Last Updated: 01/23/2019
Bombora, Inc., its global subsidiaries (collectively, “Bombora”, “we”, “us”, or “our”) value the privacy of the persons (“you” or “your”) whose information we collect or receive. This privacy notice (“Notice“) explains who we are, how we collect, use and share personal information about you, and how you can exercise your privacy rights.
The Notice covers personal information we collect:
a) When providing information to the Bombora hosted platform and related analytics products.
b) When you visit one of our corporate websites (such as such as https://bombora.com, https://www.signal-hq.com/, https://www.netfactor.com/)) (“Website“) and/or over the usual course of our business practices, such as in connection with our events, sales and marketing activities (see ‘privacy for our websites’).
We recommend that you read this Notice completely to ensure you are fully informed. However, to make it easier for you to review those parts of this Notice which apply to you, we have divided up the document into the following sections:
One of the primary ways Bombora collects data is from a proprietary data cooperative (“Data Co-op”). The Data Co-op consists of business to business (“B2B”) websites of publishers, marketers, agencies, technology providers, research and event firms that contribute content consumption data to a massive pooled data set that details buyer intent. Data Co-op members provide consent-based brand-anonymous data including Unique IDs, IP address, page URL and referrer URL, browser type, operating system, browser language, and engagement data such as dwell time, scroll velocity, scroll depth and time between scrolls. Engagement data validates that the reader is actually consuming the content and not quickly bouncing from the website. Bombora collects all event data and dynamically indexes the content consumed to the Bombora topic taxonomy and aggregates that data at the company level. The full data set is refreshed weekly.
Bombora provides the following hosted platform and related analytics products (collectively the “Services”) to its Clients.
An analytics report listing company name, topic and Company Surge® score. To create the score Bombora collects, stores, organizes, uses and erases data which is anonymized and aggregated such that no personal data exists. Bombora will not disclose any data to a company other than company name, topics searched, and Company Surge® score. These reports are created by collecting data from tags on publisher websites. The tag collects IP address (which is anonymous and converted to company URL), engagement metrics, and topics (which are determined by real time algorithm). The topics (based on Bombora’s B2B taxonomy) are attributed to company name. Comparing topic interest over 30B interactions using our proprietary algorithms leads to a score. That score is the company’s interest level in the topics compared over time.
Audience Solutions and measurement products append data to and share a cookie id in the audience segment. The data Bombora appends to the cookie id is firmographic and demographic data at the domain and company level only. The firmographic and demographic data may include industry, functional area, professional group, company revenue, company size, seniority, decision maker and predictive signals. Bombora does not share any data which could be used to identify an individual data subject. In addition, Bombora prevents co-mingling of attributes that might have the effect of identifying an individual, such as a c-suite job level at a company size less than 10 people.
The following Measurement suite of products collect demographic and firmographic information:
Through the Services, Bombora provides data to our Clients to help them better connect and target organizations they want to reach (we refer to the individuals in those organizations as “End Users“). Bombora and its partners engage in tracking End Users’ interactions with business-to-business content across various digital properties like web registration forms, widgets, websites and webpages (whether accesses via computer, mobile or tablet device or other technologies) (“Digital Properties“). We then take this data and aggregate the information collected into demographic segments, such as company revenue and size, functional area, industry, professional group, and seniority. This helps Clients customize engagement based on topics that organizations are interested in and the intensity of that consumption.
This section describes how we collect and use information we receive or collect from End Users through the Services (we refer to this collectively as “Service Information“). This includes details about the type of information we collect automatically, the types of information we receive from other sources and the purposes of those collections.
Information we collect automatically
We use and deploy various cookies and similar tracking technologies (see ‘cookies and similar technologies’ ) to automatically collect certain information about your device when you interact with Digital Properties that use our technology. Some of this information, including your IP address and certain unique identifiers, may identify a particular computer or device and may be considered “personal data” in certain jurisdictions including in the European Economic Area (“EEA“). However, Bombora does not collect any information that enables us to identify you personally such as your name, mailing address or email address.
We collect this information by assigning a random unique identifier (“UID“) to your device the first time you interact with a Digital Property that uses our technology. This UID is then used to associate you with information we collect about you.
The information we automatically collect may include:
Information we receive from other sources
We may also combine, merge, and/or enhance the information we collect about you. This can include the information we collect about you with information collected from third parties such as other web-based and mobile networks, exchanges and websites (“Partners“) or our Clients (for example, they may upload certain “offline” data into the Services). View a list of our current partners. In addition, the Service Information we automatically collect may be combined and associated with business profile information that we infer about you, such as: age, domain, functional area, household income, income status & changes, language, seniority, education, manufacturing, professional group, industry, company revenue, net-worth.
This information may include hashed identifiers derived from other information such as email addresses, mobile device IDs, demographic or interest data (like your industry, employer, company size, job title or department) and content viewed or actions taken on a Digital Property.
We use the Services Information as follows:
Our Partners, our Clients and we use various UIDs, cookies and similar tracking technologies to automatically collect information from End Users across various Digital Properties (as previously described above). Please review our Cookie Statement for further information.
2.3 Legal basis for processing personal information (EEA residents only)
If you are an individual from the EEA, our legal basis for collecting and using personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we normally rely on our legitimate interests to collect personal information from you, except where such interests are overridden by your data protection interests or fundamental rights and freedoms. Where we rely on our legitimate interests to process your personal information, they include the interests described in the ‘what information do we collect and why’ section above.
In some cases, we may rely on our consent or have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person. If we rely on consent to collect and/or process your personal information, we will obtain such consent in compliance with applicable laws.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the ‘contact us section below.
This section describes how we collect and use information from users of our Websites, visitors to our Websites and in the usual course of our business in connection with our events, sales and marketing activities.
3.1 Information we collect
3.2 Information you provide to us
Certain parts of our Websites may ask you to provide personal information voluntarily. For example, we collect personal information when you register for a Bombora account, apply for a job at Bombora, request a demo, express an interest in obtaining additional information about Bombora or our Services, subscribe to marketing emails or otherwise contact us.
The personal information we collect may include contact information (e.g. your name, mailing address, telephone number or email address) and contact preferences. It may also include professional information (e.g. your job title, department or job role) as well as the nature of your request or communication.
3.3 Information we collect automatically
3.4 Information we collect from third party sources
We may partner with certain third parties to collect information on our Websites to engage in analysis, auditing, research, reporting and to deliver advertising that we believe may interest you based on your activity on our Websites and other websites over time. These third parties may set and access cookies on your computer or other device and may also use pixel tags, web logs, web beacons, or other similar technologies. For more information about these practices and how to opt out, please see our Cookie Statement.
We will use your personal information for the following purposes:
This section describes how your information is shared, details about cookies and other tracking technologies, your data protection rights and other general information.
Your personal information collected from our Services and Websites may be disclosed as follows:
It’s important to us that you know that you have the right to access, manage the data that we may have collected about you from third parties. We strive to be as transparent as possible this section describes your data protection rights.
You have the right to access this data at any time. It’s important that we provide you with tools to object and, restrict the sale of your data, or withdraw consent (where applicable) for the use of data that we may have on you. Please note, to help protect your privacy and maintain security, we take steps to verify your identify through OneTrust. OneTrust is the secure administrative software that we use to manage privacy request.
Please complete the data subject request form to request a copy of your Platform and/or Business data from Bombora. The information you supply in this form will only be used to identify the platform and/or business data you are requesting and responding to your request. Once you submit a subject access request form we will endeavor to respond to you within 72 hours of receipt of your request. Please allow Bombora 40 days to process your request. You can also email firstname.lastname@example.org with any questions or queries you have regarding your data.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer requests. The response we provide will also explain the reasons we cannot comply with a request, if applicable. Please note that because most of the information we store can only identify a particular browser or device, and cannot identify you individually. To help protect your privacy and maintain security, we take steps to verify your identify in OneTrust. Making a verifiable consumer request does not require you to create an account with us. Before granting you access to your personal information or complying with deletion, portability, or other related requests, you will need to provide us with some additional information to enable us to identify the personal information we hold about you and ensure that we accurately fulfill your request.
You have the following data protection rights:
Opting-out of the sale of personal information
In addition to the data protection rights grated in this Notice, If you are a California resident the California Consumer Privacy Act of 2018 (“CCPA”) provides California residents with the right to opt-out of the sale of their personal information, view the data Bombora may have collected over the past 12 months, and to know the following:
In accordance with the Website, these are the categories of information we may have collected on you and the purposes we may have used. The categories of personal information we may have collected about you or your use of our Website over the past twelve (12) months:
You can obtain more information on the categories of personal information in ‘what we do and collect and why’.
We obtain the categories of personal information listed above from the following categories of sources:
You can obtain more information on the sources of personal information in ‘information we collect’. These are the business or commercial purposes for which the personal information was collected
You can obtain more information on the Business or Commercial purposes for which the personal information was collected in the sections, ‘what we do and collect and why’ and ‘how we use the information we collect’.
The categories of third parties with whom we have shared your personal information;
You can obtain more information on the third parties with whom we have shared your data with in ‘how do we share your information’. In the previous (12) months, Bombora may have sold the following categories of personal information:
You have the right to request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the preceding calendar year. This request is free. You also have the right not to be discriminated against for exercising any of the rights listed.
CA residents may also designate an agent to make requests to exercise your rights under CCPA. As noted above Bombora will take steps both to verify the identity of the person seeking to exercise their rights, and to verify that your agent has been authorized to make a request on your behalf through providing us with a signed Power of Attorney You may only make a verifiable consumer request for access or data portability twice within a calendar year.
California residents may exercise your rights described in this section by visiting a privacy request form to exercise and the right to know (the data we may have on you) and the request to delete (the data we may have on you) . Click here to opt-out of the sale of your personal information. You can also exercise these rights by emailing email@example.com with the subject “CA Privacy Rights”.
Opting-out of Bombora cookies
If you wish to opt-out of being tracked by us using cookies (including to opt-out of receiving interest-based advertising from us), please go to our opt-out page.
Opting-out of interest-based advertising from cookies
You may opt-out of interest-based advertising from numerous companies that enable such advertising on those associations’ websites. Please access the DAA’s opt-out portal to do this. You may also opt-out of some of the interest-based advertising Partners that we work with by going to the Network Advertising Initiative (NAI) consumer choice page.
You may opt-out of ad targeting that is based on your activities across mobile applications and over time, through your device ‘settings’.
Opting-out of interest-based advertising in mobile applications
Our Clients and Partners may display interest-based advertising to you in mobile applications based on your use of these over time and across non-affiliated apps. To learn more about these practices and how to opt out, please visit http://www.aboutads.info/appchoices, download the DAA’s AppChoices mobile app and follow the instructions provided in the AppChoices mobile app.
Back to top
Bombora takes precautions to protect data and information under its control from misuse, loss or alteration. Bombora has put in place appropriate technical and organizational measures to protect the information it collects through its Services and Websites. Bombora’s security measures include technology and equipment to help protect our information, and Bombora maintains security measures regarding who may and may not access our information. Of course, no system or network can ensure or guarantee complete security, and Bombora disclaims any liability resulting from use of the Service or from third party hacking events or intrusions.
Our Websites and Services are not intended for children under 18 years old. If you are aware of personal information we have collected from a child under 18, we ask that you ‘contact us’ located in the below section. If you are 16 years of age or older and a California Resident, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”). We do not sell the personal information of consumers we actually know are less than 16 years of age.
The Services or Websites may contain links to or integrations with other sites that Bombora does not own or operate. This includes links from Clients and Partners that may use the Bombora logo in a co-branding agreement, or websites and web services that we work with in order to provide the Services. For example, we might sponsor an event, or provide services in conjunction with other businesses. Bombora does not control, is not responsible for these parties’ sites, services, content, products, services, privacy policies or practices.
Likewise, if you permit Service Information to be collected and used through a website using the Services, you are choosing to disclose information to both Bombora and the third party with whose brand the website is associated. This Privacy Notice only governs Bombora’s use of your Service Information not the use of any information by any other party.
Our servers and facilities that maintain our Websites, Services and the information we collect are operated in the United States. With that said, we are an international business, and our use of your information necessarily involves the transmission of data on an international basis. If you are located in the European Union, Canada or elsewhere outside of the United States, please be aware that information we collect may be transferred to and processed in the United States and other applicable territories in which the privacy laws may not be as comprehensive as or equivalent to those in the country where you reside and/or are a citizen.
However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Notice. This includes implementing the European Commission’s Standard Contractual Clauses for transfers of personal information between our group companies, which require all group companies to protect personal information they process from the EEA in accordance with European Union data protection law. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards with our third party service providers and partners and further details can be provided upon request.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (e.g. to comply with applicable legal, tax or accounting requirements, to enforce our agreements or comply with our legal obligations).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it. If this is not possible (e.g. because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
California “Do Not Track”
California law requires that operators of websites and online services disclose how they respond to a Do Not Track signal. Because there is not yet a common understanding of how to interpret Do Not Track signals, we do not currently respond to Do Not Track signals. However, we provide you with the ability to opt-out of the use of tracking technologies used to send you interest-based advertising as described above.
We may revise this Privacy Notice from time to time to reflect changes in our practices or in the applicable law. When such changes are material in nature we will notify you either by prominently posting a notice of such changes prior to implementing them or by directly sending you a notification. We encourage you to review this Privacy Notice periodically. We will always show the date of the latest modification date of the Privacy Notice at the top of the page so you can tell when it has last been revised.
If you have any questions about this Notice or Bombora’s privacy practices, please contact our Data Protection Office by submitting the above form, or by mail using the details provided below:
US and EEA ResidentsAttn: Havona Madama, Chief Privacy Officer
419Park Avenue South, Floor 12
New York, NY, United States 10016
If you are resident in the EEA, your data controller is Bombora, Inc.
Bombora participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. Bombora’s identification number within the framework is 163.
Last Updated: October 9, 2018
Thanks for using Signal HQ. Our goal is to empower individuals and organizations to use data to understand and intelligently connect with their current and future customers. As such, we take very seriously the respect and protection of your privacy and security. We are committed to following and continuously evolving best practices to support this principle.
Like many websites, we gather information about how visitors use our Site. In general, you can visit many of our web pages without telling us who you are or revealing any personal information about yourself. We may track your visit for trends and statistics, but you will remain anonymous unless you tell us who you are. Once you choose to give us your personal information, you are not anonymous to us.
The following are the types of information we collect:
Information you give us: We receive the information you provide to us when you register for, or otherwise use, the Site such as your name, email address, phone number, address, and any feedback, questions, or recommendations you provide. In some cases, the Service allows you to submit questions and comment sin public areas of the Site, and such information may read, collected, and used by us and other users of the Site. If you provide information directly to us in other ways, such as by sending us an email, we may retain that information and add it with the other information we have collected from you. We may also collect personal information that is necessary for our legitimate interests, which will be disclosed to you at the time of collection. Signal HQ will use this information for the purposes of which it was collected.
Information from third parties: We may receive information about you from other sources, such as our business partners or from individuals who refer you to us. We may add this information to other information we collect from you.
Automatically collected information: We may receive and store certain types of information from you each time you use the Site or Service. For example we may automatically log your browser type, language preference, the date and time of your visit to the Site, your Internet Protocol (IP) address, and the website you visited before our Site. In addition, we may receive and store information about your use of the Site and Service. The technologies we use for this automatic data collection may include:
Do Not Track: We also may use these technologies to collect information about your online activities overtime and across third-party websites or other online services (behavioral tracking). We do not respond to browser-based “do not track” signals. Some third party sites who push content to our Site may keep track of your browsing activities over time and across different websites when they serve you content, which enables them to tailor what they present to you.
We may create non-personally identifying anonymous or aggregate data from the information we collect. We may use that anonymous or aggregate data for our own purposes or disclose it to third parties in our own discretion.
We take reasonable steps to help protect your personal information in an effort to prevent loss, misuse, unauthorized access, disclosure, alteration and destruction. We follow reasonable standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage is 100% secure and we do not guarantee its absolute security. Please contact us if you have any questions about security of our Site.
We want to communicate with you only if you want to hear from us. If you prefer not to receive information from us or would like to update or change your personal information or preferences, follow the instructions below to review, modify or delete your personal information.
If you request your registration information be deleted or if you unsubscribe from communications, we may need to retain certain information for record keeping purposes, as required under applicable legal obligations, or to complete any transactions that you began prior to requesting such change or access When updating or deleting your personal information, we may ask you to verify your identity before we can act on your request. Any access request will be subject to the relevant fee, if any, to meet our costs in providing you with details of the information we hold about you. We will comply with your request as soon as reasonably practicable and in accordance with applicable laws.
Signal HQ retains your personal information:
We welcome your questions, comments, and concerns about privacy. Please contact us by email at: firstname.lastname@example.org.
If you have a data privacy complaint, please contact us by email at: email@example.com. We are committed to working with you to obtain a fair resolution of any privacy concern.
If Signal HQ needs, or is required, to contact you concerning any event that involves information about you, we may do so by email, telephone, or mail.
Residents of the State of California may request a list of all third parties to which Signal HQ has disclosed certain information collected in connection with this Site and Service during the preceding yearfor the third parties’ direct marketing purposes. If you are a California resident and want such a list, please contact us at firstname.lastname@example.org. For all requests, you must put the statement “Your California Privacy Rights” in the body of your request and include the name of this Site, as well as your name, street address, city, state, and zip code.Please note that we will not accept requests via the telephone, mail, or by facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.