Minnesota Consumer Data Privacy Act

Effective date: July 31, 2025

This Minnesota Consumer Data Privacy Act notice supplements the USADATA Privacy Policy and applies to residents of Minnesota. It explains our role, your rights, and how to contact us.

Summary

USADATA provides marketing and data services for business clients. We act as a service provider and processor. We receive personal information from clients and reputable third-party sources to perform audience selection, onboarding, hygiene, and analytics. We do not use personal information collected for one client to serve another client or for our own commercial benefit. We may use limited information to improve service quality, detect security incidents, or protect against fraud. When a client project ends, we securely delete or de-identify related personal information except where law or contract requires retention.

Who we are

USADATA, Inc. and its subsidiaries provide privacy-conscious marketing data and activation services to brands, agencies, and partners. We do not offer consumer retail services.

Our role under Minnesota law

Under the Minnesota Consumer Data Privacy Act we operate primarily as a processor. We handle personal information on documented instructions from our client controllers. Controllers decide the purposes and means of processing. As a processor, we assist controllers with compliance, and we follow the limits set in our contracts.

Information we process

Typical categories

  • Identifiers such as name, postal address, email, phone, and unique identifiers

  • Commercial and demographic indicators used for lawful audience selection and measurement

  • Digital identifiers used for matching and activation, such as hashed emails, cookies, and Internet Protocol addresses

  • Inferred segments that indicate likely interests or intent for marketing relevance

What we avoid

  • Sensitive personal information without verified consent from the controller

  • Information about children under thirteen

We also honor applicable exemptions for public information, de-identified or aggregate data, and sector-specific regulated data.

How we use personal information

  • Fulfill marketing and analytics services for client campaigns

  • Maintain the quality, integrity, and performance of services

  • Detect and prevent security incidents and fraud

  • Comply with law, contracts, and audits

We do not make decisions that produce legal or similarly significant effects about individuals.

Consumer rights in Minnesota

Minnesota residents have the right to request access, correction, deletion, and a portable copy of personal information from controllers. Residents also have the right to opt out of the sale of personal information, targeted advertising, and profiling that produces legal or similar effects.

How to exercise your rights

Because USADATA acts as a processor, rights requests must be sent to the controller that collected your information or directed its processing. If you contact USADATA directly, we will reply within ten business days to explain our processor role and, when possible, identify the controller contact so you can submit your request.

Opt out preference signals

When clients or partners communicate a valid opt-out preference signal, such as the Global Privacy Control, we flag the record, exclude it from activation and analytics, and notify relevant partners and sub-processors so that the opt-out is respected across systems.

Send email to privacy@usadata.com

Data minimization and retention

We limit processing to what is adequate, relevant, and reasonably necessary for the services we provide. Unless law or contract requires retention, we delete or de-identify project data within thirty days after the project ends.

Security

We maintain administrative, technical, and physical safeguards that align with SOC Type Two controls. Personal information is protected with encryption at rest and in transit using AES 256 and TLS 1.2 or newer. Access is restricted with least privilege and multi-factor authentication. We conduct regular testing and maintain incident response procedures.

Sensitive and children’s information

We do not knowingly process sensitive personal information or information about individuals under thirteen without obtaining verified consent from the relevant controller. If we learn that unauthorized sensitive information or information about a child was provided, we will delete it promptly.

Exemptions

This notice does not apply to certain regulated information, such as information covered by health privacy law, financial privacy law, consumer reporting law, or the driver privacy law. It also does not apply to public information or properly de-identified or aggregate information.

Data broker and registration notice

USADATA is registered as a data broker in California and Texas. Minnesota does not require separate registration with data brokers. Information about Texas-registered data brokers is available from the Texas Secretary of State.

Non-discrimination

We do not deny services or provide different prices or service levels because you exercise privacy rights.

Changes to this notice

We reserve the right to update this notice from time to time. The effective date at the top shows the most recent update. Changes become effective when posted.

Contact

Email privacy@usadata.com
Phone (800) 399 8611
Mail USADATA, Inc., Attn: Privacy and Compliance, 875 Third Ave, STE 402 FL 4, New York, NY 10022

See also: USADATA Privacy Policy and California Privacy Policy.