View Our eBook on How a Channel With Offline Roots Fits Into Your Digital Marketing Mix Learn How

Last updated:  November 15th, 2023

Introduction

This Privacy Policy describes the types of Personal Information (“PI”) that PebblePost, Inc., (the “Company”, “we”, “us” or “our”) collects, the purposes for which we collect PI, the other parties with whom we may share PI, and the measures we take to protect the security of PI. It also tells you about your rights and choices with respect to your PI, and how you may contact us about our privacy practices.

Please note that this Privacy Policy describes the practices related to our web site, www.pebblepost.com (“Site”) and to data that we collect through our Programmatic Direct Mail® (PDM®) services and products (“PDM Services”) which we offer to our corporate clients (“Brand Partners”). This Privacy Policy does not apply to data collected or provided by our Brand Partners who use the PDM Services.

For more information about how users with disabilities can access this Privacy Policy in an alternative format, please contact us at privacy@pebblepost.com. 

This Privacy Policy consists of the following sections:

  1. Definition of PI
  2. Information for Users of PebblePost’s Site
  3. Information Relating to PI Obtained When Brand Partners Use PDM Services
  4. How PI Is Secured and Retained
  5. Your Rights Regarding PI
  6. Notices

1. Definition of PI

“Personal Information” or “PI” means any information identifying, relating to, describing, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable individual or household. Specific categories of PI we collect or receive are described in more detail below. In addition, we may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, and is not PI. To the extent this data is stored or associated with PI, it will be treated as PI; otherwise, the data is not subject to this Privacy Policy.

As described below in this Privacy Policy, the types of PI we collect about you depends on your interactions with us and your use of the Site.

2. Information for Users of PebblePost’s Site

In the past twelve (12) months, we collected the below categories of PI from you when you used PebblePost’s Site: 

– Identifiers (such as your name, email address and physical address)

– Internet or other electronic network activity information (such as cookies and mobile device IDs, and related browsing information)

–Geolocation data (as inferred from IP address)

The source of PI we collect:

We collect PI directly from you when you use our Site. We also collect PI automatically or indirectly from you through logging tools, cookies, pixel tags, and as a result of your use of and access to the Site. We also receive PI from our Brand Partners in connection with the PDM Services.

The business purpose for collecting your PI:

We use such information to contact you regarding our PDM Services, and to remember your preferences on our Site. We may use your PI to: (i) communicate with you about our products and services; (ii) communicate with you via email to provide certain information to access our blogs or to download certain information on the website; (iii) review your job application; (iv) provide you content, including but not limited to newsletters or blog posts; (v) serve other purposes for which we provide specific notice at the time of collection; (vi) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity; (vii) as otherwise authorized or required by applicable law; and (viii) as necessary or appropriate to protect the rights, property, and safety of our users, us, and other third parties.

Categories and purposes of third parties with whom we may share PI:

We may disclose PI and other information as we believe necessary or appropriate to: (i) respond to law enforcement requests and as required by applicable law, court order, or governmental regulations; (ii) investigate fraud or violations of law or of any party’s rights, including our Terms of Use; and (iii) to allow us to pursue available remedies or limit the damages that we may sustain.

We share PI with our service providers, who may use your PI to provide us with services, such as printing providers, hosting providers and email service providers; provided, however, such service providers are only authorized by us to use the PI in connection with their performance of services for us.

In addition, we may, in the future, sell or otherwise transfer some or all of our business, operations or assets to a third party, whether by merger, acquisition or otherwise. PI we obtain from or about you via the Site may be disclosed to any potential or actual third-party acquirers and may be among those assets transferred.

In the past twelve (12) months, we shared for a business purpose the following categories of PI with the following categories of third parties: 

– Identifiers: service providers (e.g. printing and data partners)

– Internet or other electronic network activity information: service providers (e.g. printing and data partners)

Site user responsibility: Users are responsible for ensuring the accuracy of PI that is submitted through the Site..

We use cookies, pixels and other automated tracking technologies to collect information from the Site, such as browser type and operating system, the number of website users, and understanding how visitors use the Site. Some of our service providers may collect this type of information from you as well. If you want to stop or restrict the placement of cookies or delete any cookies that may already be on your computer or device, please refer to and adjust your web browser preferences. Further information on cookies is available at www.allaboutcookies.org.

By deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our Site or some of its functionality may be affected. Cookies and similar items are not used by us to automatically retrieve information that can individually identify you from your device without your knowledge.

Global Privacy Control (GPC) signals: Some browsers have a Do Not Track (“DNT”) feature that lets users signal to websites that they do not want to have their online activities tracked. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers. However, we treat Global Privacy Control signals as a means of opting out of the sale or sharing of personal information, or of opting out of the processing of personal information for targeted advertising, as applicable. Please see the sections titled Rights for California, Connecticut, and Colorado Residents and Rights for Nevada Residents below.

Links to Other Websites: We may link to content contained on other websites. We are not responsible for the content of other websites and your use of those websites is subject to the privacy practices of those websites.

3. Information Relating To PI Obtained When Brand Partners Use PDM Services

Categories of PI that we collect about consumers when Brand Partners use PDM Services: We may collect identifiers (such as names, email addresses, physical addresses) and online identifiers (such as cookies and mobile device IDs, and related browsing information).

When Brand Partners use our PDM Services, we may receive PI from three sources:

1. Brand Partners provide PI to PebblePost and are required to give their consumers full notice of such PI collection and provide their consumers with the ability to opt out of the collection or sale of their PI in compliance with all applicable laws.

2.  PebblePost collects PI through PebblePost’s JavaScript tag (i.e., PebblePost’s programming language) when consumers visit Brand Partners’ sites. Brand Partners are required to notify consumers of such collection and provide consumers with the ability to opt out of the collection or sale of their PI in compliance with all applicable laws.

3.  PebblePost receives online and offline information from our service providers to facilitate the Services, and maintains databases of such information. Service providers comply with all applicable laws in providing consumers notice and the ability to opt out of the collection or sale of PI. The provision of Services to Brands may include working with third party service providers to match online data with mailing addresses of Brand Partners’ consumers.

Business purpose for collecting and receiving consumer PI: PebblePost uses PI in order to provide the PDM Services to Brand Partners, including the mailing of direct mail marketing pieces to consumers’ mailing addresses on behalf of Brand Partners.

Categories and purposes for sharing consumers’ PI with third parties: These include but are not limited to: (i) providing PDM Services to Brand Partners to deliver direct mail pieces to consumer mailing address; (ii) investigation of suspected fraud or violations of law or of any party’s rights; and (iii) to our third-party service providers, such as hosting providers and email service providers, but only as they are authorized by us to use such information in connection with their performance of services for us.

4. How PI Is Secured

We maintain reasonable and appropriate physical, technical, and organizational safeguards designed to promote the security of our systems and protect and secure user and Brand Partner consumers’ PI. Those safeguards include: (i) the pseudonymization and encryption of PI where we deem appropriate; (ii) taking steps to ensure PI is backed up and remains available in the event of a security incident; and (iii) periodic testing, assessment, and evaluation of the effectiveness of our safeguards. However, no method of safeguarding information is completely secure. While we use measures designed to protect PI, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Site is or will be secure. 

We retain PI only for as long as there is a legitimate business need, as well as to the extent we deem necessary to carry out the processing activities described above, including but not limited to compliance with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, and to the extent we reasonably deem necessary to protect our and our partners’ rights, property, or safety, and the rights, property, and safety of our users and other third parties.

5. Your Rights Regarding PI

For users of the PebblePost’s Site: If you have signed up to receive our marketing emails and prefer not to receive marketing information from this Site, follow the “unsubscribe” instructions provided on any marketing e-mail you receive from this Service.

For consumers of Brand Partners: You may exercise your right to opt out of receiving PDM Services from PebblePost here.

  1. Rights For California, Connecticut, and Colorado Residents

If you are a resident of one of the above states, the California Consumer Privacy Act and its successor legislation (“CCPA”), the Connecticut Data Privacy Act (“CTDPA”), and the Colorado Privacy Act (“CPA”) provide additional rights listed below. 

  • “Right to Delete”: You may request that we delete any PI we possess about you, subject to certain exceptions as provided under applicable laws. PebblePost will respond or request an extension to respond within 45 days.
  • “Right to Know”: You may request that we disclose certain information to you about the PI we collected, used, disclosed, and shared about you in the past 12 months. This includes a request to know any or all of the following: the categories of PI collected about you, the categories of sources from which the PI is collected, the purpose for collecting and selling the PI, the categories of third parties with whom we share the PI and the specific pieces of PI collected about you. PebblePost will respond or request an extension to respond within 45 days.
  • “Right to Data Portability”: You have the right to request a copy of PI we have collected and maintained about you in the past 12 months. PebblePost will respond or request an extension to respond within 45 days.
  • “Right to Correct”: You have the right to correct inaccurate PI that we have collected and maintained about you. PebblePost will respond or request an extension to respond within 45 days.
  • “Do Not Sell or Share My Personal Information”: We share identifiers and internet or other electronic network activity information with service providers (e.g. printing and data partners). To opt out of selling or sharing your data, click here. For California residents, PebblePost will respond or request an extension to respond within 15 days. For Connecticut and Colorado residents, PebblePost will respond within 45 days.
  • 2. Rights for Nevada Residents

Nevada law permits our users who are Nevada consumers to request that their PI not be sold (as defined under applicable Nevada law), even if their PI is not currently being sold. You may exercise the right below regarding your PI.

  • “Do Not Sell or Share My Personal Information”:  We share identifiers and internet or other electronic network activity information with service providers (e.g. printing and data partners). To opt out of sellinig or sharing your data, click here. PebblePost will respond or request an extension to respond within 45 days.

You may exercise your rights above, free of charge, by:

  • Complete the form located here
  • Send requests to privacy@pebblepost.com
  • Mail in your request to us by completing all of the information indicated in the form (linked here) and mailing the form to:

PebblePost

Attn: Privacy Officer

119 West 24th Street, 5th floor

New York, NY 10011

Notice to Consumers of Brand Partners: In the event PebblePost has received your PI from a Brand Partner, you should contact that Brand Partner directly and inquire about your PI or you may request deletion of your PI from PebblePost as set forth above by completing the form above. Note that PebblePost does not “sell” your PI so “Do Not Sell” requests should be made to Brand Partners directly.

Verification & Right to Authorized Agent: We will maintain procedures to verify that you are authorized to make the requests set forth above. You may also designate an authorized agent to make these requests by emailing us at privacy@pebblepost.com or by completing the form indicated above. PebblePost requires verification that such agent has the authority to act on your behalf.

6. Notices

Non-Discrimination: We do not discriminate against you for exercising any of your rights above.

Children: Our Site and Brand Services are not intended for children under 13 years of age. We do not knowingly collect individually identifiable information from children under 13. If you are under 13, do not use or provide any individually identifiable information on this Site. If we learn we have collected or received individually identifiable information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any individually identifiable information from or about a child under 13, please contact us at privacy@pebblepost.com.

International Use: At PebblePost, your PI will be stored and processed in the United States. If you are using the Site from outside the United States, by your use of the Site you acknowledge that we will transfer your data to, and store your PI in, the United States, which may have different data protection rules than in your country, and PI may become accessible as permitted by law in the United States, including to law enforcement and/or national security authorities in the United States. 

Data Protection and Cybersecurity

We know our brands take data protection and cybersecurity seriously. We are dedicated to delivering customer-centric, relevant and meaningful direct mail campaigns, in ways to help our Brands stay in line with applicable data protection laws.  What is our multi-tiered strategy?   

– We only mail to households leveraging U.S. addresses


– Below is our JavaScript flow to demonstrate another protective layer

Additional Compliance Layers

– PebblePost works with our Brands to set up their Tag Managers on their site to exclude PebblePosts’ JS from being called when any known EU visitors visit the Brand site.

– PebblePost advises our Brands to remove any non-US customers from their customer files when passing such data to PebblePost.

– Leveraging our proprietary technology, we circle back and check again. If PebblePost identifies any Brand IP Address or other online identifier as being related to an EU user in a campaign, PebblePost permanently deletes all related data to that user from our system immediately.

Changes to this Privacy Policy:  We may change or revise our Privacy Policy from time to time. If we decide to change or revise our Privacy Policy, we will post the revised Privacy Policy here so that you will always know what information we gather, how we might use that information and whether we may disclose it to anyone. Your continued use of the Site indicates your agreement to the Privacy Policy as posted, unless your express consent is required by applicable laws.

his Privacy Policy is subject to the Terms of Use that govern your use of the Site. This Privacy Policy applies regardless of the means used to access or provide information through the Site 

This Privacy Policy does not apply to information from or about you collected by any third-party services, applications, or advertisements associated with, or websites linked from, the Site. The collection or receipt of your information by such third parties is subject to their own privacy policies, statements, and practices, and under no circumstances are we responsible or liable for any third party’s compliance therewith. 

Additional Information:  If you have any questions or concerns about this Privacy Policy and/or how we process PI, please contact us at privacy@pebblepost.com

Have more privacy questions or concerns?