Subject Access Request Policy

Updated: May 05, 2016

Rubicon Project is committed to transparency, and we want you to have access to personal data that we may have about various devices that you may use to access the Internet. As stated in our privacy policy, our advertising technology does not collect any information that directly identifies you as an individual, and instead only collects certain digital identifiers that may identify your device or your Internet browser (each, a “Digital Identifier”). As such, in order to provide you with access to personal data connected with your Digital Identifiers, you will need to provide us with additional information, as explained below, to enable us to locate relevant records.


Your Rights

If you make a subject access request as set out in this policy, you are entitled to the Digital Identifiers of yours that Rubicon Project may store. Additionally, because Rubicon Project is committed to transparency, we also commit to provide you with other information that we may have stored and associated with your Digital Identifiers—for example, transaction logs reflecting where one of our customers used or attempted to use our advertising technology to deliver an advertisement to a website or application that you accessed.

Please note, however, that we have a very short retention period for most files with Digital Identifiers that we store or process. As such, we may not be able to provide you any files at all. In such cases, however, we will inform you that we have not been able to locate any records associated with your Digital Identifiers.


How to Make a Request

Step 1: Locating Your Digital Identifiers

In order for us to locate relevant records, we will need you to provide us with your Digital Identifiers. You can find your Digital Identifiers as follows:

  • Web Browsing

As described in our privacy policy, our advertising technology operates by using text files called “cookies” that are placed on your device. Some of these cookies include a Digital Identifier. To locate these Digital Identifiers, you can search through your cookies for the cookies named “ruid” (which is set from the rubiconproject.com domain) and “_t” (which is set from the chango.com domain). The text in each of these cookies is a separate Digital Identifier.

Please keep in mind that different cookies are placed on each browser that you use to access the Internet. As a result, if you use multiple browsers (for example, Google Chrome and Mozilla Firefox), you will need to locate the “ruid” and “_t” cookies for each browser. If you need assistance locating these cookies for your browser, please feel free to email us for assistance at privacy@rubiconproject.com.

  • Mobile Devices

Additionally, certain mobile devices (for example, mobile phones or tablets using the iOS or Android operating systems) generate persistent a “Advertising Identifier” per device, which, among other things, can be used by third parties for purposes of providing you with targeted advertising. On iOS devices, your Advertising Identifier may be referred to as an “IDFA,” “IFA,” or an “ID for Advertising.” On Android devices, your Advertising Identifier may be referred to as an “Advertising ID.” Please follow instructions from your mobile device manufacturer on how to locate your specific Advertising Identifier.

Step 2: Verification of Your Digital Identifiers

In order to make sure that we are only providing personal data to the correct person, we also will need some supporting proof to demonstrate that you are indeed connected to the Digital Identifiers you located in Step 1. For Digital Identifiers stored in cookies, please take a screenshot of each cookie, taking care to make sure that the screenshot shows both the name of the cookie and the full Digital Identifier. For Digital Identifiers located on a mobile device, please take a screenshot of a screen that displays the Digital Identifier. Additionally, please fill out and sign the affidavit (click here to download PDF) that we have prepared, which attests that the Digital Identifiers you have located are indeed associate with you.

Step 3: Contacting Rubicon Project

Once you have located your Digital Identifiers and can provide us with verification of those Digital Identifiers, you should reach out to us. The easiest way to do so would be to email us at privacy@rubiconproject.com. Please make sure to include the following information in your email:

  • Your full name
  • The country in which you are located at the time you are making your request
  • A full list of your Digital Identifiers
  • Supporting proof, as described in Step 2
  • A signed affidavit, linked in Step 2

You can also make a subject access request by mail, by sending a written request with all of the above-listed information to the following address:

For residents outside of the European Economic Area:

The Rubicon Project, Inc.
Attn: Privacy Officer
12181 Bluff Creek Drive, 4th Floor
Playa Vista, CA 90094
USA

European Economic Area (EEA) residents:

The Rubicon Project Ltd.
Attn: Data Protection Officer
Walmar House
5th Floor
296 Regent St.
London, W1B 3HR
United Kingdom

Important note: The data controller of EEA residents’ personal information is The Rubicon Project Ltd at the above address. The Rubicon Project Ltd is registered with the UK Information Commissioner’s Office (registration no. ZA118130).