Last Updated August 31, 2020
1. The Company Platform
Company operates several platforms and services that comprise our “Services.” These include the Unruly Platform, Tremor Video DSP, Unruly DMP and RhythmOne Platform.
2. The Information We Collect and Use In Providing Our Services
We (or our Customers or these Partners) may provide relevant content and targeted advertising to consumers by using automated technologies such as cookies, including non-HTTP cookies, pixel tags, mobile identifiers and SDKs, each of which we describe below, and in Section 3 titled, “Cookies, Pixel Tags, SDKs and Similar Technologies.” These technologies often generate or collect unique identifiers, such as cookie IDs or mobile advertising IDs.
We describe below these and other categories of information that we receive from consumers operating systems, browsers and devices, as well as from Customers, Partners, advertising platforms and networks, and data resellers. (Some companies may fit into more than one such category.) We have tried to describe the information in a way that is easy to understand:
a. Identifiers collected from website and app sources
whether directly or through other content and information platforms, including:
- Online cookie IDs
- Mobile advertising identifiers (e.g., IDFAs, Ad IDs) and other mobile device or browser identifiers
- IP addresses
- Identifiers related to other devices, such as connected TVs
We refer to all of the above as “IDs“
b. Online usage information or “log” information
Generally related to the above IDs
- Data related to or describing a web browser, operating system, and device, such as the name and version of your browser
- connection data, including (as described above) current IP address, from which location may be inferred
- online usage data including websites visited, websites visited prior to a web visit, date/time stamp
- Information related to interactions with ads and marketing, such as consumer engagement with an ad
- Information related to interactions with websites, such as whether a consumer was “referred” through another website or a shared link.
- We may link any of the above to our own or our Partners’ and Customers’ IDs.
We receive the above information from Customers and Partners, advertising platforms and networks, and data resellers. (Some companies fit into more than one of those categories.)
c. Demographic and Interest-Based Information
- We may collect, use, or create “audience segments” (also referred to as “data segments), which are generally used to tailor advertising and marketing to consumers and to analyze consumer interaction with such ads. Audience segments are interest-based or demographic-based groupings of large numbers of users, generally in aggregated form, tied to the above IDs. For instance, an inference that Ad ID X35%979J is interested is “Sports” might be drawn from the fact that the browser often views sports-related content. Or, an inference that Cookie ID 4Qj7e9!x may be interested in a new car may be drawn from the corresponding browsers frequent search of new automobile reviews. (Actual IDs are generally much longer strings of code; the above are simply used for illustration.)
- Sometimes these inferences are made from “offline data” that is coded and linked to cookies and IDs (and further linked to our own cookies and IDs) by Partners that create “hashed” (coded) values to replace “real-world” identifiers such as email addresses.
- Sometimes these inferences are made from demographic information (“protected classifications” for purposes of the California CCPA), such as gender or age, or inferred income level.
- Sometimes, these audience segments are associated with the likelihood to have a particular health condition. A list of our standard health segments is here. (We endeavor to update the list frequently, but the list may not be current to the precise date.) In addition, we may sometimes create “custom” health-related segments, or work with advertisers or partners who use such segments. Those “custom” segments change over time, but a representative sample is included. Note that such information is only collected/processed at an aggregate level and solely in the U.S. and Canada.
d. Transactional information from our Customers
Our Customers may provide us with their own proprietary or licensed information, including “audience segments” described above, to help us better perform or deliver our Services.
e. Geolocation Information
The mobile information we collect or receive from our Partners and Customers also may include geolocation information, which may be precise, that may help us or our Customers to target ads or tailor content to your precise location. For instance, if we believe that you are often near a particular store in Northern New Jersey, we might send you an ad targeted to that store, rather than another store in the general area.
f. Further Description of Technologies
3. Cookies, Pixel Tags, SDKs and Similar Technologies
The Company (along with our Partners and Customers) uses a variety of technology to collection information. These are listed and described below.
A tracking “pixel” is a transparent graphic image (usually a 1 x 1 pixel) that is placed on a web page and allows for the collection of information regarding the use of the web page that contains the tracking pixel. Company collects technical and usage information through the use of tracking pixels.
c. Mobile Device Identifiers and SDKs
We also sometimes use, or partner with Publishers or Publisher-facing and app developer platforms that use mobile SDKs to collect information, such as mobile identifiers (e.g., IDFAs and Android Advertising IDs), and information connected to how mobile devices interact with our Services and those using our Services. A mobile SDK is the mobile app version of a pixel tag or beacon (see “Pixels,” above). The SDK is a bit of computer code that app developers can include in their apps to enable ads to be shown, data to be collected, and related services to be implemented. We may use this technology to deliver certain advertising through mobile applications and browsers based on information associated with your mobile device. If you’d like to opt-out from having ads tailored to you in this way on your mobile device, please follow the instructions in the “Your Choices” section below.
d. Third Party Suppliers and Vendors
e. Disabling Cookies
4. The Business Purposes For Which We Use and Share the Information We Collect
a. Our Purposes Generally
Principally, we use the information described in Section 2 to operate, provide, develop and improve our Services. This involves facilitating various types of advertising and marketing to make them more effective, more relevant, and (we believe) more likely to engage and interest (and less likely to annoy) consumers.
b. Personalized Advertising
This includes facilitating and providing behavioral advertising, i.e., tailoring advertising and content using the types of “audience segments” or “data segments” (and other, related types of information) we describe in Section 2. As we also describe in Section 2, these audience segments may be based on your activity across multiple websites or mobile apps over time, on your transactions, on your location, or on coded or “hashed” data derived from offline demographic and interest data. Generally, the tailoring of ads to devices and browsers (and sometimes through other channels) based on this type of data is called “interest-based” or “personalized” advertising. (Please go to Section 6 to learn about what choices you have, in control how you are marketed to in this way.)
c. Other Advertising and Analytics Purposes
We also use the information to analyze, measure the effectiveness of, frequency-cap or sequence advertising. For instance, we may use the information we collect to compare how many “clicks” the recipients of one ad campaign receives vs. a different ad campaign. Or, we may track which users have seen which ads, to avoid a user being shown the same ad repeatedly.
d. Syncing Identifiers
We sometimes integrate our information with Partners, to allow advertisers to access our information across other platforms (and their information across our platform), in order to allow advertisers to reach more consumers across various channels. This may include online, offline, social media or television advertising.
e. Identity Graphing
We may also create or help our Customers or Partners to create “identity” graphs, to help locate users across various channels, such as based on common personal, device-based, or network-based identifiers (e.g., IP address, email address).
f. Other Business Purposes
We also may also use the information we collect for internal research, internal operations, auditing, detecting and preventing security incidents, anti-fraud purposes, debugging, short-term and transient use, quality control, and legal compliance.
5. Why And With Whom We Share the Information We Collect
a. To Provide our Services
Generally, we share the information that we collect in order to perform our Services, including for purposes of targeting advertising, performing analytics on ads, and measuring ad performance.
- We share the information we collect with our Customers, who are a wide range of businesses, retailers, content publishers, non-profit entities, business-to-business service companies and other consumer brands, as well as their ad agencies and service providers.
- We also share the information we collect with Partners.
b. For Legal Purposes
c. In the Event of a Corporate Transaction
We may also share personal information in the event of a corporate transaction, including for example a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets, or for purposes of due diligence connected with any such transaction.
d. With Service Providers
6. Your Choices: How To Opt-Out of Tracking (Interest-Based Advertising) on Web Browsers and Mobile Devices
a. Opting Out of Interest-Based Advertising
The Company adheres to the DAA Principles and Tremor Video, Inc adheres to the DAAC principles. To learn more about interest-based advertising or to opt-out of this type of interest-based advertising by those third parties that are members of DAA’s opt-out program, please go to https://www.aboutads.info/. RhythmOne LLC dba Unruly is a member of the NAI and adheres to the (current) NAI Code of Conduct. To learn more about the NAI and its members, or to opt-out of interest-based advertising facilitated by NAI members, please go to http://optout.networkadvertising.org/?c=1. You may also opt-out of our own interest-based advertising on those same web pages, or you can simply visit our Opt-Out page. (We make no representation about the accuracy or effectiveness of other providers opt out mechanisms, including those listed on the above industry websites.)
You can opt-out of receiving our Cookies. Persistent Cookies may be removed by following your Internet browser help file directions. If you choose to disable Cookies, some areas of our Website may not work properly. If you opt out, your web browser will be associated with a generic “opt-out” cookie, which will prevent us from associating any non-personally identifiable information with your browser.
You can also opt-out of targeted advertising based on data collected via your browser by using (i) the NAI’s opt-out tool, which can be found here; (ii) the DAA’s opt-out tool, which can be found here; (iii) the DAAC’s opt-out tool, which can be found here; or (iv) the EDAA’s opt-out tool, which can be found here.
When you opt out, we will stop (a) collecting information about your interests via your browser and (b) serving you targeted advertising based on the data collected via your browser.
We will subsequently place a piece of data in your browser’s cookie that tells us that you have opted out – it does not contain any data about you except for the fact that you have opted out. We need this cookie in place so that we know not to collect information about your interests and serve you targeted advertising based on your interests in the future. Our “opt-out” cookie has a 13 month expiration date.
Keep in mind that participating in our opt-out program does not prevent you from seeing advertising served by us, instead, the ads we serve to you will be generic and not be targeted to
b. In-App Data Opt-Out
You may opt out of mobile app interest-based advertising through your mobile device settings, as applicable to most (but not necessarily all) mobile devices. Please go to the NAI “Mobile Choices” web page for further information about how to do this. When you do this, we will no longer use information collected through your mobile apps to deliver behaviorally targeted advertising to your device. Please note that you will continue to receive advertising after you opt-out, but it may not be tailored to your interests.
c. Viewed Content Advertising and Smart-TVs
We may sometimes receive data from connected or “smart” TVs or OTT devices or other internet-connected devices used with televisions) in order to target or help our customers target personalized advertising on those devices, other devices, or browsers. To learn how to opt out from the collection or use of that data for Personalized Advertising, please refer to the privacy settings for your OTT device, or go to the NAI “Connected TV Choices Page” here.
7. Do Not Track
Although certain of our technology honors “do not track” (DNT) signals and similar mechanisms transmitted by web browsers or mobile device operating systems, we are not responsible, and shall not be liable, for the acts of third parties, such as ad networks, with respect to such third parties’ tracking policies. (We make no representation about the accuracy or effectiveness of other providers’ opt out mechanisms, including those listed on the above industry websites.)
Our websites and Services are neither developed for, nor directed at, children under the age of 16. We do not knowingly collect personal information from nor employ or offer targeting towards children under the age of 16. If you believe your child, who is under the age of 16, has provided us with personal information or registered at one of our websites, please contact us at email@example.com and we will use reasonable efforts to remove that information from our records.
9. Privacy Information for the Company Corporate Websites
a. Collection of Personal Information
b. How We Use This Personal Information
Generally, we use the information we collect to provide customers and potential customers with information that they requested, to correspond about any questions or concerns brought to our attention, to notify such persons of new services or updates to our existing Services or more generally to market and promote our Services. We also use this information as follows:
- In the Event of a Corporate Transaction: We may also share personal information in the event of a corporate transaction, including for example a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets, or for purposes of due diligence connected with any such transaction.
- With Service Providers: We may share personal information we collect with our service providers, which may include (for instance) providers involved in tech or customer support, operations, web or data hosting, billing, accounting, security, marketing, data management, validation, enhancement or hygiene, or otherwise assisting us to provide, develop, maintain and improve our Services. (We do not, on the other hand, “sell” our customer information.)
c. Your Marketing Choices
Anyone who has provided personal contact information through Company’s corporate websites may e-mail us at firstname.lastname@example.org to update, delete, and/or correct their personal contact information, or contact us at the information provided in Section 16. You may likewise request access or “deletion” of your information through the same means: however, if you are an entity we have done business with, we will likely need to retain your data for business purposes such as accounting, billing, auditing and fulfilling other legal requirements. To “opt out” of advertising platforms we may work with for our own corporate purposes (e.g., to “retarget” our customers or potential customers from this website), you may generally rely on the consumer choice mechanisms we set out in Section 6.
10. For California Residents: Information About Your CCPA Rights
a. The right to access and disclosure
You may have the right to request, twice during a twelve-month period, the following information about the personal information we have collected about you during the past 12 months:
- the categories and specific pieces of personal information we have collected about you;
- the categories of sources from which we collected the personal information;
- the business or commercial purpose for which we collected or sold the personal information;
- the categories of third parties with whom we shared the personal information; and
- the categories of personal information that we sold or disclosed for a business purpose, and the categories of third parties to whom we sold or disclosed that information for a business purpose.
b. The right to deletion
You may have the right to request that we delete the personal information we have collected from you. Certain information may be exempt from such requests under applicable law. We need certain types of information so that we can provide our Services to you, and may retain certain information for important business purposes, such as fulfilling our legal obligations, or for security, auditing or de-bugging purposes.
c. How to exercise your access and deletion rights
California residents may exercise their California access or deletion rights by accessing our Do Not Sell link or, by sending an email to email@example.com.
For security purposes, we will verify your identity – in part by requesting or automatically capturing certain information from you — when you request to exercise your California privacy rights. For instance, you may need to provide your email address. To request that we provide you with the specific pieces of personal information we have from you or to delete personal information we have collected from you, we may also need to ask you for additional information to verify your identity. Once we have verified your identity (and your agent, as applicable), we will respond to your request as appropriate:
- Where you have requested the categories of personal information that we have collected about you, we will provide the information you have requested, except where not permitted under applicable law or otherwise exempted by the CCPA.
- Where you have requested specific pieces of personal information, we will provide the information you have requested, except where not permitted under applicable law or otherwise exempted by the CCPA.
- Where you have requested that we delete personal information that we have collected from you, we will delete any information about you that is not necessary for the purposes indicated above or another permissible business, security or legal purpose. Certain information may be exempt from such requests under applicable law.
If we are unable to complete your requests fully for any of the reasons above, we will provide you additional information about the reasons that we could not comply with your request.
d. The right to nondiscrimination
We will not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights.
e. The right to opt-out of the sale of your personal information
You have the right to opt out of the sale of your personal information. California law broadly defines sale such that it may include, for example, allowing third parties to receive and use certain information, such as cookies IP address and/or browsing behavior, to deliver targeted advertising.
If you wish to “opt out” of our “sale” of your information, i.e., for purposes of personalized advertising, we recommend employing the options we provide and explain in Section 10 c. (as we believe those methods are the easiest and most efficient). However, you may also visit the interactive form that we make available at our opt-out location.
f. Authorized Agents
You may also designate an agent to make requests to exercise your rights under CCPA as described above. We will take steps both to verify the identity of the person seeking to exercise their rights as listed above, and to verify that your agent has been authorized to make a request on your behalf through providing us with a signed written authorization or a copy of a power of attorney.
11. Where Company Stores Personal Data
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfillment of your order or the provision of support services. We strive to transfer your information where there are appropriate measures and controls in place, and we strive to ensure that all information you provide to us is stored on secure servers.
12. For European Residents: About your GDPR Privacy Rights
a. Our legal bases for using personal information
All organizations need a legal reason to use your personal information. There are a number of legal grounds that enable data processing. Below are the most relevant grounds you should be aware of.
With your consent
There are some activities where we process personal information with your consent. For example, where we want to send you marketing messages by email, we would ask your permission first and you could opt out at any time.
For a legitimate interest
We may use your information where there is a legitimate interest to do so. For example, we may use your information where it would help achieve our business objectives or to facilitate a benefit to you or someone else. Our legitimate interests in processing personal data include:
- to develop, deliver and maintain relevant and engaging products, services and advertising;
- understanding when audiences engage with our clients’ ads;
- to build a clearer understanding of who our clients’ audiences are in order to better serve more relevant advertising to those audiences, for the benefit of both individuals and our clients;
- to maximize advertising revenues for publishers and therefore help to maintain a diverse ecosystem of online independent publishers of content for users to enjoy and educate themselves;
- to support individual and societal rights to receive information;
- to improve user website experience by delivering brand safe, high quality advertising to all of the publishers of online content with which we work;
- to carry on the business of a commercial organization;
- to demonstrate that we provide services and products to agreed industry standards;
- sharing information with the Tremor International group companies for analysis, audience insights, business efficiencies, content personalization and to deliver relevant advertising.
To comply with legal obligations
There may be situations where we need to use your information to comply with legal and regulatory obligations or defend claims.
b. Exercising Your Data Subject Rights Under the GDPR
If you are a resident of the European Economic Area, you have the following data protection rights:
- If you wish to access, correct, update or request deletion of your personal data, you can do so at any time by contacting us at firstname.lastname@example.org or you may visit our [your data page], where you may make an “access” or “right to know” request, or request that we “opt out” your personal information from our active database.
- In addition, you can object to processing of your personal data, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us at email@example.com.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us at firstname.lastname@example.org.
- Similarly, if we have collected and process your personal data with your consent, then you can withdraw your consent at any time, by contacting us at email@example.com or (as to information that we use in our Services), by going to [your data page]. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
14. Data Retention
The Company retains information it uses for its Services for no more than 7 years, and expires certain cookies, including cookies directed to European users, after 13 months. Except as permitted by law, we may aggregate de-identified or non-identified user information (e.g., to create group-level data), which we may keep for an indefinite period.
15. Information Security
We take measures to protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of data we collect and store. These may include internal reviews of our data collection, storage, firewalls and processing practices and security measures. Of course, no security system is perfect. Thus, while we do take measures to safeguard against unauthorized access to, or alteration of data we collect and store, we cannot guarantee that it will not be disclosed or accessed inadvertently or through the unauthorized acts of others.
16. How to Contact Us
If you have any questions, concerns or requests please contact us by email at firstname.lastname@example.org or 1177 Avenue of the Americas, 9th Floor, New York, NY, 10036.