mailing lists, we will collect your email address.

 ii. Information about your use of the Services

We automatically collect information about your use of the Services, such as the time of your visit and the content you view. For example, we track what channels and content individual users view and how long a user watches those channels and content.

We also receive and collect technical information about your device and software, as applicable, including the type of device, operating system and version, network information, IP address (a unique number used to identify a device on the Internet), mobile device advertising identifier (a resettable identifier that is assigned to your mobile device by your operating system provider, such as Apple or Google), connected TV application device identifier (such as your Roku advertising identifier), connected TV identifier, the page you visited before visiting our website, and crash data.

We may use cookies, which are small text files that help store user preferences and activity, and similar technologies such as web beacons, pixels and ad tags to recognise you when you visit our Services, and to collect information such as the number of visits, which features or pages are popular, measurements about an advertising campaign’s success, and other information about your browsing activities. We may also use recognition technologies, including application of statistical probability to data sets, which attempt to recognise or make assumptions about users and devices (e.g. that a user of multiple devices is the same user).

iii.  Information from third parties

In some jurisdictions, we may collect information about your device or household from third parties. We will use this information to customise the content and advertisements that are shown to you.

2. Advertising and analytics Services provided by others

We may allow others to provide analytics services and serve advertisements in our Services and across the web and in mobile applications. These entities may use cookies, web beacons, device identifiers and other technologies to collect information about your use of the Services and other websites and applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in apps, links clicked and conversion information. This information may be used by XUMO and others to, among other things, analyse and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Services and other websites, and better understand your online activity. For more information about interest-based ads, or to opt out of having your web browsing information used for behavioural advertising purposes, please visit http://www.aboutads.info/choices. Your mobile device may also include a feature (“Limit Ad Tracking” on iOS or “Opt Out of Interest-Based Ads” on Android) that allows you to opt out of having certain information collected through mobile apps used for behavioural advertising purposes. Finally, your connected TV or streaming device may offer you the ability to opt out of the use of information about your viewing information for purposes of showing ads that are targeted to your interests. You should check with the manufacturer of your device for more information.

The Services interact with Nielsen’s proprietary measurement, which will allow you to contribute to market research. By clicking on http://www.nielsen.com/digitalprivacy, users can access more information about the measurement software and learn about their choices with regard to Nielsen’s measurement.

3. Use of information

We use the personal information that we collect to analyse traffic and user activities on our Services, identify popular areas or features, and optimise and personalise the Services. This includes linking information gathered through various methods to provide you with a consistent experience on our Services. For example, we may suggest content or titles that may be of interest, organise your guide to show the most relevant channels or titles, and customise notifications or advertisements or other marketing communications on our Services or third-party sites and services.

We may also use the information we collect for the following purposes:

  • Respond to customer service requests
  • Provide, maintain and improve our Services, as well as develop new content and features
  • Protect the rights and property of XUMO and others, including to detect, investigate and prevent fraud and other illegal activities and to enforce our agreements
  • Marketing and advertising

4. Disclosure of your personal information

We will not disclose your personal information to any unrelated third parties unless we have your consent to do so, with the exceptions we mention here:

  • With service providers who provide services to us under a contract and are required to keep the personal information confidential
  • If reasonably necessary to comply with a law, regulation or compulsory process (for example, to respond to a subpoena)
  • If we conclude that your actions violate our user agreements or policies, or to protect the rights, property or safety of XUMO or others
  • In connection with a merger, sale of company assets, financing or acquisition of all or a portion of our business, provided that the receiving party agrees to protect personal information in accordance with the commitments of this policy and applicable law
  • With our parent, subsidiaries and affiliates

As noted above, we share personal information that does not directly identify you but that identifies your device, such as cookie identifiers, device identifiers and IP addresses, through third-party cookies and similar technologies on our Services, to enable those third parties to provide us with analytics and advertising services.

We may share information that cannot be linked back to you or your device (such as aggregated data), which is not considered personal information under this Policy, with third parties.

5. Data storage

We store the personal information that we collect for as long as is necessary for the purpose(s) for which we originally collected it. We may also retain personal information as required by law.

6. Individuals in the EEA, United Kingdom and Switzerland

(a) Information about the processing of your data

If you are in the European Economic Area, the United Kingdom or Switzerland, XUMO is a data controller who collects and processes your data.  We take your privacy seriously and understand the importance of maintaining the confidentiality of your personal data and other information stored about you in connection with your use of the Services/application.  In accordance with Art. 12 of the General Data Protection Regulation (hereinafter referred to as the GDPR), we are obliged to inform you about the processing of your data when you use our Services/application.  This section supplements Sections 1-5 and 7-12 of this Privacy Policy. 

This Privacy Policy applies to XUMO’s processing of your personal data when you visit and use our Services/application and reside in the EEA, UK or Switzerland. This means information that identifies you personally, such as your name, location, IP address, device information and contact details or data that can be linked with such information in order to identify you directly or indirectly.  This Privacy Policy also covers XUMO’s collection and processing of any personal data that XUMO’s business partners share with XUMO.

This Privacy Policy has been drafted in English and has been translated into other languages. In the event of any discrepancy between the English and the translated texts, the English text shall prevail and be used to resolve any conflicts.  We reserve the right to further revise this privacy policy in the future, in the event that we change or modify the Services, or implement new technologies.  We further reserve the right to revise this privacy policy to conform to changes to the legal bases for processing or to the corresponding data protection laws.

(b) The personal data that we collect from you

XUMO collects and processes personal data related to your use of and interactions with the Service/application and in order to provide you with the Services, to respond to you and to share information with our business partners related to your use of the Service.  The types of personal data that we may collect are identified in Section 1 of this Privacy Policy. 

 (c) How we collect your personal data

We collect your personal data in a number of ways as described below. 

6.1  Information you give to us directly

Please refer to Section 1(a) of this Privacy Policy.

6.2 Personal data that we collect automatically

Please refer to Sections 1(b) and 10 of this Privacy Policy and Our Cookie Information Policy for more details in relation to our use of cookies and other tracking technologies.

6.3 Information from third parties

In instances where our Services are integrated into your TV or are delivered through an application on your TV or other streaming device, we may collect information about your device or household from the relevant TV or streaming device manufacturer. 

(d) How we use your personal data

Please refer to section 3 of this Privacy Policy for the details of how we use your personal data.   Under data protection laws we must have a lawful basis for processing your personal data. We have indicated the lawful bases that we rely on below in the headings.

Where we rely on legitimate interest as this lawful basis, our legitimate interest is necessary for promoting our business, improving the services that we offer to you and your experience when you interact with us, and ensuring effective operational management and internal administration of our business and the exercise of our rights.

6.4 To fulfil contracts

If you enter into a contract with us (for example by downloading our app so that you may watch our programming), we need to process personal data in order to fulfil the contract by providing the Services. If we cannot process your device/browser information and IP address, we will not be able to provide the Services/application to you.

6.5 Where we have your consent

We ask for your consent to send you direct marketing communications and serve you personalised advertisements. You can choose to unsubscribe at any time as explained in ‘your rights’ below or opt out from receiving personalised advertisements as described in our Cookie Information Policy.  As explained in that policy, you can opt out of receiving interest-based advertising on our connected devices app by adjusting your personalised advertising choices in the settings menu. 

6.6 Where we have a legal obligation

To protect, investigate, deter and report fraudulent, unauthorised or illegal activity in connection with your use of our Services or the security of our platform. 

6.7 Where we have a legitimate interest

We may process your personal data where it is necessary for our legitimate interests as a business in the following situations:

Account management and record keeping and correspondence in relation to products and services you receive from us.

  • Fraud detection and checks.
  • To respond to any enquiries, information requests or complaints that you make to us or that are made about you.
  • To inform you of upcoming events, promotions or programming, and communicate with you about these, where you have shown an interest.
  • To send you marketing communications when you have not objected to receiving such communications from us.
  • To contact you for your views and feedback on our Services.
  • To assist with internal record keeping.
  • To provide you with, and maintain the quality of, our Services and to analyse the use of our Services in order to help to guide improvements.

Where we rely on legitimate interest as a ground for processing your personal data, we carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests, before we go ahead with such processing.

(e) Personal data sharing and disclosure

Please see section 4 of this Privacy Policy.   In addition, we inform you of the third-party service providers that we currently use to assist us in operating our website/application with whom we may share your personal data.

  • SpotX: we use the connected television advertising service SpotX, to select and show you personalised ads that make our website/application more interesting for you and provide insights on that advertising. This involves collecting statistical information about you, which is processed by our advertising partners. SpotX uses tracking technologies such as web beacons in order to place a cookie on your device, which makes it possible to specifically target Internet users with advertising once they have demonstrated an interest in our Services.  We use SpotX to assist us in tailoring our Services to your interests, to ensure that you don’t see the same add too many times, and to provide analytics that help us to improve our Services.  SpotX’s server is located in the USA and you can learn more about their privacy practices at https://www.spotx.tv/privacy-policy/
  • Freewheel: we use the online advertising service Freewheel, to select and show you personalised ads that make our website/application more interesting for you and provide insights on that advertising. This involves collecting statistical information about you, which is processed by our advertising partners. Freewheel uses tracking technologies such as web beacons in order to place a cookie on your device, which makes it possible to specifically target Internet users with advertising once they have demonstrated an interest in our Services.  Freewheel’s server is located in the USA and you can learn more about their privacy practices at http://freewheel.tv/privacy-policy/
  • Oath: we use the online advertising service Oath to select and show you personalised ads that make our Services/application more interesting for you and provide insights on that advertising. This involves collecting statistical information about you, which is processed by our advertising partners. Oath uses tracking technologies such as web beacons in order to place a cookie on your device, which makes it possible to specifically target Internet users with advertising who have already demonstrated an interest in our Services.  Oath’s server is located in the USA and you can learn more about their privacy practices at https://www.verizonmedia.com/policies/us/en/verizonmedia/privacy/.
  • Telaria: we use the online advertising service Telaria to select and show you personalised ads that make our Services/application more interesting for you and provide insights on that advertising. This involves collecting statistical information about you, which is processed by our advertising partners. Telaria uses tracking technologies such as web beacons in order to place a cookie on your device, which makes it possible to specifically target Internet users with advertising who have already demonstrated an interest in our Services.  Telaria’s server is located in the USA and you can learn more about their privacy practices at https://telaria.com/privacy-policy/.
  • HubSpot: We use HubSpot to provide customer support services, including accepting customer complaints and providing tech support for our Services/application.  HubSpot receives your personal information when you contact them for customer support and processes that data in the EEA. You can learn more about HubSpot’s privacy practices at https://legal.hubspot.com/privacy-policy

XUMO will not sell, rent or transfer your personal data to third parties without your consent or for reasons inconsistent with the purpose for which the data were originally collected or for other purposes authorised by law.

(f) Storage, transfer and retention of your personal data

Your personal data is generally stored on our server located in the EEA but as discussed above limited data may be transferred to our advertising and analytics partners in the USA. Where XUMO transfers your personal data from within the EEA to a country outside the EEA, we ensure adequate security measures are in place to offer protection for your personal data equivalent to that which it would receive within the EEA and in compliance with applicable data protection law. We have in place EU Model Contractual Clauses as an adequate safeguard for transfers outside the EEA. For further details of how we safeguard your personal data transferred outside the EEA (including how to obtain a copy of such safeguards), please contact us at privacy@xumo.com.

Personal data processed by XUMO will be retained only for as long as is necessary to fulfil the purposes outlined in this Privacy Policy. This will generally (but not in all cases) be for the duration of your use of our Services, to comply with our legal obligations or to protect XUMO’s rights. When determining the relevant retention periods for your personal data, we will take into account factors including:

  • our contractual obligations and rights in relation to the personal data involved;
  • legal obligation(s) under applicable law to retain data for a certain period of time;
  • statute of limitations under applicable law(s) which is the period during which contractual claims could be brought;
  • our legitimate interests where we have carried out balancing tests (see section on ‘How do we use your personal data’ above);
  • (potential) disputes; and guidelines issued by relevant data protection authorities

(g) Your rights

By law, you have a number of rights (subject to certain conditions) when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country.

RightsWhat does this mean?
Your right to object to processingYou have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential offers or opportunities). Unsubscribing from newsletters and email marketing communications can most easily done by clicking on the unsubscribe link at the bottom of any email we have sent to you or, alternatively, by modifying your account settings and preferences.
Your right to be informedYou have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we are providing you with the information in this Privacy Policy.
Your right to access your personal dataYou have the right to obtain access to your personal data (if XUMO is processing it), and certain other information (similar to that provided in this Privacy Policy).

This is so that you are aware and can check that we are using your personal data in accordance with data protection law.
Your right to update and rectificationYou are entitled to have your personal data corrected if it is inaccurate or incomplete.

You are generally able to review, correct or update your personal data at any time by accessing your account on the XUMO Platform where it has been created. However, you may choose to send us a written request to do so on your behalf at any time.
The right to erasureThis is also known as ‘the right to be forgotten’ and, in simple terms, it enables you to request the deletion or removal of your personal data where there is no compelling reason for XUMO to keep using it. This is not a general right to erasure, there are exceptions.

You are generally able to delete your personal data at any time by accessing your account on the XUMO Platform where it was created. However, you may choose to send us a written request to do so on your behalf at any time.
Your right to restrict processingYou have rights to ‘block’ or suppress further use of your personal data. When processing is restricted, XUMO can still store your personal data, but will not use it further. We keep lists of people who have asked for further use of their personal data to be ‘blocked’ to make sure that the restriction is respected in future. However, please note that at a minimum we require access to your IP address and device information to provide our Services to you, so if you request that we block use of your personal data, you will be unable to use our Services.
Your right to data portabilityYou have rights to obtain and reuse your personal data for your own purposes across different services.
Your right to lodge a complaintYou have the right to lodge a complaint about the way XUMO handle or process your personal data with your national data protection regulator by contacting the applicable data protection regulator directly.
Your right to withdraw consentIf you have given XUMO your consent to anything that we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything that we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to our use of your personal data for marketing purposes.

You can exercise any of these rights by emailing us at privacy@xumo.com with the subject line “Privacy Rights”. Please note that we may require you to provide proof of your identity before we can respond to your request.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

  • baseless or excessive/repeated requests, or
  • further copies of the same information.

XUMO may refuse, restrict or defer the provision of information where XUMO has the right to do so under current data protection legislation.

Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will come back to you and let you know.

If you are not satisfied with our response to a complaint that you have made, or think that we are not complying with data protection law, you can make a complaint to the data protection regulator in your country.  Contact information for EEA data protection authorities may be found at https://edpb.europa.eu/about-edpb/board/members_en, for the UK data protection authority at https://ico.org.uk/make-a-complaint/ and for the Swiss data protection authority at https://www.edoeb.admin.ch/edoeb/en/home.html.

(h) Data security

We want you to feel confident about using the XUMO Services/application. Therefore, XUMO defines and implements reasonable technical and organisational measures necessary to maintain the security of personal data, according to the nature of the personal data processed and the circumstances of the processing, with the objective of avoiding unauthorised processing or access, alteration or loss, to ensure the confidentiality, integrity and availability of the data.

XUMO uses industry-standard SSL encryption to protect data transmissions. If you communicate with XUMO otherwise than via XUMO Services/application (e.g. by email), please be advised that the security of your communications is uncertain and confidentiality cannot be guaranteed. By sending sensitive or confidential email messages or information which are not encrypted, you accept the risk of such uncertainty and possible lack of confidentiality.

(i) Profiling

We may use the personal data that you provide to us to better understand your interests so that we can try to predict what other products, services and information you might be most interested in. We call this profiling. This enables us to tailor our communications and those of our third parties to make them more relevant and interesting for you. 

If you don’t want us to do this, you may opt out here: http://www.networkadvertising.org/choices/, http://www.aboutads.info/ or http://youronlinechoices.eu/

We do not use your personal data to make automated decisions about you that may have legal effects or otherwise significantly impact you.

(j) Children’s privacy

XUMO will not knowingly collect personal data from or about children in the EEA, UK or Switzerland under thirteen (13), or knowingly allow minors between thirteen (13) and sixteen (16) to register as users without parental permission. If a parent or legal guardian becomes aware that his or her child under sixteen (16) has registered as a user without their consent, he or she should delete the relevant account or, if this is not possible, inform XUMO immediately. If XUMO becomes aware that a child under thirteen (13) or between thirteen (13) and sixteen (16) but without parental permission has registered as a XUMO user, their access as a user will immediately be denied and their account deleted as quickly as possible (including all personal data associated with that account).

If you believe that XUMO might have any personal data from or about a child under thirteen (13), please notify us by email at privacy@xumo.com

(k) Links to other sites

If any part of the XUMO Services/application link to other websites, those websites do not operate under this Privacy Policy. If you choose to visit an advertiser or click on another third-party link, you will be directed to that third party’s website. We do not exercise control over third-party websites and therefore recommend that you examine the privacy policies posted on these other websites to understand their procedures for collecting, using and disclosing personal data.

7. Data transfers

We and our service providers transfer your personal information to, or store or access it in, other countries where the laws may not provide levels of protection for your personal information that are equivalent to the protection provided by the laws of your home country. When we do this, we take steps to ensure that your personal information receives an appropriate level of protection through contractual requirements imposed on the recipient of the information.

8. Children’s privacy

We are do not knowingly collect personal information from children under the age of thirteen (13). If you are a parent or guardian and you believe that your child under the age of thirteen (13) has provided us with personal information without COPPA-required consent, please contact us at the email address listed in the Contact Us section below.

9. Choices

(a) Promotional emails

You can opt out of receiving promotional emails by following the instructions in those messages. If you opt out of receiving promotional emails from us, we may still send you non-promotional emails.

(b) Mobile push notifications

When you consent, we may send promotional and non-promotional push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.

(c) Cookies and similar technologies

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies.

10. Questions or complaints

If you have a question about our Privacy Policy, data practices or the choices available to you, please contact us using the information below. If we are not able to address your concern and you are a resident of the EEA, you have the right to lodge a complaint with the Data Protection Authority where you live or work, or where the issue took place. For contact details of your local Data Protection Authority, please see http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.

11. Additional information for California residents

In this section, we provide information, as required under California privacy laws, including the California Consumer Privacy Act (“CCPA”), which requires that we provide California residents with certain specific information about how we handle their personal information, whether collected online or offline. This section does not address or apply to our handling of publicly available information made lawfully available by state or federal governments or other personal information that is subject to an exemption under Section 1798.145(c)–(f) of the CCPA.  

Categories of personal information that we collect and disclose. Our collection, use and disclosure of personal information about a California resident will vary depending upon the circumstances and nature of our interactions or relationship with such resident. The table below sets out generally the categories of personal information (as defined by the CCPA) about California residents that we collect, sell and disclose to others for a business purpose. We collect these categories of personal information from the sources and for the purposes described above.

Categories of personal information collected Do we collect?Do we disclose for business purposes?
Name, contact info and other identifiers such as an online identifier and Internet Protocol address. YesYes
Purchase history and tendencies such as products or services purchased, obtained or considered, or use histories or tendencies.NoNo
Usage data such as Internet or other electronic network activity information, including, but not limited to, browsing history, clickstream data, search history and information regarding a resident’s interaction with an Internet website, application or advertisement.YesYes
Audio, video and other electronic data: audio, electronic, visual or similar information such as call recordings.NoNo
Profiles and inferences such as inferences drawn from personal information to create a profile reflecting a resident’s preferences, characteristics, psychological trends, predispositions, behaviour, attitudes or intelligence.YesYes

Categories of personal information sold. The CCPA defines a “sale” very broadly as disclosing or making available to a third party personal information in exchange for monetary or other valuable consideration. While we do not disclose personal information to third parties in exchange for monetary compensation from such third parties, we do disclose or make available personal information to third parties in order to receive certain services or benefits from them, such as when we allow third-party tags to collect information such as browsing history on our sites, in order to improve and measure our ad campaigns. The categories of personal information that we may “sell” within this broad definition in the CCPA includes:

  • Name, contact information and other identifiers
  • Usage data
  • Profiles and inferences

California residents’ rights. California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below.

Do not sell. California residents have the right to opt out of our sale of their personal information. You may submit a request to opt out of the sale of your personal information by visiting www.XUMO.com/ccpa

Initial notice. We are required to notify California residents, upon or before the point of collection of their personal information, about the categories of personal information collected and the purposes for which such information is used. You can find this notice at the top of this Policy.

Verifiable requests to delete and requests to know. Subject to certain exceptions, California residents have the right to make the following requests, at no charge:

Request to delete. California residents have the right to request deletion of their personal information that we have collected about them and to have such personal information deleted, except where an exemption applies. 

Request to know. California residents have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by post or (b) electronically in a portable and, to the extent technically feasible, readily usable format that allows the individual to transmit this information to another entity without hindrance. California residents also have the right to request that we provide them with certain information about how we have handled their personal information in the prior 12 months, including the:

  • categories of personal information collected;
  • categories of sources of personal information;
  • business and/or commercial purposes for collecting and selling their personal information;
  • categories of third parties with whom we have disclosed or shared their personal information;
  • categories of personal information that we have disclosed or shared with a third party for a business purpose; and
  • categories of third parties to whom the residents’ personal information has been sold and the specific categories of personal information sold to each category of third party.

California residents may make a request to know up to twice every twelve (12) months.

Submitting requests. Under the California Consumer Privacy Act (CCPA), California Residents (Consumers) have the right to submit a request to know, request to delete, or request to opt out of the sale of their personal information. However, the CCPA also requires XUMO to reasonably verify each request to know or request to delete before responding.

You may submit a request to opt out of the sale of your personal information by going to www.XUMO.com/ccpa. However, XUMO currently has no way to reasonably verify a consumer’s identity and we are therefore not able to fulfil requests to know or requests to delete. We will respond to verifiable requests received from California residents as required by law.

Right to non-discrimination. The CCPA prohibits “discrimination” against California residents for exercising their rights under the CCPA. The CCPA definition of discrimination may include where a business denies or provides a different level or quality of goods or services, or charges (or suggests that it will charge) different prices, rates or penalties to residents who exercise their CCPA rights, unless doing so is reasonably related to the value provided to the business by the residents’ data. 

Financial incentives. A business may offer financial incentives for the collection, sale or deletion of California residents’ personal information, provided that the incentive is not unjust, unreasonable, coercive or usurious, and is made available in compliance with applicable transparency, informed consent and opt-out requirements. California residents have the right to be notified of any financial incentive offers and their material terms, the right to opt out of such incentives at any time, and may not be included in such incentives without their prior informed opt-in consent. 

Your rights under California’s Shine the Light law. Under California’s “Shine the Light” law (Cal. Civ. Code § 1798.83), California residents who provide us with their personal information are entitled to request and obtain from us, free of charge, information about the personal information (if any) that we have shared with third parties for their own direct marketing use. Such requests may be made once per calendar year for information about any relevant third-party sharing in the prior calendar year (so, requests submitted in 2020 would be applicable to relevant disclosures (if any) in 2019). If you are a California resident and would like to make such a request, please submit your request in writing by emailing us at privacy@xumo.com, using the subject line “Request for California Privacy Information”. In your request, please attest to the fact that you are a California resident and provide a current California address. We will reply to valid requests by sending a response to the email address from which you submitted your request. Please note that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing and the relevant details required by the Shine the Light law will be included in our response.

For more information about our privacy practices, you may contact us as set forth in the Contact Us section below.

12. Contact us

If you have any questions or concerns regarding our privacy policies, please send a detailed message to our support team, and we will try to resolve your concerns, or you may contact our Privacy Officer at: privacy@xumo.com or by post at XUMO, 3347 Michelson Dr, Suite 150, Irvine, CA 92614, USA (Attn: Legal Department).

© 2020, XUMO, LLC. All rights reserved.