Privacy Notice

EFFECTIVE September 1, 2024

Privacy Policy (Notice)

This privacy policy (“Policy”) describes how the personally identifiable information (“Personal Information”) you may provide on the tealium.com website (“Website” ) and any of its related products and services (collectively, “Services”) is collected, protected and used. It also describes the choices available to you regarding our use of your Personal Information and how you can access and update this information. This Policy is a legally binding agreement between you (“User”, “you” or “your”) and Tealium Inc. (“Tealium”, “we”, “us” or “our”). By accessing and using the Website and Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.

Automatic collection of information

When you use the Website and Services, we automatically record information that your browser sends. This data may include information such as your device’s IP address, browser type, and version, operating system type and version, language preferences or the webpage you were visiting before you came to the Website and Services, pages of the Website and Services that you visit, the time spent on those pages, the information you search for, access times and dates, and other statistics.

Information collected automatically is used to identify potential cases of abuse and establish statistical information regarding the usage and traffic of the Website and Services.

Collection of personal information

You can access and use the Website without telling us who you are or revealing any information by which someone could identify you as a specific, identifiable individual. If, however, you wish to use some of the features on the Website, you may be asked to provide certain Personal Information (for example, your name and email address). We receive and store any information you knowingly provide to us when you publish content, or fill any online forms on the Website. When required, this information may include the following:

– Personal details such as name, country of residence, etc.

– Contact information such as email address, address, etc.

– Geolocation data such as latitude and longitude.

Some of the information we collect is directly from you via the Website and Services. However, we may also collect Personal Information about you from other sources such as public databases and our joint marketing partners. You can choose not to provide us with your Personal Information when using the Website, but then you may not be able to take advantage of some of the features on the Website. Users who are uncertain about what information is mandatory are welcome to contact us.

Use and processing of collected information

In order to make the Website and Services available to you, or to meet a legal obligation, we may need to collect and use certain Personal Information. If you do not provide the information that we request, we may not be able to provide you with the requested products or services. Any of the information we collect from you may be used for the following purposes:

– Send marketing and promotional communications

– Respond to inquiries and offer support

– Improve the user experience

– Post customer testimonials

– Deliver targeted advertising

– Run and operate the Website and Services

Processing your Personal Information depends on how you interact with the Website and Services, where you are located in the world, and if one of the following applies: (i) you have given your consent for one or more specific purposes; (ii) provision of information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof; (iii) processing is necessary for compliance with a legal obligation to which you are subject; (iv) processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us; (v) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.

Note that under some legislations we may be allowed to process Personal Information until you object to such processing (by opting out), without having to rely on consent or any other of the legal bases above. In any case, we will be happy to clarify the specific legal basis that applies to the processing.

Disclosure of information

Depending on the requested services or as necessary to complete any transaction or provide any service you have requested, we may share your information with your consent with our trusted third parties that work with us. A list of those trusted third-parties can be found here: https://tealium.com/subprocessors/. We do not share Personal Information with unaffiliated third parties. These service providers are not authorized to use or disclose your information except as necessary to perform services on our behalf or comply with legal requirements. We may share your Personal Information for these purposes only with third parties whose privacy policies are consistent with ours or who agree to abide by our policies with respect to Personal Information. These third parties are given Personal Information they need only in order to perform their designated functions, and we do not authorize them to use or disclose Personal Information for their own marketing or other purposes.

We will disclose any Personal Information we collect, use or receive if required or permitted by law, such as to comply with a subpoena or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Retention of information

We will retain and use your Personal Information for the period necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, unless a longer retention period is required or permitted by law. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally. Once the retention period expires, Personal Information shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.

Transfer of information

Depending on your location, data transfers may involve transferring and storing your Personal Information in a country other than your own. When we transfer your Personal Information, we make sure that we take steps to  safeguard your information. If any such transfer takes place, you can find out more by checking the relevant sections of this Policy or inquire with us using the information provided in the contact section.

Data Privacy Framework Program

Tealium complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Tealium has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Tealium has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the Data Privacy Framework Principles, Tealium commits to resolve complaints about our collection or use of your Personal Information. EU, UK, and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact Tealium at privacy@tealium.com or dpo@tealium.com.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Tealium commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

If you do not receive acknowledgment of your complaint within 45 days of receipt from us or if you are not satisfied with our response, you may bring a complaint before the United States Council for International Business (USCIB). The USCIB is the American affiliate of the International Chamber of Commerce, the Business and Industry Advisory Committee to the OECD, and the International Organization of Employers. USCIB has agreed to act as a trusted third party on behalf of the European Union (EU) Data Protection Authorities, the Swiss (FDPIC), and the UK (ICO). For information about how to file a complaint before the USCIB, visit https://uscib.org/. The services of this process are provided at no cost to you. As a last resort and in limited situations, individuals may seek binding arbitration from the Data Privacy Framework Panel.

Rights

You may contact us using the contact information below at any time. In addition, you can refine your data collection and privacy preferences by using our Privacy Manager, where you can decide what data is collected about you based on specific purposes. For example, if you are happy to let us track how you use our website, as long as we do not use that for advertising purposes you can simply disable data collection for advertising purposes, while leaving analytics tracking on in our Privacy Manager (https://tealium.com/preferences).

Tealium’s marketing emails contain instructions, including an “unsubscribe link” on how to opt out of receiving marketing emails from Tealium. You can also unsubscribe here https://tealium.com/preferences.

You can also exercise any of the rights stated below via our Data Subject Access Request page https://tealium.com/data-subject-access-request-form/, by emailing us at  or via postage at the following address: 9605 Scranton Road, Suite 600, San Diego, CA 92121

You may exercise certain rights regarding your information processed by us. In particular, you have the right to do the following

  1. you have the right to withdraw consent where you have previously given your consent to the processing of your information; 
  2. you have the right to object to the processing of your information if the processing is carried out on a legal basis other than consent; 
  3. you have the right to learn if information is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the information undergoing processing; 
  4. you have the right to verify the accuracy of your information and ask for it to be updated or corrected; 
  5. you have the right, under certain circumstances, to restrict the processing of your information, in which case, we will not process your information for any purpose other than storing it; 
  6. you have the right, under certain circumstances, to obtain the erasure of your Personal Information from us; and
  7. you have the right to receive your information in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that your information is processed by automated means and that the processing is based on your consent, on a contract which you are part of, or on pre-contractual obligations thereof.

Choice

If personal data covered by this Privacy Policy is to be used for a new purpose that is materially different from that for which the personal data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party in a manner not specified in this policy, Tealium will provide you with an opportunity to choose whether to have your personal data so used or disclosed. Requests to opt out of such uses or disclosures of Personal Data should be sent to us as specified in the “How to Contact Us” section below. Certain personal data, such as information about medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, is considered “Sensitive Information.” Tealium will not use Sensitive Personal for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless Tealium has received your affirmative and explicit consent (opt-in).

Accountability for Onward Transfer

If you are an EU, UK, or Swiss Individual, where we transfer your personal data to a third party service provider (see above) who performs services for us or on our behalf, we are responsible for the processing of that data by them and shall remain liable if they process your personal data in a manner inconsistent with the DPF Principles referred to on this page, unless we prove that we are not responsible for the event giving rise to the damage.

California privacy rights

In addition to the rights as explained in this Policy, California residents who provide Personal Information (as defined in the statute) to obtain products or services for personal, family, or household use are entitled to request and obtain from us, once a calendar year, information about the Personal Information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of Personal Information and the names and addresses of those businesses with which we shared such personal information for the immediately prior calendar year (e.g., requests made in the current year will receive information about the prior year). To obtain this information please contact us.

You may opt out of “sales” of personal information and “sharing” of personal information for purposes of cross-context behavioral advertising. Where required, we also honor requests to opt out submitted via privacy preference signals recognized under applicable law, such as the Global Privacy Control (“GPC”). For more information on the GPC and how to use a browser or browser extension incorporating the GPC signal, see https://globalprivacycontrol.org/.

How to exercise these rights

Any requests to exercise your rights can be directed to Tealium through the contact details provided in this document. Please note that we may ask you to verify your identity before responding to such requests. Your request must provide sufficient information that allows us to verify that you are the person you are claiming to be or that you are the authorized representative of such person. You must include sufficient details to allow us to properly understand the request and respond to it. We cannot respond to your request or provide you with Personal Information unless we first verify your identity or authority to make such a request and confirm that the Personal Information relates to you.

Privacy of children

We do not knowingly collect any Personal Information from children under the age of 18. If you are under the age of 18, please do not submit any Personal Information through the Website and Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through the Website and Services without their permission. If you have reason to believe that a child under the age of 18 has provided Personal Information to us through the Website and Services, please contact us. 

Cookies

The Website and Services use “cookies” to help personalize your online experience. A cookie is a text file that is placed on your hard disk by a web server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

We may use cookies to collect, store, and track information for statistical purposes to operate the Website and Services. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. 

Do Not Track signals

Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want to have your online activity tracked. Tracking is not the same as using or collecting information in connection with a website. For these purposes, tracking refers to collecting personally identifiable information from consumers who use or visit a website or online service as they move across different websites over time. How browsers communicate the Do Not Track signal is not yet uniform. As a result, the Website and Services are not yet set up to interpret or respond to Do Not Track signals communicated by your browser. Even so, as described in more detail throughout this Policy, we limit our use and collection of your Personal Information.

Advertisements

We may permit certain third-party companies to help us tailor advertising that we think may be of interest to users and to collect and use other data about user activities on the Website. These companies may deliver ads that might place cookies and otherwise track user behavior.

Email marketing

We offer electronic newsletters to which you may voluntarily subscribe at any time. We are committed to keeping your e-mail address confidential and will not disclose your email address to any third parties except as described in this Policy or for the purposes of utilizing a third-party provider to send such emails. We will maintain the information sent via e-mail in accordance with applicable laws and regulations.

In compliance with email marketing laws such as the CAN-SPAM Act, all e-mails sent from us will clearly state who the e-mail is from and provide clear information on how to contact us. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or by contacting us.

The Website and Services may contain links to other resources that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other resources or third parties. We encourage you to be aware when you leave the Website and Services and to read the privacy statements of each and every resource that may collect Personal Information.

Information security

We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information in our control and custody. However, no data transmission over the Internet or wireless network can be guaranteed. Therefore, while we strive to protect your Personal Information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and the Website cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third party, despite best efforts.

Data breach

In the event we become aware that the security of the Website and Services has been compromised or users’ Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will post a notice on the Website, or send you an email.

Changes and amendments

We reserve the right to modify this Policy or its terms relating to the Website and Services from time to time at our discretion and will notify you of any material changes to the way in which we treat Personal Information. When we do, we will revise the updated date at the bottom of this page. We may also provide notice to you in other ways at our discretion, such as through the contact information you have provided. Any updated version of this Policy will be effective immediately upon the posting of the revised Policy unless otherwise specified. Your continued use of the Website and Services after the effective date of the revised Policy (or such other act specified at that time) will constitute your consent to those changes. However, we will not, without your consent, use your Personal Information in a manner materially different from what was stated at the time your Personal Information was collected.

Acceptance of this policy

You acknowledge that you have read this Policy and agree to all its terms and conditions. By accessing and using the Website and Services you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to access or use the Website and Services.

Enforcement

Tealium undertakes to verify compliance with this Policy not less than once per year and in connection with Tealium’s annual review and internal compliance measures. Tealium will use its best commercial efforts to ensure that compliance with this Policy is maintained and that this Policy is accurate, comprehensive, and continues to conform to applicable law. We encourage you to raise and discuss any issues or concerns with Tealium’s Data Privacy Officer directly. Our DPO will address and resolve such complaints regarding the use of data and noncompliance with our Policy.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Tealium commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

Tealium provides information regarding the following through policies and trainings:

  • Tealium is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC)
  • The possibility, under certain conditions, for the individual to invoke binding arbitration
  • The requirement for Tealium to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements
  • Tealium’s liability in cases of onward transfers to third parties

With respect to complaints related to this Policy that cannot be resolved through our internal process, we agree to abide by the dispute resolution procedures established by the Data Privacy Framework.

Contacting us

If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may do so via the contact form https://tealium.com/contact/. You can also email us at privacy@tealium.com or dpo@tealium.com. You can also write us at:

Tealium Inc.

9605 Scranton Road, Suite 600,

San Diego CA 92121

Attn: Legal Department

 

Version History

Date Status Revision Description Reviewer/Approver Title
6/1/2021 Draft 1.0 Initial Draft DJ Landreneau Director Data Privacy
1/22/2021 Approved 1.1 Updated for Privacy Shield DJ Landreneau Director Data Privacy
8/30/2023 Annual Review 1.2 Annual Review and updates for DPF Maltie Maraj Sr. Counsel
8/31/2023 Approval 1.2 Approval DJ Landreneau VP Compliance

 

Policy Review

Policy Review requirements:
Review Period Annual or as Required
Retention Period Life of the company (archived when superseded)
Next Review Date August 2024
Location of policy Privacy Notices
Policy Keyword Search #policy, #privacy
Related Policies/Procedures Cookie Notice