Skyhook Privacy Shield Notice

Effective Date: 02/01/2021

Introduction

Skyhook Holding, Inc. (f/k/a TruePosition, Inc.) and its subsidiary Skyhook Wireless, Inc. (collectively, "Skyhook”, “we”, “our" or "us") respect your privacy.  Although its legal status is not clear at this point, Skyhook has certified compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  Skyhook has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

This Privacy Shield Notice ("Notice") describes our standards and procedures for handling Personal Information transferred from the European Economic Area ("EEA") and Switzerland to the U.S. in accordance with Skyhook’s obligations under the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.  

For the purpose of this Notice, "Personal Information" means any data relating to an identified or identifiable individual, including, for example, name, address, telephone number and e-mail address, and "processing" means any operation performed on Personal Information, such as, for example, collection, use, management, consultation or disclosure. This Notice supplements the Skyhook Privacy Policy. Unless specifically defined in this Notice, the terms in this Notice have the same meaning as in our Privacy Policy. In case of conflict between this Notice and the Principles, the Principles will govern.

How We May Obtain Personal Information

We may obtain and process Personal Information from the EEA and Switzerland in different capacities:

• In the case of businesses and individuals opening accounts with Skyhook by signing up at my.skyhookwireless.com, we collect and process EEA and Swiss Personal Information as a data controller directly from individuals.
• In the case of operating our location services, we obtain and process EEA and Swiss Personal Information on behalf of our customers, such as by receiving location signals, determining location results, or providing geofence triggers or location-related data (as described in Skyhook’s Privacy Policy).

Skyhook commits to comply with the Principles with respect to all Personal Information received from the EEA and Switzerland in reliance on the Privacy Shield.

Privacy Shield Principles

1. Skyhook’s Privacy Policy in combination with this Notice describes our privacy practices with respect to Personal Information received from the EEA and Switzerland in reliance on the Privacy Shield.
2. When providing our Location Services, Skyhook requires all clients and third parties to provide notice regarding data collection and use, and to obtain all consents or permissions required, including without limitation any data such party collects, uses, and/or discloses from its users, the provision of such data to Skyhook, and the other party’s use of such data.

Skyhook also provides users the ability to directly opt-out from Skyhook’s services as follows: 

Location Information: For users who do not want any location data to be collected, the application, device, or operating system provides controls for disabling all location services.  This choice may limit the functionality of the device or installed applications

Device ID: If you wish to opt out of the Skyhook’s use of your Device ID to assist our partners with identifying your demographic information and interest segments for purposes of providing you with targeted ads, you may opt-out by clicking here. If you choose to opt out your Device ID(s), Skyhook will delete any collected data about this Device ID from Skyhook database, and quarantine the device ID so that Skyhook does not collect any data about this Device ID in the future or return or share any information about the Device ID to API or SDK requests.  Skyhook also respects platform-level controls and restrictions, so that if you disable targeted advertising through controls offered by the application and/or through the iOS or Android “Limit Ad Tracking” or “Opt out of interest-based advertising” settings, we will abide fully by those settings. More information on how to access these settings is provided on the Skyhook opt out page, which can be accessed by clicking here. If a user chooses the “Limit Ad Tracking” or “Opt out of interest-based advertising” settings on iOS or Android, Skyhook will quarantine the device ID so that Skyhook does not collect any data about this device ID and will not return or share any information about the Device ID in response to API or SDK requests, instead returning an error code when the device ID has been opted out. Skyhook will also delete any encrypted device identified data from the opted-out user’s device.  

MAC Addresses: If you wish to opt out of Skyhook’s use of your MAC address to provide location, you may opt-out by clicking here. If you choose to opt out, Skyhook will (if applicable) delete the positioned record for that MAC address from the Skyhook database and will blacklist that MAC address so that we will not process or use that MAC address information in the future.

3. Data Integrity and Purpose Limitation.Any Personal Information we receive may be used by Skyhook for the purposes indicated in the Skyhook Privacy Policy or as otherwise notified to you. We will not process Personal Information in a way that is incompatible with these purposes unless subsequently authorized by you.
   We take reasonable steps to limit the collection and usage of Personal Information to that which is relevant for the purposes for which it was collected, and to ensure that such Personal Information is reliable, accurate, complete and current. Individuals are encouraged to keep their Personal Information with Skyhook up to date and may contact Skyhook as indicated below to request that their Personal Information be updated or corrected. We will retain your Personal Information in an identifiable form only for the period necessary to fulfill the purposes outlined in the Skyhook Privacy Policy, unless a longer retention period is required or permitted by law or by the Principles. We will adhere to the Principles for as long as we retain the Personal Information collected under the Privacy Shield.

4. Accountability for Onward Transfer of Personal Information. Skyhook may transfer Personal Information for the purposes described in the Skyhook’s Privacy Policy to a third party acting as a data controller or as an agent. If we intend to disclose Personal Data to a third party acting as a data controller or as an agent we will comply with, and protect, Personal Information as provided in the Accountability for Onward Transfer Principle. When providing our location services we disclose Personal Information as provided in our agreement with customers.  We remain responsible for the processing of Personal Information received under the Privacy Shield and subsequently transferred to a third party acting as an agent if the agent processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

7. Skyhook takes reasonable and appropriate precautions, taking into account the risks involved in the processing and the nature of the Personal Information, to help protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
   
   
8. In the case of information submitted to set up an account with Skyhook, individuals have reasonable access to their Personal Information and may request corrections, deletions, or additions where the Personal Information is inaccurate or has been processed in violation of the Principles. In addition, as described above, Skyhook provides end users with the ability to opt out of collection of the users’ MAC address, IP Address, Device ID and location information.
   
   
9. Recourse, Enforcement and Liability.  In accordance with the Privacy Shield Principles (the "Principles"), Skyhook has established procedures to periodically verify its implementation and compliance. Skyhook conducts an annual self-assessment of its practices regarding Personal Information intended to verify that the assertions Skyhook makes about its practices are true and that such practices have been implemented as represented. In addition, in compliance with the Privacy Shield Principles, Skyhook commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Rodman Forter, General Counsel, at privacy@skyhook.com or by mail at 12 Thomson Place, Boston, MA 02210.  
   Skyhook has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit here for more information or to file a complaint. The services of JAMS are provided at no cost to you.
   For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles available here.  

Amendment

This Notice may be amended consistent with the requirements of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. When we update this Notice, we will also revise the "Last Updated" date at the top of this document.

Questions and Complaints

If you have any questions, concerns or complaint regarding our privacy practices, or if you’d like to exercise your choices or rights, you can contact us:

• By email at privacy@skyhook.com
  
• By mailing to Skyhook, Attn: Legal, 12 Thomson Place, 4^th Floor, Boston, MA 02210, USA

We will make every effort to resolve your concerns.