The Pangle End User Data Privacy Policy applies to personal data that we process through Pangle (as defined below), where you interact with Pangle through mobile applications and/or websites that have integrated with Pangle s advertising platform either directly or via an advertising exchange, each a “Partner”. The Pangle End User Data Privacy Policy will apply to the processing of your personal data in your capacity as an end user.
Last updated: 8 March 2023
I. Who we are and who this applies to
I.1 We are Bytedance Pte. Ltd., a company incorporated in Singapore whose registered office is at 1 Raffles Quay, #26-10 ,Singapore 048583 (" we", "our" or " us"). This Pangle End User Data Privacy Policy ("Privacy Policy") explains who we are, how we collect, process, store, use, transfer, share, and disclose ("process") personal data about you, and how you can exercise your data privacy rights.
I.2 It is the Partner’s responsibility to inform you of Pangle’s use of your data (i.e. by directing you to this policy) and to acquire all consent necessary for Pangle’s use of your data. We will process your personal data on the basis that your personal data is required for us to provide our services to the Partner under the relevant contract between us and the Partner.
I.3 If you have any questions or concerns about our processing of your personal data, please contact us using the contact details provided at the bottom of this Privacy Policy.
II. What is Pangle?
II.1 Pangle is a mobile advertising platform, including support systems and services operated by Bytedance and accessible via www.pangleglobal.com ("Pangle"). Pangle enables advertisers to serve advertisements on third party mobile applications and/or websites owned or operated by a Partner or to which a Partner has the right to serve advertising (each a“Partner Site”). We do this by processing certain information collected from those Partner Sites, as described in this Privacy Policy.
III. What personal data we process
III.1 The types of personal data that we process depend on the circumstances of collection and on the nature of the services requested or transaction undertaken for our Partners.
III.2 When you interact with a Partner Site, we process certain information about you and your device. This information may be collected automatically from your device using our software code (referred to as a "software development kit", or "SDK"), or shared with us by other advertising exchanges (e.g. Google DoubleClick). We also use cookies (text files inserted in your browser when you visit our partners or customers' mobile applications and websites) and other tracking technologies available on your device.
III.3 The information that we process about you may include some or all of the following categories:
a. Information obtained automatically from your device
i. Identifiers: We may process device-specific identifiers such as your IP address, mobile advertising identifier (such as the "Google Advertising ID" on Android phones or the "ID for Advertisers" on iOS devices), or a Pangle-specific identifier which our SDK has assigned to your device. A mobile advertising identifier is an identifier that is provided by your device operating system and allows companies, like Pangle, to recognize your device across apps for advertising purposes. In addition to the mobile advertising identifier, and other similar technologies, Pangle may also obtain your device's model, operating system (e.g. iOS or Android), your device's language settings, general geographic region, time zone, network type (such as 5G or WiFi), your ROM version, screen resolution (to know which ads which will appear best on your device), mobile country code and mobile network code, and the time your device was last updated and started.
ii. Geolocation data: We may infer your approximate geo-location from your device s IP address. We may also process your precise latitude and longitude using your phone s GPS data, where we have your consent or are otherwise permitted to do so in accordance with applicable data protection laws.
iii. Internet activity: We may process information about your app and website usage, including the name and version of the app or website that has integrated Pangle. We may also process information about your interactions with any advertisements we deliver (e.g. information about the advertisements served, viewed, or clicked on, such as the type of ad, where and when the ad was served, whether you clicked on it, and whether you visited the advertiser s website or downloaded the advertiser s app, as well as any preferences you may have expressed in respect of that advertisement).
b. Information obtained from other sources
i. From time to time, we may receive information about you from other sources. For example, we may receive information about you from third parties, such as advertising exchanges that share data with us for the purposes of serving advertising, if third parties are legally permitted to disclose this information to us.
ii. The information we receive from these sources may include identifiers (such as your IP address or mobile advertising identifier), information about your Internet activity (such as information about your interaction with third party websites, applications and advertisements) and inferences relating to your preferences and characteristics (e.g. your approximate age and gender).
IV.How we use personal data
IV.1 We use personal data to serve you with personalised advertisements and understand the audiences who see the advertisements we serve. Specifically, we process personal data for the following purposes:
a. To serve you advertisements: To enable third party advertisers to bid on and fill advertising space on Partner Apps with their advertising. We use your mobile advertising identifier, together with the other device identifiers described above, to serve you with personalised advertising and for related purposes such as frequency capping (limiting the number of times you see the same ad), attribution (making sure we get paid by advertisers for the advertisements we deliver), and fraud detection (detecting malicious software, or "bots", that generate false interactions with advertisements to drive fraudulent advertising revenues). We also use your device data to ensure we display advertisements that display properly on your device.
b. To personalise the advertisements we show you: To infer your interests from the types of apps you use and the adverts you interact with, as well as to infer certain demographic information about you (such as your age and gender) so we can show you advertisements that are more relevant to you;
c. To serve you advertisements on the basis of your location: To serve you advertisements that are relevant for your region and displayed in the relevant local language, as well as to better understand the audiences who see our advertisements, based on your current or prior location, including through location-based targeting segments created by us or by our third party advertisers.
d. For auditing and reporting: To verify accurate delivery of, and count the number of end users who see and interact with, advertisements we serve on behalf of our advertisers and what ad campaigns led to further consumer activity (such as a purchase, app install or visit) (sometimes called "attribution"). We use this information to report to our advertisers about the advertisements users have seen and interacted with, so that we and our publishers are paid appropriately for the advertisements we display.
e. To provide campaign analytics to advertisers: To provide advertisers information about how well their campaigns perform, whether relative to their prior campaigns, or bench-marked against third party campaigns or other data.
f. For cross-device targeting: To "link" or "resolve" the same user across their various devices (such as across mobile devices, browsers and tablets). For instance, we (or a third party partner we work with) may help an advertiser "find" a consumer they have engaged with previously on a mobile device when that consumer is browsing on their tablet, in order to target ads to the user across those devices.
g. To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for such activities: For example, to identify invalid clicks (or advertising queries) and protect us and our advertisers from fraudulent behaviour.
h. To verify or maintain the quality of Pangle and improve, upgrade or enhance Pangle: For example, (i) for audit, research, and analysis of the information in order to maintain, improve, upgrade or enhance our advertising services, and to ensure that our technologies function properly; and (ii) other internal operations, such as debugging, support, and security.
i. For compliance with legal obligations: To comply with legal obligations that apply to us, for example to respond to law enforcement requests.
j. For archiving purposes in the public interest, scientific or historical research purposes.
k. For any other purpose to which you consent: To use your personal data for any other purpose to which you have provided consent.
IV.2 In general, we will process personal data only for the purposes described in this Privacy Policy or for purposes that are explained to you at the time your personal data is collected. However, we may also use your personal data for other purposes that are not incompatible with the purposes we have disclosed to you if and where this is permitted by applicable data protection laws.
V. Who we share your personal data with
V.1 We may share your personal data for the purposes described above in this Privacy Policy with the following categories of recipients:
a Our advertising partners and platforms: We may share personal data with our advertising partners (such as DSPs) and partner platforms (such as TikTok for Business) in connection with their bidding on the ad opportunity and optimizing their ad bidding systems and ad biddingÅ strategies, so as to target and display advertisements on Publisher Partner Apps on behalf of advertisers.
b. Our advertisers: We also share limited personal data in aggregated form with our advertising partners, through reports about the kinds of people seeing their advertisements and how their advertisements are performing (for example, that an ad was seen by 100 men between the ages of 25 and 34 who live in Singapore and like football). Aggregated data cannot by itself can be used to contact you or identify your name. We also report to our advertising partners which Pangle advertisements resulted in you making a purchase or taking an action with an advertiser.
c. Partners: We share aggregated data with Partners through reports about the types of advertisements served to their apps, in order that they can measure the effectiveness and value of our services. As these reports are aggregated they do not reveal any information that directly identifies you.
d. Our affiliates, corporate group and third party service providers: We share personal data with our affiliates and other companies, including other Bytedance entities, who help us operate our business, perform functions on our behalf or provide services to us, including data processing services to us (for example, to support, provide functionality on, or help to enhance the accuracy, safety and security of our services, or to provide analytics or attribution services to us, as well as service providers who provide technical, customer, hosting, data hygiene and enhancement or operational support), as well as other professional advisors. We may also share personal data with members of our corporate group to improve their ads systems and processes, to help them deliver more relevant ads to you and to reach you on non-Bytedance properties.
e. Our analytics and attribution partners: We share personal data with our analytics and attribution partners who help us monitor the success of our advertising campaigns (such as how many end users saw and clicked on an advertisement) and provide reporting to our advertisers.
f. Any competent law enforcement body, regulatory, government agency, court or other third party: We may share personal data with these parties where we believe disclosure is necessary (i) as a matter of applicable law or regulation; (ii) to exercise, establish or defend our legal rights; (iii) to detect and protect against fraud or other security or technical vulnerabilities; (iv) to respond to an emergency; or (v) to otherwise protect your vital interests or those of any other person where permitted by applicable law.
g. Any other person: We will only share personal data with any other person with your consent to the disclosure or as otherwise permitted under applicable data protection law.
VI. How we keep your personal data secure
VI.1 We use reasonable technical and organisational measures to protect the personal data that we process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data.
VII. International data transfers
VII.1 Your personal data may be transferred to, and processed in, countries other than the country in which you are located or in which your personal data was collected. However, we will not transfer or permit any of your personal data to be transferred outside of such country unless we have taken measures necessary to ensure the transfer is in compliance with applicable laws, and in any case to a recipient that has comparable privacy protections in place.
VII.2 Specifically, our servers are located in the United States of America and Singapore, and our group companies and third party service providers and partners operate around the world. This means that we may process your personal data in any of these countries in accordance with this Privacy Policy.
VIII. Data retention
VIII.1 We retain your personal data for as long as it is necessary to provide you with services so that we can fulfil our contractual obligations and exercise our rights in relation to the information involved. Where we do not need your information in order to provide services to you, we retain it only for so long as we have a legitimate business purpose in keeping such data or as necessary to comply with the law.
VIII.2 When we have no ongoing legitimate business or legal need to process your personal data, we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives or the law requires otherwise), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
IX. Targeted ads and your right to opt-out
Our partners use the Pangle SDK for the purpose of serving targeted ads to you. To do this, Pangle receives and processes device information such as cookies, mobile advertising identifiers, IP addresses, user agent information and browsing or app data where the SDK is installed. Pangle uses this device information to identify your device and deliver relevant ads to you.
IX.1 Opt-out
You can opt out of ads that are targeted based on data Pangle previously received about you by clicking here. Pangle's ability to opt you out of targeted ads depends on our ability to recognize your device. As device and connection information can change frequently, we encourage you to revisit this page periodically to ensure your opt-outs are up to date.
IX.2 Non-targeted ads
If you opt out of targeted ads, Pangle will stop showing ads based on data it previously collected and can link to your device. However, Pangle may still show you ads based on data it receives about the context of the app or website you are visiting (e.g. sports advertisements in a sports app) or your device (ads for iPhone users or Android users).
X. Your data protection rights
X.1 Pangle supports the exercise of your data protection rights which may be available in your country in accordance with applicable data protection laws. Specifically:
a. You can request to access, correct, update or delete your personal data by contacting us using the contact details provided under the "How to contact us" section below, and we will fulfil your request if these rights are available under applicable data protection laws in your country.
b. You can opt out of targeted advertising by following the instructions described above under the "Your right to control personalised advertisements" section above.
X.2 We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We do not discriminate against any individual based on the exercise of their data protection rights. However, we may request for you to further provide us with your personal information for the purposes of verifying your identity.
XI. Children
XI.1 Where applicable laws prohibit us from processing personal data about children who are under specified age thresholds or require us to obtain parental consent before we may process personal data about such children, then we will not knowingly process personal data about children unless we are in compliance with those laws.
XI.2 If you believe we may be processing personal data relating to children contrary to applicable law, please contact us using the contact details provided under the "How to contact us" section below and we will investigate and, where necessary, take appropriate steps to cease any such processing and delete any such personal data.
XII. Updates to this Privacy Policy
XII.1 This Privacy Policy is effective as of the date set out at the top of this Privacy Policy.
XII.2 We may update this Privacy Policy from time to time, including in response to changing legal, technical or business developments, in accordance with applicable law.
XII.3 You can see when this Privacy Policy was last updated by checking the "last updated" date displayed at the top of this Privacy Policy.
XIII. How to contact us
XIII.1 If you have any questions or concerns about our use of your personal data, please contact us using the details below.
- For individuals located in the European Economic Area, United Kingdom or Switzerland: europe_privacy@pangleglobal.com
- For individuals located in any other part of the world: privacy@pangleglobal.com.
- For individuals located in the Americas: americas_privacy@pangleglobal.com
XIV. Language
XIV.1 This Privacy Policy is made in English and translations into other languages may be provided. In the event of any conflict between the English version and any translations, the English version will prevail to the extent permitted by the prevailing laws.
Jurisdiction-specific terms
For individuals located in Israel:
The following paragraph shall be added to the end of section III. What personal data we process:
III.4 You are under no legal obligation to provide us any personal data.
The following paragraph shall be added to the end of section VII. International Data Transfers:
VII.3 You hereby consent to the transfer of your personal data as set out in this Section VII.
The following paragraph shall be added to the end of section X. Your data protection rights:
X.3 You have the right to appeal the refusal of Pangle to comply with your request to exercise your rights in a court of competent jurisdiction.
For individuals located in Brazil
If you are using the Platform in Brazil, the following additional terms apply. If any conflict arises between the main Privacy Policy and the additional terms, the following terms shall prevail:
The following paragraph shall replace section I, 1.2. of this Privacy Policy:
I.2 It is the Partner’s responsibility to inform you of Pangle’s use of your data (i.e. by directing you to this policy) and to acquire all necessary authorizations for Pangle’s use of your data. We will process your personal data on the basis that your personal data is required for us to provide our services to the Partner under the relevant contract between us and the Partner.
The following paragraph shall replace section III.3, a, ii. of this Privacy Policy:
ii. Geolocation data: We may infer your approximate geo-location from your device s IP address. We may also process your precise latitude and longitude using your phone s GPS data, where we have proper authorization or are otherwise permitted to do so in accordance with applicable data protection laws.
The following paragraph shall replace section IV, k. of this Privacy Policy:
k. For any other purpose in compliance with the applicable data protection law: To use your personal data for any other purpose in compliance with the applicable data protection law.
The following paragraph shall replace section V, g. of this Privacy Policy:
g. Any other person: We will only share personal data with any other person in compliance with the applicable data protection law.
The following paragraph shall replace section X. of this Privacy Policy:
Exercise of data protection rights. Brazilian law provides certain rights to individuals with regard to their personal data. Thus, we seek to ensure transparency and access controls in order to allow users to benefit from the mentioned rights.
We will respond and/or fulfill your requests for the exercise of your rights below, according to the applicable law and when applicable, to the Brazilian General Data Protection Law - LGPD:
I. confirmation of whether your data are being processed;
II. access to your data;
III. correction of incomplete, inaccurate or outdated data;
IV. anonymization, blocking or erasure of data;
V. portability of personal data to a third party;
VI. object to the processing of personal data. Please note that you can opt out of targeted advertising by following the instructions described above under the "Your right to control personalised advertisements" section above;
VII. information of public and private entities with which we shared data;
VIII. information about the possibility to refuse providing personal data and the respective consequences, when applicable;
IX. withdrawal of your consent.
Verifying your identity: For your safety and to allow us to make sure that we do not disclose any of your personal data to unauthorized third parties, in order to verify your identity and guarantee the adequate exercise of your rights, we may request specific information and/or documents from you before we can properly respond to a request received concerning your data. All data and documents received from you in the process of responding to your requests will be used for the strict purposes of analyzing your request, authenticating your identity, and finally responding to your request.
Limitations to your rights: In certain situations, we may have legitimate reasons not to comply with some of your requests. For instance, we may choose not to disclose certain information to you when a disclosure could adversely impact our business whenever there is a risk of violation to our trade secrets or intellectual property rights. In addition, we may refrain from complying with a request for erasure when the maintenance of your data is required for complying with legal or regulatory obligations or when such maintenance is required to protect our rights and interests in case a dispute arises. Whenever this is the case and we are unable to comply with a request you make, we will let you know the reasons why we cannot fulfill your request.
DPO: If you wish to reach the Pangle’s Data Protection Officer, contact us at: dpobrasil@pangleglobal.com
Access Logs. We keep your application access logs, under confidentiality, in a controlled and safe environment, for, at least, 6 (six) months, in order to comply with legal obligations.
The following paragraph shall be added to section XI. of this Privacy Policy:
Parental and Guardian Consent. If required by Brazilian data protection laws, (i) if you are over the age of 16 but under the age of 18, you can only use and register for an account with the assistance of your parent or legal guardian and you declare and represent that you had such assistance to use the Services and to agree to the Policy; (ii) if you are over the age of 13 but under the age of 16, you can only use and register for an account with the representation of your parent or legal guardian, and you must obtain the consent from your parent or legal guardian to the use of the Services and acceptance of this Privacy Policy; and (iii) if you are under the age of 13 you are not allowed to have an account.
For individuals located in the European Economic Area, United Kingdom or Switzerland:
The following paragraph shall replace section X. of this Privacy Policy:
Your data protection rights
X.1 Pangle supports the exercise of your data protection rights which may be available in your country in accordance with applicable data protection laws. Specifically:
a. Opt-out of targeted advertising: You can opt out of targeted advertising by following the instructions described above under the "Your right to control personalised advertisements" section above.
b. Access Your Data: You can ask us, free of charge, to confirm we process your personal data and for a copy of your personal data.
c. Delete Your Data: You can ask us to delete all or some of your personal data.
d. Change or Correct Data: You can ask us to change or fix your data.
e. Portability: You can ask for a copy of personal data you provided in a machine-readable for
f. Object or Restrict Use of Data and Withdraw Consent: You can ask us to stop using some or all of your data, e.g. if we have no legal right to keep using it. You can ask us to stop processing your personal data for direct marketing purposes; withdraw your consent or ask us to stop making any automatic individual decisions, including profiling. If you object to such processing, we ask you to share the reason for your objection in order for us to examine the processing of your personal data and to balance our legitimate interest in processing and your objection to this processing.
g. Complain: The right to lodge complaints before the competent data protection regulator.
X.2 For further information, contact us using the contact details provided under the "How to contact us" section below. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. If you do not provide your personal data, we will not be able to provide some or all of our services to you. If you have made a specific request to us, and do not provide personal data that we can use to identify you (such as a device identifier) we will be unable to fulfil your request. The following paragraph shall be added as section XIV of this Privacy Policy:
XIV. Legal basis
XIV.1 In the European Economic Area and the United Kingdom we must have a legal basis to process your personal data. For users located in these regions, we will only serve targeted adverts to you with your consent. The legal basis for other processing of your personal data will depend on the personal data concerned and the specific context in which we process it. If we process your personal data in our legitimate interests, such as for security and product improvement purposes, this interest will normally be to provide an effective, secure and dynamic platform.
XIV.2 In some cases, we process your data to comply with our legal obligations, with your consent or where it is in the vital interests of you or another person.
XIV.3 If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided under the “How to contact us” heading below.