Terms of Service & Use

The CTM Interactive Technology Platform

CTM Interactive does business with its customers and provides its technology platform based on the following Terms of Service & Use (TOSU).  These TOSU are updated and posted as of December 30, 2019.I.               Definitions

A.              “CTMi,” “the Company,” “we,” and “us” refer to CTM Interactive.

B.              “The Client,” “the Customer,” “You” refer to the business entity to which CTMi agrees to directly sell its services under these Terms of Service, and additional terms that might be described in a separate and respective agreement.

C.              “The Platform,” “the Service” refer to CTMi’s Aciv8 Plus Technology Platform, inclusive of its proprietary technology, code, features, functionality – including customization options available to The Client and its Authorized Users – that are provided to the Client and its Authorized Users in the delivery of service.

D.             “Applicable Law” refers to laws, statutes, and regulations across the various jurisdictions that apply to the delivery of service on the Platform.

E.              “The Consumer,” and “the Data Subject,” and “End User” refer to individuals to whom the Offer, as defined herein, is presented on behalf of the Client, or parties to which the Client is contracted, for engagement, acceptance, participation and fulfillment

F.              “Authorized User” refers to all individuals that the Client might assign to have access to, and/or perform work on the Platform, whether those individuals are employees of the Client, or outside parties.

G.             “Term” refers to the time period during which the Service shall be delivered to the Client, as defined in an agreement document or other mutually accepted and executed order for the Service.

H.             “The Offer” refers to an opportunity presented to the Data Subject by the Client to participate in an activity that allows them to submit a digital image, in the form of a photo, GIF or video, along with other items of data that could include PII, and then receive a subsequently treated and/or branded and/or themed version of the image, along with other digital content presented by the Client.  The processing of the image, and the return of the enhanced version, as well as other digi9tal content offered by the Client take place via the Platform on behalf of the Client.

I.               “Personally Identifiable Information” and “PII” refers to any data that could potentially be used to identify a particular person.

J.               “The Order” refers to a document describing in detail the scope, nature, term and respective responsibilities of the parties, and including in full or by linkage, the Terms of Service & Use and Privacy Policy expressed herein, and accepted by both the Company and the Client by authorized signature.

K.              “Prohibited Data” refers to types of data for which the Platform may not be used as a method to record or collect such data from End Users in the course of their participation on the Platform.  Such Prohibited Data is defined below.

L.               “Additional Services” refers to consultation, configuration, implementation, technical support, and/or other services related to configuration and use of the Platform that might be designated and described in an agreement document or other mutually an accepted and executed order for the Service.

II.              Roles and Responsibilities

A.              CTMi

1.              CTMi provides the Platform, which includes in its capabilities the collection and processing of PII.  To the extent that CTMi processes PII in the course of providing the Service, it will do so only as a Processor acting on behalf of the Client and in accordance with these TOSU.

2.              Defining its purpose limitation on the Platform, CTMi will process the PII only for the purpose of providing the Services and in accordance with Data Controller’s lawful instructions.

3.              The Company shall maintain administrative, physical and technical safeguards for protection of the security, confidentiality and integrity of Customer Data, and such safeguards shall include measures designed for preventing unauthorized access, use, modification or disclosure of Customer Data,

4.              The Company shall be responsible for the performance of the CTMi personnel (including employees and contractors) and their compliance with the Company’s obligations under this Agreement

5.              The Company shall provide commercially reasonable technical support to the Client regarding the use of the Service during the term of the Agreement.

B.              The Client’s Responsibilities

1.              Recognizing that the Platform may be used by the Client within its marketing communications, advertising, promotion and selling activities to record and collect data related to the End User, including but not limited to, photos, video recordings, and points of PII described below, it shall accept the responsibilities described herein.

2.              In its use of the Platform, the Client shall maintain legally adequate privacy policies and terms of service & use relevant to U.S. and European codes, standards, laws and regulations, provide notice and obtain all legally required rights, releases and consents to allow such data to be collected, processed, stored, used, and transmitted.  In addition, as the Data Controller, the Client shall respond to and take action upon individual rights requests from End Users.

III.             Acceptable Use Policy (AUP)

A.              All access to and use of the Platform is subject to the Company’s Acceptable Use Policy (AUP).  This AUP may be further defined within respective written agreements between the Company and the Client.

B.              The Client agrees it will comply with the AUP, and ensures that all Authorized Users will comply with the AUP as described in III.C.1-12 below.

C.              The Client agrees that it will NOT, nor will it instruct, permit or allow any Authorized User, to engage in any of the following utilizations of the Platform:

1.              Utilizations that violate, or encourage the violation of the legal rights of consumers, participants, or any others, or of Applicable Law, including without limitation, laws, regulations, policies and directives relating to privacy, security, intellectual property, electronic communications, advertising, and other commercial laws;

2.              Utilizations that engage in, promote or encourage illegal or fraudulent activity;

3.              Utilizations that are unlawful, invasive, infringing, defamatory or fraudulent in purpose;

4.              Utilizations that transmit any material that contains digital viruses, worms, corrupted files, hoaxes, or other digital items of a destructive or deceptive nature;

5.              Utilizations that in any way unreasonably interfere with or adversely affect the Platform or infrastructure used for the Platform, other CTMi customers, or third party applications, devices systems or networks that link to or interoperate with the Platform;

6.              Utilizations that would disable, interfere with or circumvent any aspect of the Platform;

7.              Utilizations that access or use the Platform for purposes of load-testing, performance measurement or other similar activities;

8.              Utilizations that engage in activities, and/or upload, process, submit, transmit, display, distribute or store any information, that may be considered libelous, slanderous, defamatory, threatening, sexually explicit, profane, obscene, pornographic, offensive, abusive, malicious or otherwise harmful to any person or entity, or is discriminatory based on race, sex, creed, religion, nationality, disability, sexual orientation, gender identity, language or age;

9.              Utilizations that are fraudulent, deceptive, inaccurate or misleading;

10.           Utilizations that engage in any unsolicited advertising, marketing or other activities prohibited by Applicable Law covering privacy legislation in any applicable jurisdiction, data security and protection, and anti-spam;

11.           Utilizations that can reasonably be regarded as targeted at Data Subjects under the age of 13, when such utilizations do not include clear and unambiguous age restriction notifications regarding data entry by children under the age of 13.

12.           Utilizations that access illegally, or without authorization, computers, accounts or networks belonging to CTMi or any third party, or attempt to penetrate security measures (often known as “hacking”), or to engage in any activity that is used as a precursor to an attempted system penetration (i.e. port scan, stealth scan, or other information gathering activity).

D.             The Platform may NOT be used to record or collect Prohibited Data, including: government issued ID numbers such as passport numbers, taxpayer numbers, driver’s license numbers;  individual medical or health information (including without limitation, protected health information under HIPAA); individual financial information or account numbers (including without limitation, credit or debit card numbers or bank account numbers);  security codes or passwords (other than passwords for Customer’s account on the Service); or “special categories of personal data” under the EU General Data Protection Regulation) or similar sensitive information under other laws or regulations.

E.              CTM Interactive is not obligated to, nor does it represent that it will monitor the utilization of the Platform by its Clients to ensure that they comply with this AUP or Applicable Law.  The Company is not responsible for any content created, uploaded, stored, maintained, transmitted or accessible on or through the Platform, and is not obligated to monitor or exercise any editorial control over such content.  In the event that the Company becomes aware that any such information or use of the Platform that may violate this AUP, Applicable Law and/or expose the Company to civil or criminal liability, CTM Interactive reserves the right, but not the obligation, to investigate such information or use, block access to such information, and/or suspend or terminate any use of the Platform without liability.  The Company further reserves the right to cooperate with legal authorities and third parties in investigating any alleged violations of this AUP or Applicable Law, including disclosing the identity of any Customer that CTM Interactive believes is responsible for such violation. The Company also reserves the right, but not the obligation, to implement technical mechanisms in such cases to prevent AUP violations.

IV.            CTM Interactive may modify the Terms of Service for the Platform at any time by posting the revised version on the CTM Interactive website at:  https://www.ctminteractive.com/term-of-service-and-use/.  Customer’s continued use of the Platform will be considered acceptance of any such modification.  All modifications to the Terms of Service will be effective immediately upon posting, unless otherwise communicated by the Company.

Privacy Policy


The CTM Interactive Platform

CTMi provides The Service and operates its Platform in line with the following Privacy Policy.  In the expression of this Privacy Policy, definitions established in the Company’s Terms of Service and Use apply. This Privacy Policy is updated and posted as of December 30, 2019.

I.               PII Collected on the Platform

A.              CTMi supports and embraces data privacy laws, and it promotes complete disclosure as well as clear and unambiguous opt-in by Data Subjects.  While compliance with all applicable law relating to privacy are the responsibility of the Client, as defined in “Terms of Use,” Sections II and III above, the Company provides a professional standard of consultation and guidance to incorporate a high standard of such protocol in the presentations and operation that are placed onto the Platform.

B.              CTMi does not share, transfer, sell, disclose nor use Personally Identifiable Information collected in the course of providing the Service for any commercial purpose except for such sharing or transfer of data that is necessary for delivery the Service to its Client, in accordance with these TOS&U as well as described and agreed to in the Order.  Such exceptions are limited and defined below.

C.              Limitations to Sharing of PII Collected on the Platform

1.              Sharing, transfer, and disclosure of PII collected in providing the Service can be provided to the Client in accordance with these TOS&U as well as described and agreed to in the Order.

2.              Such PII can be accessed by the Company’s staff for the purpose of operational support and maintenance of technical systems intrinsic to the Service.  Such staff – whether employees or contractors – shall be subject to a contractual duty of confidentiality and privacy protection.

3.              Such PII can also be shared, transferred and disclosed to 3rd parties to help us provide the Services to the Client, resolve and/or investigate complaints from Data Subjects or other parties.   Such 3rd parties are limited to those in the categories described below, along with the type of information and the purpose such sharing, use, transfer or disclosure we provide to those respective categories.   Third party service providers are verified by the Company’s inspection of suppliers’ respective terms of service and privacy policies that prohibit them, individually and collectively, from any use of PII that the Company processes through them, other than contributing to the breadth, depth, quality and security of the Service.

 

Third Party Category Type of
Personal Information Transferred
Purpose of Transfer
SMS & MMS message processor Personal identifiers, which could include, but are not limited to:

·       Name

·       Email address

·       Mobile phone number

·       (IP) address, browser information, operating system and platform, and other technology on the devices used to access the Platform

·       Time zone and location data

·       Photos of Data Subject(s), including animated video and/or GIF files

·       Survey and/or other entry field data as developed and presented on the Platform by the Client

Digital processing and delivery of Client Media to Data Subject
External cloud computing storage provider Personal identifiers, which could include, but are not limited to:

·       Name

·       Email address

·       Mobile phone number

·       (IP) address, browser information, operating system and platform, and other technology on the devices used to access the Platform

·       Time zone and location data

·       Photos of Data Subject(s), including animated video and/or GIF files

·       Survey and/or other entry field data as developed and presented on the Platform by the Client

External data storage of unique URL data and image media, e.g. photos, videos, GIFs
CONTINUED FROM PREVIOUS PAGE…  
Third Party Category Type of
Personal Information Transferred
Purpose of Transfer
External cloud computing ancillary service provider Personal identifiers, which could include, but are not limited to:

·       Name

·       Email address

·       Mobile phone number

·       (IP) address, browser information, operating system and platform, and other technology on the devices used to access the Platform

·       Time zone and location data

·       Photos of Data Subject(s), including animated video and/or GIF files

  • Survey and/or other entry field data as developed and presented on the Platform by the Client
Detecting and reporting of data processing errors. Detecting, protecting against, and prosecuting security incidents and prospective illegal activity.  Other technical measures to maintain & improve the efficacy, relevance, and/or general stability and performance of our Platform.
Courts, law enforcement, and official regulatory agencies across jurisdictions Personal identifiers, which could include, but are not limited to:

·       Name

·       Email address

·       Mobile phone number

·       (IP) address, browser information, operating system and platform, and other technology on the devices used to access the Platform

·       Time zone and location data

·       Photos of Data Subject(s), including animated video and/or GIF files

·       Survey and/or other entry field data as developed and presented on the Platform by the Client

As necessary to fulfill The Company’s legal obligations as a regulated profession and otherwise cooperate under the authority of law enforcement, and official jurisdiction.

 

D.             Aggregated Data`

1.              Data collected and recorded in the course of providing the Service may be used by CTMi in fully anonymized and aggregated form to assess the performance and gain insights into the Platform and the Service for a range of purposes, including but not limited to, providing to the Client analysis and insight into its use of the Service, improvement of the Company’s products, website, and marketing materials.  Such data shall at no time contain nor disclose PII to any party that is not described herein as authorized.

II.              DATA PROCESSING ADDENDUM

A.              SPECIAL NOTIFICATION FOR CALIFORNIA CONSUMERS

1.              California Consumer Privacy Act

a)              While the terms of this Privacy Policy are applicable to all utilizations of the Platform, California law, including but not limited to the California Consumer Privacy Act of 2018 (the CCPA) provides for additional and specific to California consumers.

b)              Recognizing that CTMi is not a collector or user of the data that is provided on the Platform by the Data Subject, and that CTMi does not share, transfer, sell, disclose nor use Personally Identifiable Information collected in the course of providing the Service, other than in support of the operation and maintenance of the Service, and that CTMi provides the Service as a Data Processor only, we recognize and shall be responsive to the exercise of rights specific to California consumers, as described below.

c)              California consumers have the right to request information about the specific points of PII and the categories of PII that we have collected relating to them in the course of our work as a Data Processor, the purpose of such collection, and the parties and purposes of the sharing and disclosure of such information.

d)              We will not discriminate against any individual in the event that such individual exercises any of their rights.   To submit a request directly to CTMi under the CCPA, individuals should refer to the “Contact Us” section of this Privacy Policy.

2.              Policy Regarding Data Subject/Children Under the Age of 13

a)              In accordance with the AUP expressed in Terms of Service & Use, III.C.11, CTMi does not knowingly allow the Platform to collect PII from children under 13 years of age.  If the Company discovers that the Platform has been used to collect PII from a child under 13 years of age, it will delete all such information.  Information regarding such collection of PII can be provided to CTMi via methods shown in the “Contact Us” section of this Privacy Policy.

B.              SPECIAL NOTIFICATION REGARDING EUROPEAN LAW COMPLIANCE, INCLUDING THE GENERAL DATA PROTECTION REGULATION

1.              While the terms of this Privacy Policy are applicable to all utilizations of the Platform, individuals in the European Union have additional rights under EU law, including but not limited to the General Data Protection Regulation (the GDPR).

2.              Processing Locations

a)              CTMi processes and stores data with technology infrastructure in the United States. For purposes of providing the Service, Data Subject PII may transfer from the originating location of the Data to servers and other data processing infrastructure located in the United States.

b)              CTMi complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  In line with Privacy Shield Principles, CTMi shall promptly resolve complaints about our collection or use of your personal information.  The Company shall cooperate with the panel established by the EU data protection authorities with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.

3.              For Data Subjects located within the European Union, laws in effect as of May 25th, 2018 identify particular privacy rights with which CTMi shall comply. These include, but are not limited to, the following rights for EU individuals

a)              They may obtain a confirmation as to whether or not we process their personal data and get access to that personal data, unless granting such access would adversely affect the rights of others. The Company provides one copy of such information in response to a written request.  For additional copies, the law allows us to charge a reasonable fee based on administrative costs.

b)              The Company shall rectify inaccurate personal data or complete incomplete personal data in an expeditious business manner.

c)              They have the right to “be forgotten.”  The Company must erase personal data in an expedient and businesslike manner and will do so unless we are required by law to retain it.

d)              The Company is required to follow certain guidelines when EU individuals contest the accuracy of their data, have a desire for us to restrict the processing of their data, or if they have asked us to retain it for in reference to a legal proceeding.

e)              At their request, the Company must provide their personal data in a structured, commonly used and machine-readable format.

f)               If an EU individual believes that CTMi, as a Data Processor, has failed to process their personal data in accordance with applicable law, they have the right to lodge a complaint with a supervisory authority responsible for data protection, in particular in the country of their habitual residence, place of work or place of the alleged infringement.

4.              Contact by Data Subjects

a)              It is recognized that in regard to the Platform and the Service, we are a Data Processor only, and not a Data Collector, and that in line with Section I.B.2 above, The Client shall respond to and take action upon individual rights requests from End Users.  Notwithstanding this, EU and Swiss individuals with inquiries or concerns regarding the privacy of data should contact us using the methods shown in the “Contact Us” section of this Privacy Policy.

CTMi “Contact Us” Instructions

By conventional mail:
CTM Interactive, Attention: Privacy & Data Admin., 17912 Holderreith Road, Tomball, TX 77377

By email: DataAdmin@ctminteractive.com

CONTACT US