Effective Date: 2, 6, 2020.
- Introduction and Overview.
If you are a Nevada or California resident or data subject in Europe, please see the “Additional Disclosures for Nevada Residents,” “Additional Disclosures for California Residents” and “Additional Disclosures for People in Europe” sections. If you have any questions or wish to exercise your rights and choices, please contact us as set out in the “Contact Us” section.
- Information Collection.
- Information You Provide.
We collect information about you when you use the Service or interact with us offline, including information you provide when you register an account, update your profile, access our content, make a purchase, or contact us. The following are the categories of information we collect and have collected in the last 12 months:
- Contact Data, including your first and last name, email address, postal address, and phone number.
- Profile Data, including your interests, inferences, preferences and favorites.
- Content, including content within any messages you send to us (such as feedback and questions to customer support).
- Billing Data, including your payment instrument number and billing address to process your payments.
You may choose to voluntarily provide other information to us that we do not request, and, in such instances, you are solely responsible for such information.
- Information Collected Automatically.
In addition, we automatically collect information when you use the Service. The categories of information we automatically collect and have collected in the last 12 months includes:
- Service Use Data, including data about features you use, pages you visit, emails and advertisements you view, products and services you view and purchase, the time of day you browse, and your referring and exiting pages.
- Device Data, including data about the type of device or browser you use, your device’s operating software, your internet service provider, and your device’s regional and language settings.
- Location Data, including imprecise location data (such as data that indicates a city or postal code level).
We use various tracking technologies to automatically collect information when you use the Service, including the following:
- Log Files, which are files that record events that occur in connection with your use of the Service.
- Cookies, which are small data files stored on your device that act as a unique tag to identify your browser. We use session cookies to make it easier for you to navigate our website and expire when you close your browser.
- Website heat maps, which is code embedded in a website that sends user movement data to a server in aggregated form. Website heat maps include scroll maps, click maps, and move maps. We use website heat maps to help us determine the most popular and unpopular areas of our website and to help us better understand how users interact with our website.
For further information on how we use tracking technologies for analytics and advertising, and your rights and choices regarding them, see the “Analytics and Advertising” and “Your Rights and Choices” sections below.
- Information on Behalf of Our Customers.
For further information on your rights and choices regarding Customer Data, see the “Your Rights and Choices” section below.
- Information from Other Sources.
We also collect information from other sources. The categories of sources we collect and have collected information from in the last 12 months include:
- Consumer or users of the Service.
- Data brokers or resellers from which we purchase data to supplement the data we collect.
- Social networks when you engage with our content, reference our Service, or grant us permission to access information from the social networks.
- Partners that offer co-branded services, sell or distribute our products, or engage in joint marketing activities.
- Publicly-available sources, including data in the public domain.
- Use of Information.
- Operate and manage our Service, including our “Contact Us” feature on the Service.
- Perform services requested by you, such as respond to your comments, questions, and requests, and provide customer service.
- Sending you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages.
- Preventing and addressing fraud, breach of policies or terms, and threats or harm.
- Monitoring and analysing trends, usage, and activities.
- Conducting research, including focus groups and surveys.
- Improving the Service or other Next Millennium websites, marketing efforts, products and services.
- Developing and sending you direct marketing, including advertisements and communications about our and other entities’ products, offers, promotions, rewards, events, and services.
- Fulfilling any other business or commercial purposes at your direction or with your notice and/or consent.
Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we use information about you, please see the “Your Rights and Choices” section below.
- Sharing of Information.
- Service Providers. We share information with entities that process information on our behalf for our business purposes. Service providers assist us with services such as payment processing, data analytics, marketing and advertising, website hosting, and technical support. We may permit them to use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law.
- Vendors and Other Parties. We share information with vendors for business and commercial purposes, including analytics and advertising technology companies. Vendors may act as our service providers, or in certain contexts, independently decide how to process your information. For more information on advertising and analytics, see the “Analytics and Advertising” section below.
- Affiliates. We share information with our related entities for business purposes such as customer support, marketing, and technical operations. We also may share information with affiliates for commercial purposes.
- Customers. We share information with our customers in connection with us processing information on their behalf. For example, we share information with our customers in order to facilitate orders, respond to questions and comments, comply with requests, market and advertise, and otherwise comply with applicable law.
- Partners. We share information with our partners in connection with offering co-branded services, selling or distributing our products, or engaging in joint marketing activities.
- Merger or Acquisition. We share information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.
- Security and Compelled Disclosure. We share information to comply with the law or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also share information to protect the rights, property, life, health, security and safety of us, the Service or anyone else.
- Facilitating Requests. We share information at your request or direction, such as when you choose to share information with a social network about your activities on the Service.
- Consent. We share information with notice to you and your consent.
Notwithstanding the above, we may share information that does not identify you (including information that has been aggregated or de-identified) except as prohibited by applicable law. For information on your rights and choices regarding how we share information about you, please see the “Your Rights and Choices” section below.
- Social Media and Technology Integrations.
We offer parts of our Service through websites, platforms, and services operated or controlled by separate entities. In addition, we integrate technologies operated or controlled by separate entities into parts of our Service. Some examples include:
- Links. Our Service includes links that hyperlink to websites, platforms, and other services not operated or controlled by us.
- Liking, Sharing, and Logging-In. We may embed a pixel or SDK on our Service that allows you to “like” or “share” content on, or log-in to your account through social media. If you choose to engage with such integration, we may receive information from the social network that you have authorized to share with us. Please note that the social network may independently collect information about you through the integration.
- Analytics and Advertising.
We use analytics services, such as Hotjar, to help us understand how users access and use the Service. In addition, we work with agencies, advertisers, ad networks, and other technology services to place ads about our products and services on other websites and services. For example, we may place ads through Google and Facebook that you may view on their platforms as well as on other websites and services.
As part of this process, we may incorporate tracking technologies into our ads displayed on other websites and services. Some of these tracking technologies may track your activities across time and services for purposes of associating the different devices you use, and delivering relevant ads and/or other content to you (“Interest-based Advertising”).
For further information on the types of tracking technologies we use on the Service and your rights and choices regarding analytics and Interest-based Advertising please see the “Information Collected Automatically” and “Your Rights and Choices” sections.
- Your Rights and Choices.
- Tracking Technology Choices.
- Cookies and Pixels. Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.
- Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to “Do Not Track” signals. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.
Please be aware that if you disable or remove tracking technologies some parts of the Service may not function correctly.
- Analytics and Interest-Based Advertising.
Google provides tools to allow you to opt out of the use of certain information collected by by Google Analytics for Display Advertising or the Google Display Network at https://www.google.com/settings/ads/onweb/.
The companies we work with to provide you with targeted ads are required by us to give you the choice to opt out of receiving targeted ads. Most of these companies are participants of the Digital Advertising Alliance (“DAA”) and/or the Network Advertising Initiative (“NAI”). To learn more about the targeted ads provided by these companies, and how to opt out of receiving certain targeted ads from them, please visit: (i) for website targeted ads from DAA participants, https://www.aboutads.info/choices; (ii) for app targeted ads from DAA participants, https://www.aboutads.info/appchoices; and (iii) for targeted ads from NAI participants, https://www.networkadvertising.org/choices/. Opting out only means that the selected participants should no longer deliver certain targeted ads to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., in connection with the participants’ other customers or from other technology services).
Please note that if you opt out using any of these methods, the opt out will only apply to the specific browser or device from which you opt out. We are not responsible for the effectiveness of, or compliance with, any opt out options or programs, or the accuracy of any other entities’ statements regarding their opt out options or programs.
- E-mails. You can opt-out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link, or emailing us at the email address set out in the “Contact Us” section below with the word UNSUBSCRIBE in the subject field of the email. Please note that you cannot opt-out of non-promotional emails, such as those about your account, transactions, servicing, or Next Millennium’s ongoing business relations.
Please note that your opt out is limited to the email address used and will not affect subsequent subscriptions.
The Service is intended for a general audience, and is not directed at children under (13) years of age.
We do not knowingly gather personal information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) in a manner not permitted by COPPA. If you are a parent or guardian and you believe we have collected information from your child in a manner not permitted by law, contact us at [email protected]. We will remove the data to the extent required by applicable laws.
We do not knowingly “sell,” as that term is defined under the CCPA, the personal information of minors under 16 years old who are California residents.
If you are a California resident under 18 years old and registered to use the Service, you can ask us to remove any content or information you have posted on the Service. To make a request, email us at the email address set out in “Contact Us” section with “California Under 18 Content Removal Request” in the subject line, and tell us what you want removed. We will make reasonable good faith efforts to remove the post from prospective public view, although we cannot ensure the complete or comprehensive removal of the content and may retain the content as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
- Data Security.
We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you.
- International Transfer.
- Contact Us.
One World Trade Center, Suite 8506
New York, NY 10007
- Additional Disclosures for Nevada Residents.
Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us as at [email protected].
- Additional Disclosures for California Residents.
These additional disclosures for California residents apply only to individuals who reside in California. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete and opt out, and requires businesses collecting or disclosing personal information to provide notices and means to exercise rights.
- Notice of Collection.
In the past 12 months, we have collected the following categories of personal information listed in the CCPA:
- Identifiers, including name, email address, phone number, and account name.
- Internet activity, including your interactions with our Service.
- Inferences, including information about your interests, preferences and favorites.
- Customer records, including phone number, billing address, and payment processing information.
- Commercial or transactions information, including records of products or services purchased, obtained, or considered.
- Internet activity, including interactions with a website, email, or advertisement.
- Inferences drawn from the above information about predicated characteristics and preferences.
For more information on information we collect, including the sources we receive information from, review the Information Collection section. We collect and use these categories of personal information for the business purposes described in the Use of Information section, including to provide and manage our Services.
Next Millennium does not generally sell information as the term “sell” is traditionally understood. However, to the extent “sale” under the CCPA is interpreted to include advertising technology activities such as those disclosed in the Analytics and Advertising section as a “sale,” we will comply with applicable law as to such activity. Next Millennium discloses the following categories of personal information for commercial purposes: identifiers, demographic information, commercial information, internet activity, geolocation data and inferences. We use and partner with different types of entities to assist with our daily operations and manage our Service. Please review the Sharing of Information section for more detail about the parties we have shared information with.
Our Service is intended to provide information to our employees and business clients. You understand and agree that information collected about you is solely within the context of (i) your role as an employee, owner, director, officer, or contractor or (ii) Next Millennium conducting due diligence regarding, or providing or receiving a product or service to or from your employer.
If you are a California resident and we as a service provider have processed personal information about you on behalf of our clients and you wish to exercise your CCPA rights, please inquire with our client directly. If you wish to make your request directly to us, please provide the name of our client on whose behalf we processed your personal information. We will refer your request to that client, and will support them to the extent required by California privacy law in responding to your request.
- Right to Opt-Out.
To the extent Next Millennium sells your personal information as the term “sell” is defined under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information by us to third parties at any time. You may submit a request to opt-out by clicking Do Not Sell My Personal Information .You may also submit a request to opt-out by calling our toll-free number at 212-727-0006, or emailing us at [email protected].
We participate in the IAB CCPA Compliance Framework for Publishers & Technology Companies (“IAB Framework”) in both our capacity as a publisher (limited to our own website(s)) and, more often, as a downstream technology company. This means that where you exercise your right to opt-out of the sale of your personal information by clicking the “Do Not Sell My Personal Information” link above or the “Do Not Sell My Personal Information” link of a Publisher’s property, to the extent we or the Publishers with whom we work sell your personal information in order to deliver ads tailored to your interests, we will (i) when acting as a Publisher, notify downstream participants of the IAB Framework that receive personal information about you to only use your personal information for those specific and limited purposes that are permitted under the CCPA; and (ii) when acting with respect to a Publisher’s website, and to the extent required by applicable law, only use your personal information as a limited service provider, as that term is defined in the IAB Framework, for those specific and limited purposes that are permitted under the CCPA.
Please note that the IAB Framework opt out will only apply to the specific browser or device from which you opt out. In addition, exercising your right to opt out of the sale of your personal information does not mean that you will stop seeing ads from us, or even that you will stop seeing interest-based ads. To learn more about interest-based advertising across sites and additional opt-out choices, please see the Analytics and Advertising and Your Rights and Choices sections. Where you submit a Do Not Sell request but do not opt-out of interest-based ads more generally, you may still receive tailored advertising based on information sold by other companies, or sold before you made a do not sell request. Although we will take steps to send the DNS signal to participants in the IAB Framework, we are not responsible for other participants’ compliance with the IAB Framework or the accuracy of their statements regarding their opt out options or programs.
- Authorized Agent.
You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.
- Right to Non-Discrimination.
You have the right not to receive discriminatory treatment by us for the exercise of any your rights.
- Shine the Light.
Customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please write us at the email or postal address set out in “Contact Us” above and specify that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.
- Additional Disclosures for Data Subjects in Europe.
Data protection laws in Europe distinguish between organizations that process personal data for their own purposes (known as “controllers”) and organizations that process personal data on behalf of other organizations (known as “processors”).
- Lawful Basis for Processing.
Data protection laws in Europe require a “lawful basis” for processing personal data. Our lawful bases include where: (a) you have given consent to the processing for one or more specific purposes, either to us or to our service providers, partners, or customers; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests.
- Your Data Subject Rights.
If you are a data subject in Europe, you have the right to access, rectify, or erase any personal data we have collected about you. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.
You may exercise your rights by submitting a written request to us at the address set out in the “Contact Us” section above. We will respond to your request within 30 days. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
Please note that we retain information as necessary to fulfil the purposes for which it was collected, and may continue to retain and use information even after a data subject request for purposes of our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.
If your personal data has been processed by us on behalf of a customer and you wish to exercise any rights you have with such personal data, please inquire with our customer directly. If you wish to make your request directly to us, please provide the name of our customer on whose behalf we processed your personal data. We will refer your request to that customer, and will support them to the extent required by applicable law in responding to your request.
If you have a complaint about our use of your personal data or response to your requests regarding your personal data, you may submit a complaint to the data protection regulator in your jurisdiction. We would, however, appreciate the opportunity to address your concerns before you approach a data protection regulator, and would welcome you directing an inquiry first to us.