Ringside Data

Privacy Policy

Last updated: 1 April 2021

Ringside Data Ltd (“Ringside“, “we“, “us“) offers analytical tools to advertisers, advertising networks and agencies to help them understand the performance of their marketing activities. Please know that you must be over 18 to access and use our Website and services.  

What this policy is for and why you should read it

This policy will go through and describe how we collect, store, use and disclose data and information we gather about you through our “Website” ringside.ai, our marketing data platform and other platforms where we directly reference this policy operated by us where we act as “controller” for the purpose of Data Protection Legislation (we’ve defined this below). 

Whilst this policy applies where we act as a “controller”, we think it’s also important to let you know that under Data Protection Legislation, we are generally a “processor” of any personal data that we process on behalf of our Customers (i.e. our paying customer of the Ringside platform). This broadly means that they decide what we can do with it and are responsible for providing you with any information in relation to how your personal data is processed.  Please know that we can’t answer any questions about your personal data where we are acting as “processor”. This is the responsibility of our Customers (acting as “controller”) – so please check out their privacy policies for further detail as to how they use personal data.

As mentioned above, this policy will apply wherever we act as “controller”, for example:

  • Where we collect personal data through interactions with our Website to how visitors are using it and whether certain bits are more helpful than others, including through the cookies we use on the website
  • Where we process personal data to comply with our own legal obligations or to perform a contract with a Customer outside of the “processor” role
  • Where we process business contact information for our internal administration, such as processing the email address and name of our contacts at our Customers
  • To notify our Customers, business partners and other business customers of our services and improvements
  • Where we process certain pseudonymised personal data to improve our services and as otherwise set out in this policy

Two important definitions for this policy (and apologies for the legal jargon but these are important) are “pseudonymisation” and “Data Protection Legislation“:

  • Data Protection Legislation“, which means the laws applicable from time to time that relate to the processing of personal data and/or privacy, including without limitation, the UK Data Protection Act 2018, the UK GDPR and, if applicable, the EU GDPR, in each case as in force as at the date of this policy, or as re-enacted, applied, amended, superseded, repealed or consolidated, and including any legally binding regulations, direction, and orders issued from time to time under or in connection with the relevant legislation, and as applied and amended from time to time.  “EU GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679), and  “UK GDPR” means the EU GDPR as implemented in UK law following the UK’s departure from the EU (as defined in the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019/419).
  • pseudonymisation” is the process by which we ensure that the personal data we process for or receive from our Customers cannot be attributed to any specific person without additional informationThis means that we never receive from our Customers  and ask our Customers never to provide your name, contact details or financial details or any other identifier that by itself could identify you.  We believe this is really important in protecting your privacy and always ask our Customers to make sure that they “pseudonymise” personal data before providing it to us.  The only exception to this are our business contacts – i.e. we do need to know the name and contact details of our contacts at our Customers so that we can talk to them about the services we’re providing to them!

If you have any questions, you can always contact our Data Protection Officer, Matthew, at matthew@ringside.ai, who would love to talk to you, or you can email our legal team (legal@ringside.ai) and we will get back to you.  

Personal Data CollectionWhere and how you or our Customers might provide us with or we might otherwise capture personal data

Our Website and Customer platform

When you contact us, such as if you have requested to learn more about our services or are thinking about becoming a Customer, whether online, submitted through the forms available on our Website, via telephone, via email, in writing, or otherwise, or when instructing us, you may provide personal data about yourself, including your name, address, telephone number, date of birth, job title and function, and other personal data concerning your preferences relevant to our services. On occasion, it may be that a colleague of yours may provide us with your information in this process – such as where you might be our ongoing contact at your organisation.

If you or your organisation are a Customer, we will likely provide you with a login to access our Customer platform, which may involve taking your email address and generating an initial password for you. We may also track your experience or get your feedback on our Customer platform so that we can assess how useful it is to you and think about areas for improvement.  

We capture certain information about your device, browser and usage of the Website and Customer Platform using the Ringside tags and certain third party platforms (please see the section on Cookies and third party platforms below). We also capture the IP addresses of visitors to our Website to allow for a blacklist of IP’s so we can keep our Website and systems secure.  Please know that we do not store any IP addresses – we only keep what’s called “salted” and “hashed” versions, which broadly means we add a random extra piece of information and then scramble it so that we can identify if you visit our Website again, but we cannot see the IP address itself.  Certain of our third party partners may capture other information about your usage of our Website (please see the section on Cookies and third party platforms below). 

Business contact information

If you or your organisation become a Customer or are one of our suppliers or other business partners, you or your organisation may provide us with further personal data in the ordinary course to administer our relationship, such as business contact details to discuss your or our requirements, administer your iteration of our Customer Platform or to otherwise contact you. Some of this personal data may be collected from public sources, such as your/your organisation’s website.

When instructing us, or if you or your organisation provide services to us, you may provide personal data including your bank account and other data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information.

We may also collect information relating to when you visit our premises, such as access times and requirements.

Data from Customer services

We may use certain pseudonymised/anonymised and aggregated data (that we obtain in connection with the provision of services to our Customers) to assess and improve our services. This may be provided to us by Customers or collated from providing our services to our Customers, such as through their website, direct data access or via APIs. For example, this could include historic data on product and sale performance which can help guide our machine learning to understand past trends and product performance.  We and/or our Customers always anonymise or pseudonymise this data. 

Legal requirements and other business purposes

We may also process certain personal data in connection with our legal rights or obligations, such as holding a copy of our signed engagement with you or your organisation.

Service providers

Our Customers may sometimes put us in contact with their other service providers to better support the services we provide to them.  In these circumstances we may also receive certain aggregated data to build up an overview of the impact of our services over time.  On occasion we may also share the resulting information with the relevant Customer’s service provider. For example, keyword performance can be aggregated for a period of time so that an attributed CPA is aggregated in our dashboard and made available to our partners. 

Information about those related or otherwise connected to our employees

We sometimes ask our colleagues to provide details of their next of kin for the purpose of our emergency scenario planning or in case an incident occurs at work.  We may also ask for details of their dependents, spouses and/or other people in relation to their employee benefits and pensions arrangements.  We will only ever use this information for the benefit of our staff and for the purpose it was provided.

Public information

We may also process certain personal data where you have made such personal data public (such as through social media or business contact information sites).

Leads and other business partnerships

We sometimes receive business contact information from our Customers, business partners and other third parties that help us generate leads.  For example, our Customers sometimes love us so much that they tell their customers about us or put us in touch with their contacts at other businesses. 

Children

You must be over 18 to access and use our Website and services.  Generally, we do not knowingly collect or retain any personal data relating to individuals under 13.  On occasion, we may be asked by our Customers to process such information, such as where the Customer is a children’s toys retailer or provides services for children.  In such instances we ask our Customers to help us identify information relating to children to meet our obligations under Data Protection Legislation.  Once our services to those Customers end, we will anonymise and/or delete such information.  If you are aware of any cases where we would hold any personal data relating to children please let us know at legal (legal@ringside.ai).

Special category and criminal offence dataA quick note on “special category” personal data – such as health, diversity or sexual orientation information – and any personal data relating to any criminal offences or proceedings

Under Data Protection Legislation we have greater obligations in relation to processing special category and criminal offence data.  When we act as controller, we will only ever process any such information in very limited circumstances, such as set out below. Please know that we take our responsibilities in relation to such sensitive data very seriously and will only retain it for as long as strictly necessary and then delete such information.

  • Where you have some exciting personal news or are celebrating a religious festival which means you may be away from your office or role for a while
  • Where you are unable to make a meeting with us because you or another person is unwell, or are taking an extended period of time away from the office for health reasons, and you choose to let us know
  • Where we want to make sure that you’re comfortable in our offices and you need us to make certain adjustments or be aware of a certain physical condition or allergy, and you choose to let us know
  • Where we believe you may have committed a crime, such as fraud, or breached our terms of service and we need to provide that information to law enforcement or use it to establish, exercise or defend a legal claim
  • In times of a health crisis, epidemic or pandemic, such as during the Covid-19 pandemic, and you visit our premises or attend a meeting with our staff and later feel unwell, we may ask you to let us know so that we can make sure our staff are aware or take any steps we are required to as part of any “track and trace” system
  • If you are a contact of ours at a Customer that is a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim, and that reveals certain information or you otherwise choose to let us know 
  • If you are a person connected to one of our colleagues such as a dependent, partner or spouse and you are a beneficiary of their employee benefits or pensions arrangements and your relationship to them reveals information about you

Personal Data Use and DisclosuresHow we may use and disclose personal data

Internal business processes

We will use the personal data we collect to provide our services and run our internal business affairs, including internal record keeping and the protection and security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities.

Customers

On occasion we may also use your contact information to congratulate you on work or personal accomplishments and events or to invite you to celebrate the holidays seasons with us, such as to send you a card to wish you a Happy Christmas!

Where we have your permission (or otherwise have the right to do so) we may use website visitors’, Customers’ and other business contacts’ and leads’ contact details to send emails, SMS, push notifications or just say hello and let you know about the types of things that we’re doing.  Recipients can opt-out at any time from marketing or promotional messages by emailing legal (legal@ringside.ai).

Where we have your permission to do so, if you or your organisation are a prospective, current or former Customer and you have provided us with a review or reference, we may publish that information together with your name, photo, role and organisation on our Website to help other prospective customers to find our services.

Customers’ end users

Where a Customer has provided us with their permission, we may share certain pseudonymised or anonymised aggregated datasets between Customers to better provide our services to those Customers.  If you are a data subject of such datasets, it is the Customer’s responsibility to obtain any necessary permissions and provide any relevant information.  We would therefore ask you to review their privacy policies for further information. We and/or our Customers always anonymise or pseudonymise this data.

Service Providers

As with every business, certain of our service providers may also process personal data on our behalf, such as our hosting, email and maintenance and support service providers.

In addition, as we said above, we may share the results of our analysis of aggregated data with 3rd parties to support their services to our Customers. 

Disclosures for a legal or regulatory obligation or to enforce our legal rights

We may disclose information about you: (i) if we are required to do so by law, regulation, or legal process, such as a court order or subpoena or request from a competent regulator; (ii) in response to requests by government agencies, such as law enforcement authorities; (iii) when we believe disclosure is necessary or appropriate to protect against or respond to physical, financial or other harm, injury, or loss to property; or (iv) in connection with an investigation of suspected or actual unlawful activity such as a breach of our terms of service. For more information on this please email Matthew, our Data Protection Officer, on the email below or our legal team (legal@ringside.ai).

Merger, Sale, or Other Asset Transfers

We reserve the right to transfer your information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company, as part of an internal reorganisation or if we sell, liquidate, or transfer all or a portion of our assets.

Consent or at your request

We may also disclose your information with your permission or where you have requested us to do so, such as where you ask us to put you in contact with a third party. 

Third party marketing

If you’re one of our Customers or another of our business contacts, sometimes we may put you in touch with another business partner whose services we think would be a great fit for you or your organisation.  We hope the two of you hit it off, however, we appreciate that sometimes the inboxes can get a bit full so please let us know if you would rather we didn’t do this. (Please know that we make sure that we only do this where we have you or your organisation’s permission, (or another legal basis for doing so).)  

In addition, we may share anonymous and aggregated reports and information on Customer users’ demographics and traffic patterns with third parties or for marketing purposes.

Data Aggregation

We may also process certain aggregated and anonymised data to analyse and improve our services, including to train machine learning algorithms to deliver those services, and to compile and produce insights into different marketplaces and trends. Sometimes we might also provide these aggregated and anonymised datasets to other businesses to help them do the same or improve their services.

Legal bases for processingWhich legal bases we rely on for processing personal data

The legal basis on which we hold your personal data is primarily for the purpose of pursuing our legitimate interests as a business which offers analytical tools to advertisers, advertising networks and agencies to help them understand the performance of their marketing activities. In some instances we may rely on your express consent to use your personal data, but we will let you know (and give you the chance to withdraw consent) if we do. In some instances we may use your personal data in order to enable us to perform a contract which we have in place with you or to comply with our legal obligations.

In the limited circumstances where we might process special category data, we will only process it where (i) we have your consent, (ii) to protect your vital interests (where you are physically or legally incapable of giving your consent), (iii) where it is necessary for establishing, exercising or defending a legal claim, (iv) where it is necessary in connection with our employment and social security obligations and rights, or (v) where it is necessary for reasons of substantial public interest.

Data StorageWhere and how long we hold data

Data storage and systems

We hold all our data in the Google Cloud Platform and comply with all their advised security advisories. We have implemented technical and physical safeguards that are designed to protect and secure our systems that hold personal data, including our continued work towards ISO 27001 compliance. 

As we are an internet based service, please note that we cannot guarantee the security of information and communications that you transmit to us over networks that we do not control and therefore cannot be held responsible for any such transmission of information.

Retention of your data

We will only keep your personal data for as long as we reasonably require and, in any event, only for as long as Data Protection Legislation and our own internal rules and policies allow. 

Transfers to Third CountriesWhen we might transfer personal data to locations outside the UK

We hold all our data in the Google Cloud Platform on Google’s servers located in the EU. We will make such transfers pursuant to the UK’s adequacy decision in favour of the EU.

Where we do transfer personal data from our systems in the UK to our systems or third parties located outside the UK, we will only do so in accordance with Data Protection Legislation and where one of the following applies (in each case according to which Data Protection Legislation might apply in the relevant situation):

  • UK Data Protection Legislation (including the UK GDPR and the UK Data Protection Act 2018) applies and the transfer is to a country which has been assessed by the UK Government as ensuring an adequate level of protection for personal data; 
  • EEA Data Protection Legislation (including the EU GDPR) applies and the transfer is to a country which has been assessed by the European Commission as ensuring an adequate level of protection for personal data; or
  • a written agreement has been entered into between the relevant parties which incorporates the “model clauses” as approved by the European Commission (or some other form of data transfer mechanism approved by the UK Government) to protect your personal data as required by Data Protection Legislation. A copy of the model clauses can be found on the European Commission website or at the link here.

Your Rights under Data Protection LegislationWhat rights you have in relation to our processing of your personal data

You have certain rights in relation to your personal data – for example the right to request that we erase your personal data (or part thereof) at any time, which we will comply with unless we have a lawful reason to keep your information (for example, to comply with our legal obligations).

You also have the rights, subject to certain exemptions, to:

  • see the personal data we hold about you, and withdraw any consent you may have given to us to hold and use that personal data;
  • ask us to make any changes to ensure that any personal data we hold about you is accurate and up to date; 
  • object to or request that we restrict of our processing of your personal data; and
  • in some cases ask us to transfer any personal data you have provided to us to a specified third party. 

If you wish to exercise any of these rights, please contact us at the email address set out below.  Please do ensure that any personal data you provide us with is accurate and complete and notify us of any changes to your personal data as soon as possible so that we can update our records.  

We believe that pseudonymising personal data is an important step to keeping our data secure and protecting your privacy as it makes it very difficult to attribute any information we hold to a specific individual.  Please know that because almost all of the personal data we hold is pseudonymised, we may not be able to identify your personal data without you providing certain further information, such as your cookie ID or the userID that was generated by the relevant Customer who holds your personal data.  We may therefore need to request further information from you before we can fulfil your request.  We are really proud of our technology and how our approach protects you – if you have any questions, please do get in touch with Matthew matthew@ringside.ai as we’d love to talk you through it. 

If you feel we haven’t handled your personal data correctly, we really do hope you contact us first (Matthew is always willing to chat), however, if we aren’t able to sort the problem, you also have the right to make a complaint to the Information Commissioner’s Office, the data protection regulator in the UK, or, in cases where the EU GDPR applies, one of the competent European data protection regulators (https://edpb.europa.eu/about-edpb/board/members_en). 

ProfilingWhen we may collate data together to build pseudonymised and anonymised user profiles

Please know that we only receive pseudonymised information from our Customers. We may sometimes link pseudonymised personal data we collect from different locations to build up certain pseudonymised user profiles.  For example, we may link information you provide to us when accessing our Website to certain information that is provided to us about you by our Customers.  

Cookies and third party platformsHow we use cookies and similar technologies and third party use of cookie information

Our use of cookies and third party platforms

We use a number of 1st and 3rd party cookies and other platforms on our Website.  We will only store any such cookies on your web browser if (i) they are strictly necessary for the functioning of our Website, or (ii) you have provided your consent for us to do so. 

We also use a number of 3rd party cookies and platforms on our Website to enable its functionalities and which allow us to understand the performance of our activities and provide support services to both new visitors and Customers alike. These platforms may be capturing information on your browser, browser settings, Customer marketing campaign details and Website usage for our purposes.

We may also integrate 3rd party advertising pixels in our Website and marketing communications.

For a complete list of the cookies and similar technologies that we use and to provide or withdraw your consent to such cookies, please see our cookie banner here.

We may also use our 1st and 3rd party cookies and other platforms in the provision of Services to our Customers.  Please note that the relevant Customer is obliged to obtain your consent and provide you with any relevant information in respect of these cookies – so please do get in touch with them if you have any questions.

Please note that we do not currently integrate with “Do Not Track” settings on web browsers.

Use of cookie and third party platform data by third parties

The relevant network advertiser providing such 3rd party platform, cookie or pixel may use the information gathered via these devices and other information they have collected about you to deliver targeted advertisements for products and services in which you might be interested on their and their other clients’ behalf. For example, Google Analytics may collect your IP address and certain information with how you interact with their platform on our Website. If you want to find out more about the way they capture information and how to opt out visit their site found at https://tools.google.com/dlpage/gaoptout.  

If you prefer not to receive targeted advertising, you can opt-out of some network advertising programs that use your information. To do so, please visit the Digital Advertising Alliance (DAA) Opt-Out Page: http://www.aboutads.info/choices  

ChangesWhen we may change this policy and where you should go to see the updates

This privacy policy may change at any time without prior notice to update any changes in the ways of working or relevant laws or in the event that we change how we provide our services. The latest and most updated version of this policy can always be found linked to from every page in the public Ringside website. The latest date of update can be found at the top of this document. Any significant changes will be emailed out through our platform, push notifications, emails or other communication for Customers who have not opted out of such communications.

ContactHow you can get in touch with us to chat about all things data protection

If you have any questions or concerns we would love to speak to you.  You can always contact our Data Protection Officer, Matthew, at matthew@ringside.ai, who would love to talk to you or you can email our legal team (legal@ringside.ai) and we will get back to you.  

In case you missed it at the top of this policy, please note that this policy only applies where we act as “controller” of personal data.  Where we act as “processor” (i.e. we only process personal data on the instruction of another party, such as a Customer), we are required to direct any questions you may have to the relevant Customer for them to answer such questions.