Notice at Collection and Privacy Policy

Last Updated: November 1^st,  2024

We at DT One App Store, Inc. (“DT,” “we,” “us,” or “our”) put great effort into ensuring that we secure personal information and use it properly.

This notice at collection (the “Notice at Collection”) and Privacy Policy (the “Policy,” and collectively: the “Notice”) explains to end-users (“Users”)of our mobile application store (the “Service” or “Store”),available to residents of certain US States or other countries (“Customers”),our privacy practices for processing personal information related to them when they use the Store.

In this Notice, the term “personal information” refers to information that identifies an individual or relates to an identifiable individual and includes equivalent terms such as “personal data” or as otherwise defined under applicable data protection and privacy laws of the United States (“US Privacy Laws”). They also explain certain rights that Consumers have under US Privacy Laws and how they may exercise them.

The general part of this Policy applies to all end users of our Service, regardless of where they access our Service from. The ANNEX to this Policy includes supplemental terms regarding processing personal information under the GDPR and UK GDPR.

We operate the Store as a controller/business(within the meaning of US Privacy Laws).

The summary below will give you a quick and clear view of our practices. The first six headings in the summary also serve as the Notice at Collection. Please, however, take the time to read our full Notice. If you disagree with its terms, please do not access or otherwise use our Store.

‍

<div id="Personal" class="anchor_link"></div>

Categories of personal information

When you use our Store, we collect the following personal information about you:

• We collect direct identifiers, such as your email address and date of birth. We also collect information about your activities on the Store,  the duration of time you spend on the Store’s sessions, and the content you have viewed or engaged with.
• Online identifiers, such as your Android Advertising ID (ADID).
• Non-precise location data, such as your IP Address.
• Zip code.
• Device information such as device type, operating system, and version.
• When you log in to the Store via  Google’s social log-in, we will also collect the email address you used to register with Google and the online identifier used by  Google to identify you.
• When you make purchases via the Store, we will collect your billing address, postal code, email address, and IP Address upon payment and details about your in-app purchases (such as what type of in-app items you purchased, the amount you spent, etc.). Adyen, the payment processor, processes this information as well as your credit card or financial information following its privacy policy. We do not process any financial information nor have any access to such information.
• When you communicate with us, any additional information you choose to provide us with.

Accordingly, in the preceding 12 months, we have collected the following categories of personal information:

• Identifiers including your email address, date of birth, , and online identifiers such as your Android Advertising ID and IPAddress.
• Personal information categories listed under theCalifornia Customer Records statute (Cal. Civ. Code § 1798.80(e)), and any applicable equivalent statute of a US State.
• Commercial information, including services purchased, obtained, or considered, other purchasing or consuming histories or tendencies, and app installations.
• Internet or other electronic network activity information, including, but not limited to search history, and information regarding your interaction with the Store.

We obtain the categories of personal information related to you listed above from the following categories of sources:

• Directly and indirectly from you and your activity on our Store and from your mobile device.
• Third parties such as Google.

<div id="Sensitive" class="anchor_link"></div>

Categories of sensitive personal information

The Store is not intended to collect sensitive personal information (within the meaning of US Privacy Laws). We do not knowingly collect sensitive personal information and require you not to provide us with any such information. We do not process sensitive personal information to infer characteristics about you, and we do not sell or share sensitive personal information for cross-context behavioral advertising.

<div id="What_do_we" class="anchor_link"></div>

What do we do with personal information?

We use personal information related to you for the following purposes:

• To provide you with the Store and to enable specific Store features.
• To provide you with notifications about your use of the Store.
• Where the provision of feedback is available, to collect your feedback.
• To provide you with technical support related to our Store.
• To maintain the Store and to make it better; and,
• To continue developing the Store.

We obey the law and expect you to do the same. If necessary, we will use personal information related to you to enforce our terms, policies, and legal agreements, to comply with court orders and warrants, and assist law enforcement agencies, to collect debts, prevent fraud, misappropriation, infringements, identity thefts and any other misuse of the Store, and to take any action in any legal dispute and proceeding.
We commit to only process personal information related to you for the purposes described in this policy.

<div id="Who_do_we" class="anchor_link"></div>

Who do we disclose, share, or sell personal information with?

Personal information related to you is disclosed to certain members of our staff who receive appropriate information security and privacy training, external consultants, and our affiliates, who are all governed by this Policy.

We also disclose personal information related to you to our agents worldwide and to third-party service providers that process personal information about you on our behalf. Such agents and service providers will be contractually bound to keep personal information related to you confidential and appropriately secure.

A merger, acquisition, or any other structural change will require us to transfer personal information related to you to another entity as part of the structural change, provided that the receiving entity will comply with this Notice.

We engage third parties to provide us with services such as analytics (for example, Google Analytics for Firebase), marketing automation, and user experience, and we may allow them to collect personal information on our Store for the purposes and via the means described in their respective privacy policies https://policies.google.com/privacy; https://firebase.google.com/support/privacy.

We share your device Advertising ID with Mobile Measurement Platforms (MMPs) solely for attribution and invoicing purposes.

The categories of personal information collected by these third parties in the preceding 12 months include identifiers, online activities, and inferences drawn from such activities.

We will also need to disclose personal information related to you in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

<div id="Retain" class="anchor_link"></div>

How long do we retain personal information?

We retain different types of personal information related to you for various periods, depending on the purposes for processing the information, our legitimate business purposes as outlined in this Notice, and according to legal requirements under applicable law.

We may maintain your contact details to help us stay in contact with you if you provide such information to us. You may delete your account on the Store at any time through the app's settings, and by doing so, the personal information associated with your account will be deleted as well. You can also contact our privacy team at dtonestoreprivacy@digitalturbine.com and request that your account contact details be deleted. Note that if you made any in-app purchases through an app downloaded from the Store, we will keep personal information related to your account for up to seven (7) years for tax reporting purposes or as otherwise required by applicable law or to protect our interests in any legal proceedings.

We may retain personal information related to you after you have terminated your use of the Store if retention is reasonably necessary to resolve disputes with any Store user, prevent fraud and abuse, or enforce this policy.

We will keep aggregated non-identifiable information without limitation, and to the extent reasonable, we will delete or de-identify potentially identifiable information when we no longer need to process the information.

In any case, we will keep information about you for as long as you use the Store unless applicable law requires us to delete it or if we decide to remove it at our discretion, according to the terms of this policy.

<div id="Children" class="anchor_link"></div>

Children

We do not knowingly sell or share personal information related to children, as such term is defined under applicable US Privacy Laws.

Your choices and rights

• Access. You have the right to request confirmation from us whether we are processing personal information about you and to access such information, including to request to know:
  • what personal information we have collected about you;
  • what personal information about you we have shared or sold, within the meaning of US Privacy Laws;
  • the categories of sources from which personal information about you is collected;
  • the business or commercial purpose for collecting, selling, or sharing personal information about you;
  • the categories of third parties to whom we disclose personal information; and,
  • the specific pieces of personal information we have collected about you.
• Correction. You have the right to request that we correct inaccurate personal information that we maintain about you.
• Deletion. You have the right to request that we delete personal information related to you that we have collected from you, subject to certain exceptions under applicable US Privacy Laws. Accordingly, note that when we delete personal information related to you, it will be deleted from our active databases, but we will keep a reasonable number of copies in our archives. We will continue to retain the personal information related to you for legitimate business purposes as set forth above.
• Portability. When exercising your right of access detailed above, you may also have the right to obtain the personal information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another entity without hindrance. Note that you may only exercise this right up to two times per calendar year. Also note that when responding to your request, we will omit any information that would disclose our trade secrets, as permitted by US Privacy Laws. You may also have the right to obtain a representative summary of the personal information you previously provided.
• Opt-out rights. You have the right to opt-out of the following processing activities:
  • Google Analytics by opting out via the Store’s Settings menu.
• Non-discrimination. You have the right not to receive discriminatory treatment by us for exercising your privacy rights, detailed in this Notice.

If you are a resident of the European Economic Area (EEA) you might have additional rights under the General Data Protection Regulation (GDPR). Please read our Supplemental Terms for Processing Personal Data Under the GDPR in the ANNEX to this Policy.

‍

<div id="Exercising_choices" class="anchor_link"></div>

Exercising your choices and rights

We will give you choices about how we use and share personal information related to you, and we will respect your choices.

We collect and receive personal information related to you that we need for the purposes described in this Notice. You can stop using the Store at any time, thereafter we will stop collecting personal information related to you. However, we will store and continue to use or make available certain personal information related to you as detailed above.

You may also control what personal information we collect from your device by changing the permissions settings on your browser or mobile device.

You may delete your account on the Store by accessing the app's Settings menu, selecting My Account, and then clicking “Deleting my Account.” Deleting your account will delete any personal information associated with your account.

If you want us to delete your account or you wish to receive a copy of your personal information, email us at dtonestoreprivacy@digitalturbine.com.

Only you or a person authorized to act on your behalf may make a request related to personal information related to you. Access requests can be made by you only twice within a 12-month period.

The verifiable consumer request must provide sufficient information to allow us to reasonably verify that you are the person about whom we collected personal information or an authorized representative and describe your request with sufficient detail to allow us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with the requested personal information if we cannot verify your identity or authority to make the request and confirm the personal information related to you. We will only use the personal information provided in your request to verify your identity or authority to make the request.

We will do our best to respond to your request within 45 days of its receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and extension period in writing. At your option we will deliver our written response by mail or electronically.

Any disclosures we provide will only cover the 12-months period preceding receipt of your request. If applicable, our response will also explain the reasons we cannot comply with a request.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for such a decision and provide you with a cost estimate before completing your request.

We will not require that you create an account in order to exercise your rights under this Policy and we will not increase the cost or decrease the availability of the Store based solely on the fact that you have chosen to exercise one of your rights under US Privacy Laws.

After receiving our reply, you can appeal against our decision by contacting us. We will review your appeal and provide you with our answer and our explanation of the reasons for our decision(s) within 60 days of receiving it. We will also provide you with a link (to the extent available) to submit a complaint with the relevant Attorney General.

At any time, you can also opt out of our collection of personal information related to you by uninstalling the Store from your mobile device, as follows:

1. Locate the Store app on your device.
2. Long press on the app icon until a menu with the option to “Remove App” appears or an X is available at the top right of the app icon.
3. Tap “Remove App” or the X to uninstall the app.

<div id="Transfer" class="anchor_link"></div>

Transfer of personal information outside your territory

We store and process information, including personal information, in the USA and in South Korea, either directly or by using parties, our processors, and sub-processors, such as cloud hosting service providers, in the US and fraud detection teams in South Korea.

If you are a resident in a jurisdiction where the transfer of personal information related to you to another jurisdiction requires your consent, then you hereby provide us with your express and unambiguous consent to such transfer.

We ensure that our third-party service providers make adequate confidentiality and security commitments, and we will take all steps reasonably necessary to ensure that personal information related to you is treated securely and in accordance with this policy.

<div id="Analytical" class="anchor_link"></div>

Aggregated and analytical information

We use anonymous, statistical, or aggregated information and will share it with our partners for legitimate business purposes. It has no effect on your privacy because there is no reasonable way to extract data from the aggregated information that we or others can associate specifically with you.

<div id="Security" class="anchor_link"></div>

Information security

We are committed to ensuring the security of personal information. We and our hosting services implement systems, applications, and procedures to secure personal information related to you and minimize the risks of theft, damage, loss of information, or unauthorized access or use of information. These measures provide sound industry-standard security.

However, please understand that no security system is impenetrable, and although we make efforts to protect your privacy, we cannot guarantee that the Store will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.

<div id="Dispute" class="anchor_link"></div>

Dispute resolution

We periodic assess our data processing and privacy practices to ensure compliance with this policy, to update the policy when we believe that we need to, and to verify that we display the policy properly and in an accessible manner. If you have any concerns about the way we process personal information related to you, you are welcome to contact our privacy team at: privacy@digitalturbine.com, or write to us.

We will look into your query and make good-faith efforts to resolve any existing or potential dispute with you.

<div id="Changes" class="anchor_link"></div>

Changes to this policy

We may update this policy from time to time. If the updates have minor, if any, consequences, they will take effect 14 days after we post a notice on the Store. Substantial changes will be effective 30 days after we initially post the notice.

Until the new policy takes effect, if it materially reduces the protection of your privacy under the then-existing policy, you can choose not to accept it and terminate your use of the Store; continuing to use the Store after the new policy takes effect means that you agree to the new policy. Note that if we need to adapt the policy to legal requirements, the new policy will become effective immediately or as required by law.

<div id="Contact" class="anchor_link"></div>

Contact Us

Don’t hesitate to get in touch with us at privacy@digitalturbine.com.

‍

Annex
Supplemental Terms For Processing Personal Data Under The GDPR

We at DT describe our privacy practices and Service on our Notice at Collection and Privacy Policy above (the “General Policy”). Please take the time to read our General Policy.

These terms supplement and are not a substitute for our General Policy. They add terms specifically related to our privacy practices associated with processing personal data under European data protection laws, namely the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

You should read both documents to understand the full scope of our privacy practices. If there are any overlapping provisions, these supplemental terms will prevail for our processing of personal data under the GDPR.

These terms use specifically defined terms under the GDPR, such as “personal data,” “processing,” “consent,” “data controller,” and “lawful grounds of processing. ”If you are not familiar with these terms, please seek further guidance or contact our privacy team at privacy@digitalturbine.com with any questions that you may have about these terms.

Lawful Grounds of Processing

We process personal data related to you as a data controller when you use the Service based on the following lawful grounds:

·      We provide you with our Service subject to the contracts that govern them (such as our Service’s Terms of Use that you opted in to in order to use the Service). We will process personal data related to you, which is necessary to perform our contract with you.

·       We will process personal data related to you to comply with our legal obligations and where necessary, to protect your and others' vital interests.

·       We will rely on our legitimate interests, which we have a good-faith belief that is not over ridden by your fundamental rights and freedoms, for the following purposes:

o  To protect our Service and our networks and systems, including cyber security measures.

o  To provide support, customer relations, and for service operations.

o  To enhance and improve your and other users' experience with our Service.

o  To detect, contain, prevent, and handle cases of fraud and misuse of our Service.

·       We will also rely on your consent for processing personal data related to you. Where consent is applicable, we will present you with an option to provide and withdraw it.

Your Rights Under the GDPR

In addition to your applicable rights as described under our General Policy, you have the following rights:

●       AT ANY TIME, YOU CAN CONTACT US AND REQUEST TO WITHDRAWYOUR CONSENT TO THE PROCESSING OF PERSONAL DATA RELATED TO YOU. EXERCISING THISRIGHT WILL NOT AFFECT THE LAWFULNESS OF PROCESSING BASED ON CONSENT BEFORE ITSWITHDRAWAL.

●       You can request to access personal data that we keep about you and receive further information as described under the GDPR. If you find that the personal data related to you is not accurate, complete or up to date, please provide us with the necessary information to correct it.

●       You can request to delete, or restrict access to, personal data related to you. We will review your request and use our judgment, pursuant to the provisions of the applicable law, to reach a decision about your request.

If we need to delete personal data related to you following your request, it will take some time until we completely delete residual copies of personal data related to you from our active servers and from our backup systems.

●       If you exercise one (or more) of the above-mentioned rights, in accordance with the provisions of applicable law, you may request to be informed that third parties that hold personal data related to you, in accordance with this policy, will act accordingly.

●       You may ask to transfer personal data related to you in accordance with your right to data portability.  

●       You may object to the processing of personal data related to you for direct marketing purposes, such as by unsubscribing from our newsletters and distribution lists. Additional information about this right is available under the “Choices and Rights” section in this policy.

●       You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affecting you.

●       You have a right to lodge a complaint with a data protection supervisory authority of your habitual residence, your place of work or the place of an alleged infringement of your rights under the GDPR.

Please note that when you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and will ask you further questions to understand the nature and scope of your request.

If you have any concerns about the way we process personal data related to you, you are welcome to contact our privacy team at: privacy@digitalturbine.com. We will investigate your inquiry and make good-faith efforts to respond promptly. If we are unable to help, you also have the right to make a complaint to the applicable data protection supervisory authority, as aforementioned.

Our DPO and Representatives

Our Data Protection Officer (DPO) can be reached at: privacy@digitalturbine.com.

Our EEA designated representative is: RickertRechtsanwaltsgesellschaft mbH and can be reached at: Colmantstraße 15, 53115Bonn, Germany, art-27-rep-digitalturbine@rickert.law.    

Transfer of Personal Data Outside the EEA

We store and process personal data in the U.S. From time to time, we will make operational decisions which will have an impact on the sites in which we maintain personal data.

We make sure that our third-party service providers provide us with adequate confidentiality, data protection and security commitments in accordance with the GDPR, and we will take all steps reasonably necessary to ensure that personal data related to you is treated securely and in accordance with our General Policy and these supplemental terms.

We may transfer personal data related to you to other countries. Some of them are not recognized by the European Commission as providing adequate protection to personal data, and some of them, although recognized, required additional safeguards. We will use appropriate safeguards, in particular, by way of entering into the European Union (EU) Standard Contractual Clauses with the relevant recipients, by relying on self-certifications, or by complying with equivalent data transfer mechanisms. You can contact our privacy team at: privacy@digitalturbine.com to receive more information related to our data transfer practices.

Please also see the section below titled “US Transfers” for additional information regarding our transfers of Personal Data outside the EEA to the US.

U.S. Transfers

We participate in the EU-US Data Privacy Framework (“EU-US DPF”), the UK Extension to the EU-US DPF (“UK Extension”), and the Swiss-US Data Privacy Framework (“Swiss-US DPF”),as set forth by the US Department of Commerce. You can review our Data Privacy Framework registration at: https://www.dataprivacyframework.gov/list.

We have certified to the US Department of Commerce that we adhere to the EU-US Data Privacy Framework Principles (“EU-USDPF Principles”) with regard to the processing of personal information received from the European Union in reliance on the EU-US DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-USDPF.

We have certified to the US Department of Commerce that we adhere to the Swiss-US Data Privacy Framework Principles (“Swiss-USDPF Principles”) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-US DPF.

If there is any conflict between the terms in this notice or our policy with the EU-US DPF Principles(including the UK Extension) or the Swiss-US DPF Principles, the Principles will govern. To learn more about the Data Privacy Framework (“DPF”)program, visit the data privacy framework website here.

In accordance with the EU-US DPF, we commit to resolve DPF Principles-related complaints about our collection and use of personal information related to you. If you have any inquiries or complaints about our handling of personal information received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-USDPF (as applicable), please contact us at: privacy@digitalturbine.com. We will do our best to respond to your inquiry as soon as we can.

In accordance with the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF, we commit to cooperate (respectively) with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office(ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC), as applicable, with regard to unresolved complaints concerning our handling of personal information received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF.

You may also decide to invoke the arbitration option under the DPF, under certain conditions detailed here. For additional details.

As explained under the section titled “Who do we disclose, share, or sell personal information with?” in our policy, we share personal information with third parties to perform services on our behalf.

When we share personal information received under the Data Privacy Framework with a third party, the third party’s access to, and use and disclosure of such personal information, must also comply with our obligations under the Data Privacy Framework. We will remain liable under the Data Privacy Framework for any failure to do so by such a third party, unless we can demonstrate that we are not responsible for the event giving rise to the damage.

We are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Note that, as detailed above, we may be required to disclose personal information related to you in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

‍