Bounce Exchange is committed to transparency, and we want EU and California data subjects to have access to personal data that we may have about them and/or the devices that they may use to access the Internet. Given that these rights are similar in the EU and California, we refer to them as EU and California data subject rights.
Your EU and California Data Subject Rights
If you make an EU and California data subject rights request as set out in this policy, you are entitled to see the personal data that we have about you including any digital identifiers such as cookie IDs and mobile advertising IDs that Bounce Exchange may store. We will also do our best to provide you with other information that we may have stored and associated with your personal data and digital identifiers—for example, transaction logs reflecting where one of our customers used or attempted to use our services in a way that impacts a website or application that you accessed.
Please note that some of the information we process is owned and/or controlled by our clients as controllers of that data. We provide our customers with tools to help them honor your EU Data Subject Access requests directly. Where we are merely the agents, service providers and/or processors of data, we may be prohibited from processing this data except as directed in writing by those clients. If that’s the case, we will submit your request to the applicable client and await their written instructions. Also, if we are unable to locate any of the information you have requested, we will let you know.
EU Data Subject Rights
We will provide you with the ability to see the personal data that we have by providing you with a copy of that data. You have the right to port that data to a different entity than Bounce Exchange, although we can’t guarantee that others will be in position to ingest this data. We will also provide you with the ability to correct errors in the data, but reserve the right to simply delete data which you’ve indicated may contain errors or inaccuracies. We will restrict or cease processing of this data upon request and offer you the ability to object to our processing of this data. And we will delete the data upon request so long as we are not prohibited from doing so by applicable law and/or the information is not required for us for billing, fraud prevention or security purposes.
California Data Subject Rights
As a California data subject, if you make a subject access request as set out in this policy, you are entitled to see and delete the personal information that we have about you. We will generally attempt to confirm your request within 10 days and make a good faith attempt to fulfill your request within 45 days.
The CCPA defines personal information broadly and as such, it includes pseudonymous identifiers such as cookie IDs and mobile advertising IDs. Under the CCPA, your request to see the personal information that we have about you may include: (1) specific pieces of personal information that we may have about you; (2) categories of personal information we have collected about you; (3) categories of sources from which the personal information is collected; (4) categories of personal information that we sold or disclosed for a business purpose about you; (5) categories of third parties to whom the personal information was sold or disclosed for a business purpose under the CCPA; and (6) the business or commercial purpose for collecting or selling personal information.
You may make an access or deletion request via an authorized agent by having such agent follow the process below. Please note that we will request any authorized agent demonstrate that they have been authorized by you to make a request on your behalf. And we will attempt to verify your request made in this way. Moreover, we require any authorized agents to provide us with contact details such as an email address and phone number so that we may ensure a timely response.
Making an EU and California Data Subject Request
Step 1: Locating Your Information
Providing us with your email address should be relatively straightforward. Please note that we will send you an email to the address(es) provided in order to help us authenticate your request.
Here’s what you need to do in order to share your digital identifiers.
Please keep in mind that different cookies are placed on each browser that you use to access the Internet. As a result, if you use multiple browsers (for example, Google Chrome and Mozilla Firefox), you will need to locate our cookies for each browser. Your browser’s help section should provide an overview of how to locate your cookies. An internet search of how you may find cookies in your browser may also be helpful. If you need more assistance locating these cookies for your browser, please feel free to email us for assistance at email@example.com.
Additionally, certain mobile devices (for example, mobile phones or tablets using the iOS or Android operating systems) generate persistent a “Advertising Identifier” per device, which, among other things, can be used by third parties for purposes of providing you with targeted advertising. On iOS devices, your Advertising Identifier may be referred to as an “IDFA,” “IFA,” or an “ID for Advertising.” On Android devices, your Advertising Identifier may be referred to as an “Advertising ID.” Please follow instructions from your mobile device manufacturer on how to locate your specific Advertising Identifier.
Step 2: Authentication of the Information Provided
In order to make sure that we are only providing personal data to the correct person, we also will need to take reasonable steps to authenticate your request. We request that you provide screen shots of any cookies and mobile Advertising Identifiers for which you are submitting a request. We also reserve the right to send you an email to any addresses you provide in order to authenticate that portion of your request. We also request that you fill out and sign the affidavit we’ve prepared. By filling out and signing the affidavit, you’re promising Bounce Exchange that you’re the person listed on the affidavit, and proof to demonstrate that you are indeed connected to the personal data and digital identifiers you located in Step 1.
Step 3: Contacting Bounce Exchange
Once you have located your Digital Identifiers and can provide us with verification of those Digital Identifiers (via the affidavit available above), you should reach out to us. The easiest way to do so would be to send an email with the information above to firstname.lastname@example.org
EU and California data subjects can also make a subject access request by mail, by sending a written request with all of the above-listed information to the following address:
Bounce Exchange, Inc.
Attn: Privacy Officer
1 World Trade Center, FL 74
New York, NY 10007
Bounce Exchange, Inc.
Attn: Privacy Officer
29/31 Oxford Street, 6th Floor
W1D 2DR, UK
Appendix A – Obtaining Browser Storage Values
To exercise your data rights around the identifiers we set on your browser, please follow the instructions below:
Option 1: Localstorage value
- View your browser’s localstorage cache; under the domain assets.bounceexchange.com, you may see values with names similar to bounceClientVisit1234. Each of these corresponds to a session on a website on which BounceX software is installed.
- For each session you would like to obtain information from, click on the bounceClientVisitXXXX entry. Copy & paste the value for the “did” field into a new text file. Also copy & paste the XXXX value from the bounceClientVisitXXXX value you have selected.
- You should end up with information that looks like the below:
Each line should correspond to a bounceClientVisit, with the XXXX value first and the did value second.
Option 2: Cross-website cookie value
- Visit bouncex.com, and view your browser’s cookie cache.
- Find a cookie named “__idcontext”. Copy and paste the value of that cookie.
- You should end up with information that looks like the following:
What to do with the information you have collected
Please combine the information you have collected as follows:
Note: please know that these methods will not cover the same sets of data. For example, BounceX may have collected data associated to an email address that we have not associated to a device-level identifiers (options 1 and 2). As such, you may want to explore both options above when exercising your data rights.