CCPA PRIVACY NOTICE

 

CCPA PRIVACY NOTICE

[Last Modified: July, 2025]

 

Applicability: Pursuant with the California Consumer Privacy Act of 2018 as amended and revised by the California Privacy Rights Act of 2020 (collectively “CCPA”), and any other California privacy laws, this CCPA Notice applies to visitors, users, and others who are California residents (“consumers” or “you”) except for candidates (applicants for employment) and employees/contractors which are governed by a separate notice as detailed below. Any terms defined in the CCPA have the same meaning when used in this CCPA Notice. This CCPA Notice applies to California residents’ Personal Information, which we collect directly or indirectly while browsing our website or while using the Offerings.

 

This CCPA Notice is an integral part of our Privacy Policy, and thus, definitions used herein shall have the same meaning as defined in the Privacy Policy. This CCPA Notice does not cover Personal Data relating to Candidates – please visit our Candidate Notice which incorporates the CCPA Notice. Employees and contractors are governed by Perion’s internal privacy policies applicable to such. 

 

PART I: A COMPREHENSIVE DESCRIPTION OF THE INFORMATION PRACTICES:

 

(1) CATEGORIES OF PERSONAL INFORMATION WE COLLECT

We collect Personal Information which is defined under the CCPA as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device, all as detailed in the table below. Personal Information further includes Sensitive Personal Information (“SPI”).

Personal Information does not include: Publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; De-identified or aggregated consumer information; Information excluded from the CCPA’s scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA) and the Driver’s Privacy Protection Act of 1994.

The table below details the Personal Information collected, stored and processed, and if shared with a contractor or service provider for a Business Purpose (as such term is defined under the CCPA). When we disclose Personal Information for a Business Purpose, we execute a contract that describes the purpose and requires the recipient to keep Personal Information confidential and not use the Personal Information for any other purpose except for limited Business Purpose. We further restrict the contractor and service provider from selling or sharing your personal information.

 

Below we detail the categories of Personal Information that we collect, shared for Business Purposes and the categories of recipients to whom we disclose (within the last 12 months): 

 

Category	Collected	Category of Recipients
A. Identifiers.	Depending on your engagement with us we will collect certain identifiers such as: Online identifier, unique online identifier, user ID, Internet Protocol (IP) address, Mobile Advertising IDs (”MAID”), real name, account name, email address.	Service Providers such as fraud detection tools, ad measurement tools, security and de-bugging tools, ad-networks and affiliates, cloud and hosting providers, etc.  Publishers.  Affiliated Companies.  Legal Authorities.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	Depending on your engagement with us we may collect your name, address, telephone number.	Service providers, authentication tools, CRM providers, data enrichment providers, etc.  Affiliated Companies.  Legal Authorities.
F. Internet or other similar network activity.	When you interact with our website, Platform or Offering, we will collect: limited browsing data (referred URLs, click stream), interaction with the services, website and Offering.	Marketing Affiliates; service providers; ad networks; social networks; marketing partners; security tools; measurement tools; fraud tools, etc.  Affiliated Companies.  Legal Authorities.
G. Geolocation data.	Approximate location derived from IP address.	Service providers such as fraud detection tools, optimization, measurements, ad networks, affiliates, etc.  Affiliated Companies.  Legal Authorities.
I. Professional or employment-related information.	We use marketing tools that provide us with enriched data on our prospects, that provide contact and business information.	Service Providers.  Affiliated Companies.  Legal Authorities.
K. Inferences drawn from other personal information.	We may infer additional information about you based on the behavioral data we obtained.	Service providers.  Affiliated Companies.  Legal Authorities.
L. Sensitive personal information.	Precise geo-location	Service providers.  Affiliated Companies. Legal Authorities.

 

(2) CATEGORIES OF SOURCES OF PERSONAL INFORMATION

Depending on the nature of your interaction with us, or any service provided by us or our partners, we may collect information either automatically or voluntarily provided by you. Automatic collection of information is usually made through the use of cookies, pixel tags, local storage, databases, and server logs, and voluntarily information is provided when you contact us, as detailed in the Privacy Policy. In addition, another source of data are data enrichment tools, data brokers (DMPs),  and partners. We may also receive data from publicly accessible sources.

 

(3) USE OF PERSONAL INFORMATION

We may use the Personal Information collected as identified above, for the following purposes: to fulfill or meet the reason you provided the Personal Information (support, respond to a query, etc.), monitor and improve our Services and Offering, provide the Services and Offering, display and improve the website, marketing purposes (marketing our services and Offering), analyzing our Offering and website and specifically your use of such, respond to law enforcement, and as set forth in our privacy policy (both the general privacy policy and the Offering privacy policy). 

We will not collect additional categories of personal information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

 

(4) SALE OR SHARE OF PERSONAL INFORMATION

We share and sell Personal Information to personalize and deliver ads, for “interest-based advertising (“IBA”) or cross-context behavioral advertising (“CCBA”), which includes, among others, sharing bid requests, ad call, tags, and audience and interest segments we obtain about you, all as detailed in our Privacy Policies. We use various tracking techniques, placed on Publishers’ assets or provided by third parties, all as detailed under the “Cookie” section in the privacy policies. Opt-out information is available below. 

Further, as detailed below we may sell certain information as a data broker. Opt-out information is available below. 

Last, as we promote our Service and Offering through online campaigns, we place third-party marketing and analytic cookies on our website, sharing the unique identifier with such partners for analytic and marketing purposes may also fall under the definition or “share and sell”, and therefore, we offer the opportunity to opt-out through the cookie setting presented on our website’s footer. For additional information regarding the tracking technologies, we use on our website please review our cookies list presented in the website’s footer.

 

In the preceding twelve (12) months, we “sell” or “share” the following categories of Personal Information for a business purpose:

Category (corresponding with the table above)	Category Recipient	Purpose of Sale or Share
Category A, F, G	Social Networks, marketing and advertising service providers, ad networks, and analytic tools.	Promote and market our Offering by tracking and targeting visitors on our website, obtaining analytic data for optimizing our promotions and campaign and use of the website.
Category A (MAID)	Our partner – Publisher and Advertiser (as defined in the Privacy Policies)	See how you can opt out in Section (I) below or submit a DSR
Categories A, F, G.	Advertisers, Ad Network, ID providers, Publishers, exchange partners, DMPs, affiliates.	Our Offering include advertising solutions, in which we share and sell Personal Information for CCBA and IBA, as detailed above.

 

(5) CHILDREN UNDER AGE 16

Our Offerings, website and services are not intendent for children, We do not collect information from children under the age of 16. If you are aware of such information being collected, please contact us at: [email protected]

 

(6) DATA RETENTION

We retain Personal Information for as long as is necessary or as permitted in light of the purpose(s) for which it was obtained and consistent with applicable law, for example, for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. The criteria to determine our retention periods include: 

1. For as long as it remains necessary in order to achieve the purpose for which the Personal Information was initially processed. For example: if you contacted us, we will retain your contact information at least until we will address your inquiry.
2. The period of time we have an ongoing relationship with you and provide the Offering to you. 
3. To comply with our regulatory obligations.
4. To resolve a claim we might have or a dispute with you, including any legal proceeding between us, until such dispute will be resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods.

Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.

Online identifiers are usually retained for 12-months. Other information usually will not be retained for more than 24-months.

When we destroy your Personal Information, we do so in a way that prevents that information from being restored or reconstructed.

PART II: EXPLANATION OF YOUR RIGHTS UNDER THE CCPA AND HOW TO EXERCISE THEM

 

(7) YOUR RIGHTS UNDER THE CCPA

If you are a California resident, you may exercise certain privacy rights related to your Personal Information. You may exercise these rights free of charge except as otherwise permitted under applicable law. We may limit our response to your exercise of these privacy rights as permitted under applicable law, all as detailed herein and the in the Data Subject Request (“DSR“) available here (General Privacy Policy/Candidate Privacy Policy) and/or here (Offering Privacy Policy)

 

California Privacy Right	Details
The right to know what Personal Information the business has collected.	The right to know what Personal Information the business has collected about the consumer, including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom the business discloses Personal Information, and the specific pieces of Personal Information the business has collected about the consumer.
Deletion Rights.	The right to delete Personal Information that the business has collected from the consumer, subject to certain exceptions.
Correct Inaccurate Information	The right to correct inaccurate Personal Information that a business maintains about a consumer
Opt-Out of Sharing for Cross-Contextual Behavioral Advertising	You have the right to opt-out of the “sharing” of your personal information for “cross-contextual behavioral advertising,” often referred to as “interest-based advertising” or “targeted advertising”.
Opt-out from selling	the right to opt-out of the sale or sharing of Personal Information by the business
Limit the Use or Disclosure of SPI	Under certain circumstances, If the business uses or discloses SPI, the right to limit the use or disclosure of SPI by the business.
Opt-Out of the Use of Automated Decision Making	In certain circumstances, you have the right to opt-out of the use of automated decision making in relation to your Personal Information.
Non-Discrimination	The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicants, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights, denying a consumer goods or services, charging different prices or rates for goods or services, providing you a different level or quality of goods or services, etc. We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by your Personal Information.
Data Portability	You may request to receive a copy of your Personal Information, including specific pieces of Personal Information, including, where applicable, to obtain a copy of the Personal Information you provided to us in a portable format.

 

To learn more about your California privacy rights, please visit https://oag.ca.gov/privacy/privacy-laws. And https://oag.ca.gov/privacy/consumer-privacy-resources.

 

(8) HOW CAN YOU EXERCISE THE RIGHTS?

You can always exercise your rights by following the instruction within the DSR and submitting the DSR. However, you are not required to use the DSR where certain right can be exercised independently, for example:

 

1. Use the cookie consent manager presented on Perion website Your Privacy Choices and/or any third party website or app you are using.
2. Perion offers an “opt-out cookie” for those that wish to opt-out of Perion IBA activities. Please see here.
3. To opt out of the sale or share of Personal Information, you may also directly opt out from third party retargeting cookies or other ad-technology trackers through self-regulatory services. For more information, please visit:
4. Digital Advertising Alliance (US) here.
5. Digital Advertising Alliance (Canada) here.
6. Digital Advertising Alliance (EU) here.
7. Network Advertising Initiative here.
8. You can also opt out of interest-based advertising with some of the service providers we use, such as Google here, Google Analytic here.
9. We also are able to affirmatively the Global Privacy Control preference.
10. California consumers may use the opt out tool available here to send requests under the CCPA for their website browser or app used to opt out of the sale of their Personal Information by some or all of the participating companies.
11. You may limit the disclosure of certain Information by your mobile device to us and Publishers by adjusting the settings on your mobile Device. For iOS mobile Devices, go to “Settings” from your Device’s home screen; scroll down to “Privacy”; select “Advertising”; and turn on “Limit Ad Tracking.” For Android mobile Devices, go to “Google Settings” on your Device; select “Ads”; and check the box labeled “Opt Out of Interest-Based Ads.” Our data partners honor these “limit” or “opt out” instructions or “flags” by removing recognized Devices from our cross-app advertising or ad delivery and reporting solutions, on a going-forward basis.

(9) DE-IDENTIFIED DATA 

We may aggregate, de-identify, or anonymize Personal Information, i.e., transform the information so it no longer relates back to a person’s identity so that it will no longer be considered Personal Information. We do so to generate other data for our use, which we may use and disclose for any purpose. Where we maintain or use de-identified information, we will continue to maintain and use the de-identified information only in a de-identified fashion and will not attempt to re-identify the information.

 

(10) AUTHORIZED AGENTS

“Authorized agents” may submit opt out requests on a consumer’s behalf. If you have elected to use an authorized agent, or if you are an authorized agent who would like to submit requests on behalf of a consumer, please fill in the DSR.

 

(11) CONTACT US

Perion Networks Ltd.: 2 Leonardo da Vinci St Landmark Building, 24th Floor Tel Aviv-Jaffa, 6473309 Israel.

Data Broker Information: Hivestack Technologies Inc. dba Perion,118 Rue Saint-Pierre, Montréal, QC H2Y 2L7, Canada.

 

(12) UPDATES

This notice was last updated on July, 2025. As required under the CCPA, we will update our Privacy Policy every 12 months. The last revision date will be reflected in the “Last Modified” heading at the top of this Privacy Policy.

 

We publish metrics regarding the number of requests we have received, complied with (in whole or in part) or denied, and also the median number of days in which we responded to such requests, in the previous year, as applicable to the time period in which the CCPA was in effect. 

 

(13) Consumer Rights Requests Metrics

During the previous calendar year, HiveStack (Perion’s Affiliate, a registered data broker)  received the following number of requests from residents of California*:

 

	Received	Complied with	Denied
Request to Know	0	0	0
Deletion Request	0	0	0
Opt Out  Request	0	0	0

 

• We often receive requests from users identifying themselves via ane-mail addresses, name or other direct identifiers, however as our offerings do not include the collection or processing of this type of information (rather, device identifiers such as MAIDs) we are not able to identity the user provided the e-mail addressee, as this data is not collected or processed in connection with the offerings.

 

PART III: OTHER CALIFORNIA OBLIGATIONS

 

Do Not Track Settings: Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we deal with the “Do Not Track” settings in your browser. As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we so not respond to the Do Not Track settings. Do Not Track is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit: www.donottrack.us.

California’s “Shine the Light” law (Civil Code Section § 1798.83): permits employees that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send us an e-mail to our DPO.