TEMBO PRODUCT PRIVACY POLICY

1. INTRODUCTION

This Privacy Policy (also referred to as the “Privacy Policy”) informs users (“you”) on the collection, use, sharing, and selling (collectively referred to as “processing” or “process”) of your personal information in connection with the website www.tembo.io (the “Website”) and/or any other product or services offered by Tembo Data Systems, Inc. (“Tembo”) through the Website or otherwise (collectively, the “Product”). This Privacy Policy also explains your privacy rights in relation to these processing activities. This Privacy Policy was last updated on October 23, 2023. However, the Privacy Policy can change over time, for example to comply with legal requirements or to meet changing business needs. The most up-to-date version can be found on the Website. As used in this Privacy Policy, “personal information” or “personal data” means information that relates to an identified individual or to an identifiable individual. For example, this could include your name, address, email address, past purchase behavior or information regarding your online interests. Personal information about you that Tembo may process is also referred to as “information about you.” For more detail about the types of information about you that we may process in the Products, please refer to Section 4 below.

2. SCOPE

The Privacy Policy applies to Tembo’s processing of information about you provided to the Product by our customers or third parties to help enable Product customers and partners better analyze their business data. This information can be stored either on Tembo’s cloud servers or through our customers’ and partners’ servers.

3. WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL INFORMATION?

Tembo Data Systems, Inc., dba Tembo, a Delaware corporation, is responsible for processing your personal information in scope of this Privacy Policy.

4. WHICH CATEGORIES AND SPECIFIC PIECES OF PERSONAL INFORMATION DO WE PROCESS?

Information about you may in some cases directly identify you, while in other cases it may only indirectly identify you. Personal information that is collected offline and that can directly identify you may include, for example:

  • name and physical address, email addresses, and telephone numbers;
  • demographic attributes, when tied to other information that identifies you;
  • transactional data based on your purchases or interactions with our customers, when tied to other information that identifies you;
  • data from marketing opt-in lists, consumer surveys, or publicly available information;

Personal information that is collected online and that may indirectly identify you may include, for example:

  • unique IDs such as your mobile device identifier, or a cookie ID on your browser or device;
  • IP addresses and information derived from IP addresses, such as geographic location;
  • information about your device, such as browser, device type, operating system, the presence or use of “apps”, screen resolution, or the preferred language;
  • obfuscated personal information such as hashed email addresses (direct identifiers are removed);
  • demographic information such as gender, age, and income range when not tied to information that directly identifies you;
  • behavioral data of the internet connected computer or device you use when interacting with websites, applications, or other connected devices, such as advertisements clicked or viewed, websites and content areas, date and time of these activities, or the web search used to locate and navigate to a website.

5. FOR WHAT COMMERCIAL OR BUSINESS PURPOSE DO WE USE YOUR PERSONAL INFORMATION?

We use personal information for the following commercial and business purposes:

  • to analyze, develop, improve, and optimize the use, function and performance of Tembo Products; We may process personal information for Tembo’s own research and development purposes. For example: to enhance data quality, develop new features and functionality, and for statistical analyses related to the performance and operation of the Product.
  • to manage the security of our sites, networks and systems; We can collect usage and systems operations data from the Product for security and operations management to help keep Tembo, customer, and partner networks and systems, as well as our products and services, secure. We may also collect usage and systems operations data to investigate and prevent cyber-attacks, malicious activity, or potential fraud, including ad fraud and to detect bots.
  • to comply with applicable laws and regulations and to operate our business. In some cases, we may process personal information to comply with applicable laws and regulations. For example, to respond to a request from a regulator or to defend a legal claim. We may also process personal information in the operation of our business. For example, to conduct audits and investigations, for finance and accounting, archiving and insurance purposes.

6. CATEGORIES OF SOURCES OF PERSONAL INFORMATION

Tembo may process both offline and online information about you, including information from publicly available sources, its customers or partners, or third party data providers. The data we use may be provided to us directly from our customers and partners.

7. FOR INFORMATION ABOUT YOU COLLECTED IN THE EU/EEA, WHAT IS OUR LEGAL BASIS?

If applicable to our partners and customers, we rely on your consent for the purpose of enabling partners to market products and services to you. You have the right to withdraw your consent to this purpose at any time. Please refer to Section 12 below for more details on how to opt out of interest-based data processing based on your consent. In addition, we may process some information about you as may be necessary based on our legitimate interest to maintain the security of our sites, networks, and systems, and to comply with applicable laws and regulations, such as to process an opt-out request.

8. FOR WHAT PERIOD DO WE RETAIN INFORMATION ABOUT YOU?

Tembo maintains information about you in accordance with applicable laws. It is our general practice for the Product not to store personal information of users of the Product, but under certain circumstances, this data may be retained in accordance with this Policy.

9. WHEN AND HOW CAN WE SHARE YOUR PERSONAL INFORMATION?

Sharing within Tembo

As a nationwide organization, information about you can be shared across the country throughout Tembo’s organization for a business purpose. Tembo employees are authorized to access personal information only to the extent necessary to serve the applicable purpose(s) and to perform their job functions.

Sharing with or selling with third parties

We may share personal information with the following third parties for a commercial purpose:

  • Our partner’s digital marketers, ad agencies, third party marketing services and third party services as directed by our partners to us; and
  • third-party service providers necessary to the performance of Tembo’s Product.

We may share personal information with the following third parties for a business purpose:

  • relevant third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock, including in connection with any bankruptcy or similar proceedings; and
  • public and government authorities, including public and government authorities outside your country of residence (to the extent legally required to respond to their mandatory requests in connection with national security and/or law enforcement purposes).

When third parties are given access to personal information, we will take appropriate contractual, technical and organizational measures designed to ensure that personal information is processed only to the extent that such processing is necessary, consistent with this Privacy Policy and in accordance with applicable law.

10. RIGHTS IN THE EUROPEAN UNION.

Your principal rights under GDPR are: (a) the right to access; (b) the right to rectification; (c) the right to erasure; (d) the right to restrict processing; (e) the right to object to processing; (f) the right to data portability; (g) the right to complain to a supervisory authority; and (h) the right to withdraw consent.

You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

In some circumstances, you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of GDPR; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.

In some circumstances, you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise, or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, although we do not store personal information data as part of our standard Product practices, we may continue to store your personal data in certain circumstances. However, we will only otherwise process it with your consent; for the establishment, exercise, or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To the extent that the legal basis for our processing of your personal data is (a) consent; or (b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used, and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement.

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

11. HOW IS INFORMATION ABOUT YOU SECURED?

Tembo has implemented appropriate technical, physical and organizational measures designed to protect personal information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access, as well as all other forms of unlawful processing.

12. WHAT ARE YOUR PRIVACY RIGHTS?

Pursuant to the E.U. General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable laws and regulations, individuals in certain jurisdictions may have data subject rights enabling them to opt-out of third party sharing or selling, delete or remove, or request to access and receive a copy of their personal information in Tembo’s possession or for which Tembo is otherwise responsible.

Opt-out and object to our use of information about you

Tembo offers multiple ways for you to opt out of third party sharing or selling and object to our use of information about you:

  • Contact the applicable partner who is supplying your data to use.
  • Do Not Track. Tembo honors “Do Not Track” browser settings, meaning we will not track your browser for marketing purposes while you have “Do Not Track” turned on in your browser settings.

Delete information about you

You can access the information that we collect online and maintain through normal updating methods. To update, correct, or delete this information, you can contact us via email at support@Tembo.io. Your account can be deleted or deactivated, but doing so will result in your not being able to access certain services. During the normal course of doing business, we will continue to share your information among our business units, our affiliates and unaffiliated third parties as necessary in order to service your accounts and fill any orders you place with us.

Access your Information

We cannot provide offline first-party information that is collected and maintained by our customers as we generally do not store personal information once processed through the Product for our customers. If you have questions with regard to first-party information, Tembo recommends that you contact directly the company that collected it from you.

We will respond to your request consistent with applicable law. Tembo will not discriminate against consumers who have exercised the deletion, opt-out, or access rights provided to them in this Privacy Policy.

13. WHAT ARE YOUR RIGHTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT (CCPA)?

If you are a California resident, you may request that we:

  • disclose to you the following information covering the 12 months preceding your request:
  • the categories and specific pieces of personal information we collected about you and the categories of personal information we sold (see Section 4);
  • the categories of sources from which we collected such personal information (see Section 6);
  • the business or commercial purpose for collecting or selling personal information about you (see Section 5); and
  • the categories of third parties to whom we sold or otherwise disclosed personal information (see Section 9).
  • delete personal information we collected from you (see Section 12); or
  • opt-out of any future sale of personal information about you (see Section 12).

We will respond to your request consistent with applicable law. If you are an authorized agent making an access or deletion request on behalf of a Californian resident, please reach out to us via the inquiry form and indicate that you are an authorized agent. We will provide you with instructions on how to submit a request as an authorized agent on behalf of a Californian resident.

If you are a California resident, you may obtain information about exercising your rights, as described above, by contacting us at support@Tembo.io.

14. HOW TO CONTACT TEMBO IF YOU HAVE QUESTIONS, COMMENTS OR COMPLAINTS?

Please contact us at support@Tembo.io.

15. DISPUTE RESOLUTION OR FILING A COMPLAINT

If you have any complaints regarding our compliance with this Privacy Policy, please contact us first. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with this Privacy Policy and in accordance with applicable law.