Last updated: November 2019
For guidance on how you can opt-out of the delivery of tailored advertising based on your website browsing or device-specific information, please see the section headed “Opting Out and Your Privacy Rights” below.
PART I. GENERAL
Our commitment to privacy
Introduction to dataxu
Advertising supports free content and experiences we all love on the web, social media platforms, connected television platforms and on Internet-enabled mobile devices such as smartphones and tablets. dataxu’s goal is to make advertising more effective by helping to display content that may be of interest to you. Relevant advertising is less annoying and assists the services that depend on advertising because advertisers pay more for effective content.
To deliver relevant advertising to you, we may collect information about your activity across multiple third-party websites, devices or mobile applications. We may use this information to predict the types of ads that may interest you and to display advertising to you based on that information (“Tailored Advertising”). For example, if you visit multiple websites that feature articles about travel or you use a travel app, we may display travel-related ads to you on another website, device or app.
dataxu is also a member of industry associates that govern policies around consumer privacy in the context of Tailored Advertising, including: the Digital Advertising Alliance’s (“DAA“); the Network Advertising Initiative (“NAI”); the European Interactive Digital Advertising Alliance’s (“EDAA“), as well as the Interactive Advertising Bureau (“IAB”) in the US. Dataxu complies with the DAA’s “Self Regulatory Principles for Online Behavioral Advertising, the NAI’s “2018 Code of Conduct”, and the EDAA’s Principles.
To learn more about tailored (or ‘Interest-Based’) advertising and your choices with respect to it, please visit www.aboutads.info/consumers, https://www.networkadvertising.org/understanding-online-advertising/ and http://www.youronlinechoices.eu/
PART II. INFORMATION COLLECTION AND USE
What information do we collect via the dataxu Website and how do we use it?
Personal information that you provide voluntarily
Certain parts of our Website may ask you to provide personal information voluntarily: for example, we may ask you to provide your contact details in order to subscribe to marketing communications from us or to obtain content such as whitepapers and reports, and/or to submit enquiries to us. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
You may also voluntarily supply us with personal information when you submit information on our “Contact Us” page or when you leave a comment and your name on our blog).
When you provide personal information directly to us via the Website or email, it is used by dataxu solely for the purposes identified at the point at which you provide the information (e.g. for general marketing purposes or to notify you regarding updates to our products and services).
Personal information that we collect automatically
When you visit our Website, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area (“EEA”), this information may be considered personal information under applicable data protection laws.
Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.
Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.
Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “What technologies do we deploy to collect and use behavioral information?” below.
What information do we collect via the Platform?
Information associated with website visits
Information associated with mobile website or application visits
For mobile users, we collect device types, device make and model, operating system, mobile advertising identifiers (e.g. IDFA on iPhone, Google ADID on Android), operating system device identifier, information about the types of apps you use and the GPS location of your device (subject to your provision of opt-in consent).
Information associated with connected TV devices or ‘over-the-top’ (OTT) video applications and service providers
We may receive unique identifiers associated with connected TV devices, as well as general information about the video content associated with the delivery of advertising. However, we do not receive information about the specific video content viewed nor associate advertising profiles based on viewed video content without first receiving opt-in consent.
Personally Identifiable and Sensitive Information
We do not collect personally identifiable information such as your name, address, phone number, or e-mail address. However, please note that our clients may use the Platform to deliver advertisements based on previously personal, but now de-identified, pseudonymized or otherwise ‘audience-matched’ information. We do not link, combine or re-identifiy personally identifiable information with information collected through the Platform without your opt-in consent.
We do not collect, nor contractually allow our clients to collect, sensitive information such as Social Security Number, credit card information, insurance plan numbers, financial account numbers or health related information. Outside of the EEA, Platform users may use general health-related segments which do not contain sensitive health data. Dataxu adheres to the codes and principles of the NAI, DAA and EDAA with respect to such sensitive data collection activities. Click here for a list of the standard health-related segments provided by third-party data providers.
What information do our customers / partners collect via the Platform?
Sometimes our customers include their own (or their partners’) pixels or similar technologies within advertisements that dataxu serves to websites, devices or mobile applications. This is in order for our customers to set and read their own cookies (which are not subject to the control of dataxu) for fraud prevention or to measure advertising performance.
dataxu is not responsible for and cannot control the data collection and use practices of its customers. You should read the privacy policies of the websites you visit and the online services and interactive ads that you use in order to understand the type of information companies collect and how they use that information.
Third Party Data Sources
Our customers may purchase data from approved data vendors and will input that data into the Platform to perform tailored advertising. Dataxu only works with vendors or partners who represent and warrant that they will only provide data that has been collected in compliance with applicable law and self-regulatory guidelines, and on an opt-in basis wherever required.
How do we use information collected via the Platform?
We use information collected via the Platform for a variety of purposes, including to:
- deliver tailored advertising to websites, devices and mobile applications on behalf of advertisers;
- enable our customers to determine which advertisement may be suitable to be delivered to you;
- associate the browsers, devices and applications used by the same visitor or household;
- to monitor the success of and manage advertising campaigns; and
- attribute advertising performance with your actions with our clients’ products or services;
- compile statistics, create reporting and analytics – all of which are done in the aggregate and without identifying you;
- detect and prevent fraudulent or otherwise invalid advertising-related activities such as clickfraud
PART III. WHAT TECHNOLOGIES DO WE DEPLOY TO COLLECT AND USE INFORMATION THROUGH THE PLATFORM?
We use a variety of technologies on our Website and our Platform including cookies, pixel tags and scripts to collect and use Behavioral Information.
dataxu cookies may be served from any of the following domains: dataxu.net, us.dataxu.net, www.w55c.net, cdn.w55c.net, tags.w55c.net, cti.w55c.net, cts.w55c.net, ads.w55c.net, and i.w55c.net. For more information on our operation of these domains, click https://www.w55c.net/.
Pixel tags are small, invisible images on a webpage or other document. Pixel tags allow the operator of the webpage or other document, or a third party who serves the pixel tag, to set, read and modify cookies.
Our pixel tags allow dataxu cookies to be set, read and modified when you visit the websites of our partners. Our pixel tags also allow our partners to better understand how you interact with their websites by observing which pages on their websites are visited.
Server to server technology with third parties
We may synchronize information collected through the Platform with information collected by third parties (including cross-device identifiers as described below). We do not control the privacy practices of these third parties.
Cross-device and cross-app technology
We and our customers may use technology that establishes deterministic or statistical connections among related devices (such as smartphones, tablets, connected TV devices and computers) to deliver more relevant advertising to you and for advertising analytics and reporting purposes. For example, dataxu or its partners may match your devices if you log into the same online service on multiple devices or web browsers, or if your devices share similar attributes that support an inference that they are used by the same person or household. This means that information about your use of websites or applications on your current device may be combined with information from your other devices. This allows, for example, ads you see on your tablet to be based on activities you engaged in on your smartphone.
We may partner with third parties to provide such cross-device technology to our customers, and we may share unique identifiers (such as cookies or your mobile device’s IDFA or Google adID) with those third parties to make connections among related devices. We may also use your device’s IP address to infer connections among related devices within the same household. To opt out of dataxu’s use of such technologies for each web browser and on each of your devices, please follow the instructions for Opting Out as described in the Opting Out section below.
We and our customers may collect information about your activity across multiple unaffiliated third-party mobile applications. We may share this information with our customers to help them predict the types of ads that may interest you and to display advertising to you based on that information. For example, if you use a travel app, we or our customers may display travel-related ads to you on another app. We or our customers may combine this information with a mobile advertising identifier (such as your mobile device’s IDFA or Google adID), and we may retain it for up to 13 months, as described in the Security and Storage section below. If you would like to opt out of Interest-Based Advertising practices in mobile applications, please follow the instructions in the Opting Out section below.
Connected TV devices or ‘over-the-top’ (OTT) video applications and service providers
These devices and applications have a proprietary set of methodologies to collect and share information with dataxu for advertising purposes, including unique device identifiers, cookies, IP addresses, location as well as local storage such as through video player settings. To learn more about opting-out of these collection practices, refer to the Opting Out section below.
Do Not Track (“DNT”) and “Limit Ad Tracking”
DNT is a privacy preference that users may set in certain web browsers. It is intended to allow users another method of informing websites and services that they do not want certain information about their website visits to be collected over time and across websites.
Our technology does not respond to “do not track” (a/k/a DNT) signals or similar mechanisms transmitted by web browsers or mobile device operating systems. In the event that dataxu identifies the “Limit Ad Tracking” feature in Apple iOS version 9 and earlier, the device will be opted-out of advertising. To learn more about how you can exercise choices about the collection and use of certain data online for purposes of Interest-Based Advertising, please see the Opting Out section below.
PART IV. LEGAL BASIS FOR PROCESSING PERSONAL DATA (EEA VISITORS ONLY)
If you are a resident of the European Economic Area, our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.
However, we will normally collect personal data from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal data from you. If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).
Similarly, if we collect and use your personal data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided under the “How to contact us” heading below.
PART V. INTERNATIONAL TRANSFERS, SECURITY, AND RETENTION
EU-US Privacy Shield
dataxu complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries.
dataxu’s accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, dataxu remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless dataxu proves that it is not responsible for the event giving rise to the damage.
We have further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
If your complaint is not satisfactorily addressed, and your inquiry or complaint involves human resources data, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel established by the EU data protection authorities (“DPA Panel”). To do so, you should contact the state or national data protection or labor authority in the jurisdiction where you work. Dataxu agrees to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel.
For residual disputes that cannot be resolved by the methods above, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. To find out more about the Privacy Shield’s binding arbitration scheme, please see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
The Federal Trade Commission has investigation and enforcement authority over our compliance with the Privacy Shield.
International Data Transfers Using Model Contracts
dataxu also relies on Model Clauses set forth by the European Commission for intercompany transfers of personal data from the EEA to our data centers located in Singapore. Dataxu also has in place model clauses with any third-party vendors or partners to whom it may pass personal information.
We use appropriate technical, organizational and administrative measures to protect any Personal Information we process about visitors to our Website and/or users of our Platform.
We retain personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
We retain the information collected via the Platform and via the Website for up to 13 months. Any information stored in our global logs will be retained for no more than 60 days to calculate aggregated metrics required by our products. As of May 25th, 2018, our data warehouses will not contain any personal data.
The cookies set out on our device expire 365 days after they were last accessed.
In some cases, we may keep some of the user information for longer periods of time where required under certain laws – for example, those relating to corporate governance, taxation, money laundering and financial reporting legislation.
PART VI. OPTING OUT AND YOUR PRIVACY RIGHTS
You may manage your preferences opt out of cookies placed on dataxu websites by clicking here:
You may opt out of dataxu’s tailored advertising by following the instructions below.
Please note that web browsers, mobile applications and ConnectedTV services operate using different identifiers
Web Browser Opt Out
To opt out of dataxu’s tailored advertising on your computer or mobile web browser, please click the link below:
Click here to opt out and/or view your opt-out status with industry-wide tailored advertising services
If you choose to opt out by clicking the link above, dataxu will set a cookie that tells dataxu not to display web-based tailored advertising. If you delete your cookies or change computers, mobile devices or browsers, you will need to repeat this process for each computer or device and in each browser. You may download a browser plugin that will help you maintain your opt out choices, even if you delete certain cookies from your browser, by visiting http://www.aboutads.info/PMC.
Once you have elected to opt out, our system may take up to twenty-four hours to refresh, but following the refresh, this will prevent the Platform from using any interest-based data associated with your browser for tailored advertising. Please note that you will continue to see generic advertising.
Mobile Application Opt Out
To opt out of dataxu’s tailored advertising in mobile applications if you are resident in the United States, you can download the DAA AppChoices mobile application consumer transparency tool for your device operating system and set your preferences in the application.
You may also use various instructions in your mobile device operating system to control tailored advertising services. To learn more, visit the NAI mobile choice page here.
Please note that if you use the settings on your mobile device to reset the mobile operating system advertising ID, you will also need to reset the preferences you select in AppChoices.
ConnectedTV or OTT Applications Opt Out
To control sharing of unique identifiers and associated viewing content information from ConnectedTV or OTT applications, you should refer to your account privacy settings or preferences in each of those applications. These services may refer to these activities as ‘viewing information services’, ‘interest-based’ or ‘personalized’ advertising or ‘automatic content recognition’. For Apple TV, refer to ‘Settings/Privacy/Limit Ad Tracking.’ In some cases, such as with OTT mobile applications, you should also follow the instructions above under opting out of mobile applications.
Unsubscribe from our mailing list
You may at any time ask us to remove you from any mailing list on which you previously asked us to include you by sending us an email at email@example.com, by calling us on (857) 244-6200, by contacting using the contact details provided under the “How to contact us” heading below or by clicking “Unsubscribe” in any e-mail communications we send you.
Your Privacy Rights
You have the following data protection choice and rights:
- If you wish to access, correct, update or request deletion of your personal data, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below.
- In addition, if you are located in the EEA, you can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data. You can exercise these rights by completing this PDF form and sending via email to firstname.lastname@example.org.
- Similarly, if we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the EEA are available here.)
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Dataxu cookie settings
PART VII. OTHER IMPORTANT INFORMATION
Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from such individuals. If you become aware that a child has provided us with information, please contact us at email@example.com. If we become aware that a child under the age of 16 has provided us with personal information, we will take steps to delete such information.
How to contact us
Address: 53 State Street, 25th Floor Boston, MA 02109 Attn: Legal Department
For EEA Users
Phone: +44 (20) 37445990
Address: 6 Ramillies Street, London, W1F 7TY, UK, Attn: Legal Department
For the purposes of EU data protection legislation, [dataxu, inc.] is the controller of your Personal Information. Our Data Protection Officer can be contacted at firstname.lastname@example.org.