Rubicon Project Advertising Technology Privacy Policy

Last Updated: April 20, 2018

Table of Contents:
About Us
Information We Collect
How We Collect User Information
How We Use User Information
Legal basis for Processing User Information (EEA end users only)
Information Retention
Sharing of User Information
Information Our Customers and Vendors Collect
Your Opt-Out Choices
European Data Subject Rights
Security
Changes to this Policy
Data Transfers for Residents of the European Economic Area (EEA)
Contact Us

This policy applies to the information Rubicon Project (“Rubicon Project,” “we” or “us”) collect and receive data from individuals (“end users” or “you“) who interact with Digital Media Properties (defined below) that use Rubicon Project’s technology to provide you with ads. Rubicon Project is committed to transparency, and we want you to fully understand how we may collect, use, and share data relating to individuals (like you), and the choices that are available to you.

Please note:
This privacy policy does not govern (i) the collection and use of data on our website (http://www.rubiconproject.com) – that information can be found here; and (ii) our customer’s collection, use and disclosure of information through their Digital Media Properties (defined below), which is governed by their own privacy policies and practices.

About Us

Rubicon Project provides a digital advertising technology platform and related services that connects advertising buyers (advertisers) with sellers (publishers) of advertising inventory. For example, advertisers (or their agents) may use our technology to buy advertising for display on publishers’ websites, mobile applications and other digital media properties (which we collectively refer to as “Digital Media Properties“). We also provide related software and APIs for developers. You can find out more about this here.

Information We Collect

When you visit a Digital Media Property that uses our technology, we collect certain information about you and your device (“User Information“). Some of this information (including for example your IP addresses and certain unique device identifiers), may identify a particular computer or device, and may be considered “personal data” in some jurisdictions, including the European Union.

Information that we collect includes:

  • Information about your behavior on our publishers’ Digital Media Properties: including information about the domain, your referring website addresses, date/time of visits, page view data, search keywords, visitor activities and actions on publisher’s sites, referring/exit pages, platform type, date/time stamp, geolocation (including city, country, zip code, and potentially geographic coordinates if you have enabled location services on your device), click data, types of advertisements viewed;
  • Information about your browser: including information about your browser type and language, and browser history;
  • Information about your device: including information about your IP address, device make, device model, device operating system, device operating system version, and data connection type; and
  • Information about your Internet service: including information about which Internet Service Provider (ISP) you use.

We do not collect any “sensitive” or “special categories of personal data” as defined under European data protection laws.

How We Collect User Information

We use cookies and other standard web technologies to collect information automatically from your device, including:

  • “Tags and Pixels”: these are blocks of code that we and our customers may use to track your navigation of websites or apps using our technology, and your browsing behavior. We use these to synchronize information that we have collected with information independently collected by our customers and other third party advertising platforms and advertisers that are interested in providing you with ads.
  • “Cookies”: these are data files that often include a unique identifier, and are placed on a visitor’s device or computer. We use cookies on our customers’ websites in order to operate our technology and collect User Information. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
  • “SDKs” or “Software Development Kits”: these are blocks of code similar to tags and pixels that are embedded into an app that allow us to track certain information relating to your use of apps using our technology.
  • Mobile device identifiers: We also use standard device identifiers, for example the “IDFA” advertising identifier used on Apple’s iOS devices and the “Google Advertising ID” advertising identifier used on Android devices, to track your use of mobile apps.

Other technologies: Additionally, we use other technologies, including locally stored objects, to collect User Information in order to assist with the delivery of ads and to provide reporting to our customers.

In addition, we also work with third party advertising platforms that separately collect and use User Information to enable our and their customers to deliver targeted advertisements using our advertising technology. As an example, we work with companies that use information about your visits to various websites or applications across multiple devices in order to provide you content and ads of interest across those devices. Our customers may use this third-party data in combination with your User Information to deliver you targeted ads across multiple devices.

How We Use User Information

We primarily use the User Information we collect to enable our customers to find and buy advertising space on publishers’ Digital Media Properties. In particular, our customers use information we provide, in conjunction with other information they have independently collected, to deliver end users targeted advertising they believe will be of particular interest to you based on interests that might be inferred from the User Information that we collect. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

We may also use the User Information we collect for our legitimate business interests:

    • To operate and improve our technology;
  • To compile statistics and conduct research and development for our internal business purposes – all of which is done in aggregate without identifying you;
  • To enable standard advertising controls;
  • To prepare reports that summarize visitor activity;
  • To analyze and report on ad performance (such as tracking views of ad, as well as click-through rates on ads), campaign reporting, and campaign forecasting; and
  • To protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.

Legal basis for Processing User Information (EEA end users only)

If you an end user located in the European Economic Area, our legal basis for collecting and using the User Information described above will depend on the User Information concerned and the specific context in which we collect it.

However, we normally rely on our legitimate interest to collect User Information from you, except where such interests are overridden by your data protection interests or fundamental rights and freedoms. Where we rely on our legitimate interests to process your User Information, they include the interests described in the section headed “How We Use User Information“.

In some cases, we may rely on our consent or have a legal obligation to collect User Information from you or may otherwise need the User Information to protect your vital interests or those of another person. If we rely on consent to collect and/or process your User Information, we will obtain such consent in compliance with applicable laws.

If you have questions about or need further information concerning the legal basis on which we collect and use your User Information, please contact us using the contact details provided under the “Contact Us” heading below.

Information Retention

We never store any data longer than we need it. The cookies set out on our device expire no later than 366 days after they were last accessed. We typically store the User Information we collect, such as IP address and other information described above, for up to 90 days before we anonymize and aggregate that data into summary reports. When we no longer need the User Information we collect, it is deleted from either the cookies or our servers (as applicable).

In some cases, we may keep some of the User Information for longer periods of time where required under certain laws or to comply with law enforcement or regulatory requests – for example, those relating to corporate governance, taxation, money laundering and financial reporting legislation.

Sharing of User Information

We share User Information that we collect as follows:

  • Customer: We share User Information with our advertiser customers to help them identify and buy advertising on publishers’ Digital Media Properties. Customers may use this information in conjunction with other information they have independently collected to provide you targeted advertising and to help them evaluate whether a particular ad campaign may be of interest to you.
  • Rubicon Project Affiliates: We share User Information with other companies in The Rubicon Project group of companies to use for any of the purposes described in this Privacy Policy.
  • Business Transfers: We may share User Information in connection with the sale or transfer of all or a part of our business or assets to a third party buyer.
  • Vital interest, legal rights and compliance with laws. We may share User Information with law enforcement, regulatory authorities, courts with competent jurisdictions, emergency services or other necessary third parties for legal, protection, security, and safety purposes, including:
    • to comply with laws or regulatory requirements and to respond to lawful requests and legal process;
    • to protect the rights and property of Rubicon Project, our agents, customers, and others, including enforcing our agreements, policies, and terms of use and protecting our network and physical assets; and/or
    • to protect the safety of our employees and agents, our customers, or any person.
  • Vendors, partners and other service providers: We may share User Information with our vendors and partners who perform functions on our or our customers’ behalf and require access to such information to provide us with services or do work for us. Examples include: analyzing data, fraud prevention, hosting data, engaging technical support for our technology platform, and performing analysis related to our technology platform and related services.

Information Our Customers and Vendors Collect
Our customers, our vendors, and our customers’ vendors, who use our technology may use their own tags, pixels, cookies, or other similar technology (or those of their other affiliates) within their advertisements and on certain websites. We are not responsible for our customers, vendors and/or our customer’s vendors use of such tracking technologies or for their privacy practices.

Your Opt-Out Choices

There are many ways to opt-out of receiving targeted advertising that our customers may conduct using our technology. Note that different devices use different identifiers and different technologies, so that you must opt out on separately from each browser and each device that you would like to be opted out. If you opt-out of targeted advertising, we will no longer collect User Information described above from your device.

Display

Should you wish to opt-out of the use of information about the websites you visit in order to serve targeted advertising to you using our “display” technology, you can do so using the opt-out tool on our website, at http://rubiconproject.com/privacy/consumer-online-profile-and-opt-out/.

Additionally, you can opt-out by using any of the following three mechanisms. First, because we are a member of the NAI and adhere to the NAI’s code of conduct and mobile code of conduct, you can opt-out of targeted advertising by participating companies, including Rubicon Project, at http://www.networkadvertising.org/choices/. Second, because we adhere to the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Principles, you can visit the DAA’s opt-out page at http://www.aboutads.info/choices/. Third, for users located in the European Union, Rubicon Project also adheres to the Interactive Advertising Bureau of Europe’s Online Behavioral Advertising Framework. Accordingly, EU-based users can opt-out of targeted advertising through the European Interactive Digital Advertising Alliance’s opt-out page at http://www.youronlinechoices.eu. Finally, for users located in Canada, Rubicon Project is a participant in the Digital Advertising Alliance of Canada (“DAAC”), and you can visit the DAAC’s opt-out page at http://youradchoices.ca/choices/.

Please note that these opt-outs operate by placing a cookie on your device that is unique to the browser and device you use to opt-out. They may not function properly if you have configured your browser to reject certain cookies. If you change browsers or computers, or delete the cookies on your computer, you will need to opt-out again. You also can set your browser to notify you when a cookie is being set and to block most cookies, including ours.

Mobile

Your device may give you the ability to opt-out of the use of information about the apps you use in order to serve you ads that are targeted to your interests (“Opt out of Interest-Based Ads” or “Opt out of Ads Personalization” on Android devices or “Limit Ad Tracking” on iOS devices). You may stop the collection of location information by particular apps or from your device as a whole at any time by changing the preferences on your mobile device.

European Data Subject Rights

If you are a resident of a country in the European Economic Area (“EEA”), you have certain rights and protections under the law regarding the collection, processing, and use of information about you. As stated above, the information that we collect about you when you visit Digital Media Properties that use our advertising technology may include certain digital identifiers that are considered “personal data” under European law. We process this data as it is necessary to further the legitimate interests of our publisher customers, who rely on the ability to deliver you and other users with advertisements (including targeted advertisements) in order to fund the online content they deliver to you.

As a resident of a country in the EEA, you have the right to: (i) to request access and obtain a copy of your User Information, (ii) to request rectification or erasure; (iii) to restrict the processing of your User Information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your User Information.

If you would like to exercise any of these rights, please see our Data Subject Rights policy for instructions on how to do so: http://rubiconproject.com/terms-conditions/subject-access-request-policy/. Please note that because most of the information we store can only identify a particular browser or device, and cannot identify you individually, you need to provide us with some additional information to enable us to identify the User Information we hold about you and ensure that we accurately fulfill your request.

In addition, you may also opt-out of receiving marketing communications from Rubicon Project. If you would like to exercise this right, please write to us at the contact details provided below.
Finally, as a resident of the EEA, you have the right to lodge a complaint about our processing of personal data with a European Data Protection Authority. For contact details of your relevant local Data Protection Authority, please see here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.

Security

We use industry-standard technical and organizational security measures to help protect information transmitted over or stored on our systems. Please note that no transmission or storage of information, however, can ever be guaranteed to be completely secure, though we take all reasonable precautions to protect against security incidents.

Changes to this Policy

We may update this policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. If we make material changes to this policy, we will notify you of any material changes by posting the revised policy on this website, and where necessary, by any other means required by applicable law.

Data Transfers for Residents of the European Economic Area (EEA)

Rubicon Project is a global company headquartered in the United States with data centers located in the United States, Europe and Hong Kong. If you are accessing any of the Digital Media Properties from outside the United States, please be aware that your data may be transferred to, stored and processed by us and our affiliates in our facilities in the United States and other countries (including in Hong Kong, Brazil, Japan, Singapore and Australia, where our global affiliates have offices) and by those third parties with whom we may share your User Information.

These countries (including the United States) may not provide an adequate level of data protection for your User Information (as determined by the European Commission) or have data protection or other laws as comprehensive as those in your country. We will however ensure that where Rubicon Project group companies or third party service providers receive User Information outside of the EEA, appropriate protections are in place under European data protection legislation.

For example, in order to ensure that your User Information is adequately protected when transferred outside of the EEA, The Rubicon Project Ltd. has entered into inter-company “model clause” agreements and other adequacy arrangements with other various entities located outside the EEA that may process your User Information on behalf of The Rubicon Project Ltd. A copy of such agreements is available on request.

Contact Us

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact Rubicon Project’s Data Protection Officer by e-mail at privacy@rubiconproject.com or by post using the details provided below:

Residents outside of the European Economic Area

The Rubicon Project, Inc.
Attn: Privacy Officer
12181 Bluff Creek Drive, 4th Floor
Playa Vista, CA 90094
USA

European Economic Area (EEA) residents

The Rubicon Project Ltd.
Attn: Data Protection Officer
Walmar House
5th Floor
296 Regent St.
London, W1B 3HR
United Kingdom

Important note: The data controller of EEA residents’ User Information is The Rubicon Project Ltd at the above address. The Rubicon Project Ltd is registered with the UK Information Commissioner’s Office (registration no. ZA118130).