SRAX PRIVACY POLICY

Last Updated: 6/21/2018
The purpose of this privacy statement is to inform you about the types of information (personal, behavioral, etc.) we might collect about you when you visit websites (the “Our Sites”) that are owned and operated by Social Reality and/or our affiliates (“SRAX”, “we,” “our,” or “us”) and how we may use that information.

BY VISITING OUR SITES, SUBMITTING REGISTRATION OR LOGIN INFORMATION TO ANY OF OUR SITES, YOU AGREE TO BE BOUND BY THIS PRIVACY STATEMENT AND ANY RELATED TERMS OF USE. YOUR USE OF OUR SITES INDICATES IS SUBJECT TO THIS PRIVACY STATEMENT AND YOUR CONTINUED USE INDICATES THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO THE SAME. IF YOU DO NOT AGREE TO BE SO BOUND, DO NOT VISIT OR LOG IN TO OUR SITES OR LOG IN AS A “GUEST.”

We reserve the right to modify this privacy statement, or any site-specific addendum hereto, at any time without notice. For example, we do not need to provide notification if we modify our practices regarding the collection or use of information. We will revise our “Last Updated” date to reflect any revisions to this Statement. Your continued use of Our Sites after any such revision shall constitute your consent to be bound by such revised privacy statement.

What Information Do We Collect?

  • We may collect certain personally identifiable information (“PII”) and other personal information you voluntarily submit as part of your registration/login into Our Sites or your choice to opt-in to any marketing campaigns or other links to Our Sites whether through emails or other communications sent by Social Reality. The types of PII we may collect include your name, email address, device ID, telephone number and other similar contact data. This information may be combined with information already in our possession or made available to us through United States federal and state medical professional databases, other files we are licensed to receive, and/or information we obtain from other sources. We may also collect information as a result of your interaction with any of Our Sites, a Social Reality or SRAX owned and operated newsletter, or any communication received directly or indirectly from us. This means we may collect information from you through multiple locations, not just the initial one of Our Sites through which you register.
  • We may capture certain information automatically on or through one or more of Our Sites, regardless of whether you provide us with personal information. This information may include your device and/or network information (e.g., Internet protocol (IP) address, user agent strings, device identification number (IMEI), geolocation data, browser type, page access history, linking information, click stream data, page visits, page views, and/or website log files). If we identify that you are accessing Our Sites through multiple devices, we will associate each such device with your profile.
  • We will use operational data (e.g., cookies, log files, clear GIFs, pixels and/or similar devices) to identify our users and their device(s) in order to track our users’ interactions with Our Sites and communications; we use this operational data to enhance certain activities available on Our Sites or applications. You can remove or reject persistent cookies by following the directions provided in your Internet browser’s “Help” file. If you remove a persistent cookie, you may be requested to reregister or log in again upon returning to Our Sites or when opting-in to any of our other campaigns via email or newsletters. If you reject persistent cookies, the functionality of Our Sites or other communications (like our newsletters), or any part thereof, may be impaired or unavailable.

How Do We Use Your Information?

We may use the information we collect from you in the following ways:

  • To identify and verify your professional medical status by checking your information against the information we acquire from third parties or public sources, including those made available by the AMA, NPI number, and/or state licensing boards.
  • To personalize and enhance your experience while interacting with Our Sites and applications.
  • To allow us to deliver the type of content and services that we believe may be of interest to you, including emails, newsletters, alerts, and advertising targeted to your professional experience and/or interests, based on your professional activities and/or other information we possess.
  • To monitor usage and interaction statistics on Our Sites and/or through responses to our communications.
  • To establish your online account and authenticate you during a registration or login to any of Our Sites or our other communications.
  • To allow us to respond quickly and efficiently to your questions and your requests for information.
  • To administer a contest, promotion, survey, or other feature.
  • To send you advertising, information and/or promotional material geared to your profession. If you would no longer like to receive promotional email communications from us, please refer to the “How Can You Manage Your Email and Mobile Marketing Preferences” section below.
  • To share your response information to our communications with the sponsor(s) of the professionally relevant program with which you interact.
  • To allow us to disclose your information to the extent permitted by law, as described more fully below.

How Do We Protect Personal Information?

Although we cannot guarantee the security of personal information that is transmitted over the Internet or stored on Our Sites, we have established and implemented reasonable physical, electronic, and administrative procedures designed to safeguard and secure the personal information we collect and maintain online. We protect your transactions involving Personal Information over the Internet using Secure Sockets Layer (SSL) technology. We restrict access to your Personal Information in our database to our authorized employees, our agents, and certain of our authorized partners.

Please note that we do not have any control over or responsibility for information you share about yourself on or through any websites outside of Our Sites; including any third party websites accessed or linked through Our Sites. All such sharing of information and content is done at your own risk. Any concerns over the sharing of information on or with a particular website not owned by SRAX or Social Reality should be handled by dealing directly with that website.

Children’s Privacy

Our Sites, applications and services are not intended for use by children under the age of 13. We will not knowingly collect any personal information from users under the age of 13 online through Our Sites. If you think that we have collected personal information from a visitor under the age of 13, please contact us.

Do We Disclose the Information We Collect to Outside Parties?

Except as provided for in this privacy statement, we will not sell, trade, or otherwise transfer your PII to third parties. We may use your information, including our right to disclose to trusted third parties, in the following circumstances without advance notice:

  • Provision of Information. Because some of our programs are targeted toward medical professionals only, advertisers or agencies have asked us to restrict access to certain information, products, and services to medical professionals only. To ensure that we are delivering the information, products, and services as may be required by law, we may be required to disclose your information with third-party sources to meet legal requirements (e.g., Certified Medical Education and PDMA) and determine your eligibility to receive the materials.
  • Subsidiaries and Affiliates. We may transfer PII to our subsidiaries and corporate affiliates.
  • Website Consultants and Service Providers. We may disclose personal information to third-party consultants and service providers (e.g., hosting/support/maintenance providers, third-party payment processing agencies, and remedial/repair services) to the extent that they require such access in order to perform services for us.
  • Third-Party Advertising. We typically do not provide PII to any third party for marketing/advertising purposes but may disclose for internal analytics and user targeting confirmation only. We may disclose information about you to third parties, such as a SRAX ID tied to a unique record, an NPI or email address, so that these parties may verify that our programs were targeting specific users on target list or specialty programs.
  • Enforcement of Rights/Security. We reserve the right to release personal information (i) when we are under legal compulsion to do so (e.g., we have received a subpoena) or we otherwise believe that the law requires us to do so, (ii) when we believe it is necessary to protect and/or enforce the rights, property interests, or safety of SRAX, Our Sites, our users, clients, or others, or (iii) as we deem necessary to resolve disputes, troubleshoot problems, prevent fraud, and otherwise enforce the privacy statement and other user agreements.
  • Reorganization or Sale of the Company. In the event that we are merged with or become part of another organization, we are sold, we sell all – or substantially all – of our assets, or we are otherwise reorganized, all of our information, including your information may be one of the transferred assets to the acquiring or reorganized entity.
  • As Otherwise Allowed by Law. We may transfer personal information to third parties where we are expressly authorized or required by applicable law to do so.
  • Disclosure of non-PII. In addition to you providing us with PII, you may also provide us with or we may otherwise acquire non-PII information (i.e., information which does not personally identify you). We reserve the right to use and/or disclose such non-PII as we choose, including to third parties, for any reason (e.g., marketing and advertising). This includes information that has been de-identified and/or subjected to pseudonymization.
  • Aggregated Information. We may aggregate information that you provide or is otherwise collected from or about you with information provided by other individuals in such a manner that the information is not personally identifiable to you. Once such information is non-PII, we reserve the right to use and/or disclose such non-PII as we choose, including to third parties, for any reason (e.g., marketing and advertising).
  • Sponsors. We may share your voluntary responses to communications with the sponsor(s) of the professionally relevant program with which you interact.

How Do I Ask Questions and Provide Feedback Regarding Privacy?

We welcome your questions, comments, and concerns about privacy. Please contact us at privacy@srax.com with any questions or comments you may have regarding this privacy statement or the privacy of your information.

How Can You Manage Your Personal Identifiable Information (PII)?

You can easily manage your marketing preferences by not providing information to us. However, to the extent that you choose to provide your PII to us, to a SRAX or SRAXmd client, you can opt out of having your PII used for certain purposes.

  • You may opt out of receiving email communications by following the method stated in the privacy policy, or by utilizing the opt-out mechanism found in each email sent by us or a verified third party sending emails on our behalf to you. This will remove you from the email list or the website registration list and/or the sponsor of the communication.
  • In addition, you may remove the email pixels that may track you and communicate information to us so long as they appear in the image cache of your Internet browser. You may remove the pixels simply by deleting the cache in which the pixel is stored.
  • You may delete cookies by opening your browser’s “Internet Options” folder and making the appropriate selections.
  • If you are unsure of how to clean your cache or delete cookies, locate the “Help” function in the browser menu. Entering in the search bar “clean cache” and “delete browser cookies” will return instructions specific to your browser.

Where We Store and Process Personal Data

Personal data collected by us may be stored and processed in your region, in the United States or in any other country where we or our service providers maintain facilities. Generally, the primary storage location is in the United States. Unless otherwise requested by our clients, backups made from locations within the European Economic Area remain within the European Economic Area. The storage location(s) are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps to ensure that the data we collect under this privacy statement is processed according to the provisions of this statement and the requirements of applicable law wherever the data is located.

We may transfer personal data from the European Economic Area and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections travel with your data.

Privacy Shield

We are committed to and complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. We have self-certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If third-party agents process personal data on our behalf in a manner inconsistent with the principles of either Privacy Shield framework, we remain liable unless we prove we are not responsible for the event giving rise to the damage.
If there is any conflict between the terms in this privacy statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov.

If you have a question or complaint related to our participation in the EU-U.S. or Swiss-U.S. Privacy Shield, we encourage you to contact us via our self-certification site or at privacy@srax.com. For any complaints related to the Privacy Shield frameworks that cannot be resolved with us directly, we have chosen to cooperate with the relevant data protection authority for resolving disputes as specified in our self-certification form. Please contact us to be directed to the relevant contacts. As further explained in the Privacy Shield Principles, binding arbitration is available to address residual complaints not resolved by other means. We are also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).