Last Updated: April 23, 2019
This Policy explains who The Rubicon Project, Inc. and its affiliates (“Rubicon Project” or “we”) are, how we collect, share, and use personal information about you, and how you can exercise your privacy rights.
This Policy only applies to personal information we collect through our websites (such as http://www.rubiconproject.com) (the “websites“) and in the course of our sales and marketing activities.
We recommend that you read this Policy in full to ensure you are fully informed. However, to make it easier for you to review those parts of this Policy which apply to you, we have divided up the document into the following sections:
Information you provide to us
Certain parts of our websites may ask you to provide us with personal information about you voluntarily. For example, we may ask you to provide your contact details (such as your name, email address and phone number) when you: register an account with us; subscribe to our marketing communications; submit enquiries to us; request market reports; and/or request access to a demo.
The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information. We will also let you know prior to collection whether the provision of personal information we are collecting is compulsory or may be provided on a voluntary basis and the consequences, if any, of not providing the information.
The personal information we collect may include contact information such as your name, address, telephone number or email address and contact preferences. It may also include professional information, such as your job title, department or job role, as well as the nature of your request or communication.
In addition, if you choose to correspond with us through email or blog postings, we may retain the content of your email messages together with your email address and our responses.
Information we collect automatically
When using or interacting with our websites and/or marketing emails (collectively with our websites, the “Online Properties“), we may collect certain information automatically from your device. Some of this information, for example your IP addresses and certain unique device identifiers, may identify a particular computer or device, and may therefore be considered “personal data” in some jurisdictions in the European Economic Area and elsewhere. Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and similar tracking technology.”
Specifically, the information we collect automatically may include information like your IP address, device type, domain, referring website address, browser type and language and other technical information. We may also collect information about how your device has interacted with our Online Properties, including the pages accessed, search keywords and links clicked. We refer to all of this information as “Digital Identifiers”.
How we use information you provide to us:
We may use the personal information for a variety of business purposes, including:
How we use the Digital Identifiers we collect:
Collecting this information enables us to better understand the individuals who use and interact with our Online Properties, where they come from, and what content on our Online Properties is of interest to them. We also use this information for our internal analytics purposes and to improve the quality and relevance of our Online Properties.
We do not rent, sell or disseminate personal information we collect about you to third parties for promotional purposes without your consent.
We may disclose your personal information to the following categories of recipients:
Rubicon Project also shares Digital Identifiers with third parties, including advertisers, advertising agencies, and publishing partners, who use the information to provide us services, including advertising services, or do work for us. However, Rubicon Project does not otherwise rent, sell, or disseminate information collected from visitors to its corporate website to third parties.
If you are a visitor from the European Economic Area (“EEA“) or the United Kingdom (“UK“), our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), such legitimate interests include: (i) improving our technology, websites, products and services; (ii) for our marketing activities; and (iii) measuring the effectiveness of our marketing and promotional campaigns.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contact us” heading below.
If you are a resident of a country in the EEA or the UK, you have certain rights and protections under the law regarding the collection, processing, and use of information about you. Specifically, you have the right: (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information.
If you would like to exercise any of these rights, please write to us at the contact details provided below or see our Data Subject Rights policy for instructions on how to do so: http://rubiconproject.com/terms-conditions/subject-access-request-policy/. You may also opt-out of receiving marketing communications from Rubicon Project by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you.
You also have the right to lodge a complaint about our processing of personal data with a European Data Protection Authority. For contact details of your relevant local Data Protection Authority, please see here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. To protect your privacy and security, we take reasonable steps to verify your identity before granting you access to your personal information or making corrections to your personal information.
Rubicon Project is a global company headquartered in the United States with data centers located in the United States, Europe and Hong Kong. If you are accessing any of our Online Properties from outside the United States, please be aware that your data may be transferred to, stored and processed by us and our affiliates in our facilities in the United States and other countries (including in Hong Kong, Brazil, Japan, Singapore and Australia, where our global affiliates have offices) and by those third parties with whom we may share your personal information.
These countries (including the United States) may not provide an adequate level of data protection for your personal information (as determined by the European Commission) or have data protection or other laws as comprehensive as those in your country. We will however ensure that where Rubicon Project group companies or third party service providers receive personal information outside of the EEA, appropriate protections are in place under European data protection legislation. In this regard, The Rubicon Project, Inc. and its US subsidiaries, Rubicon Project Hopper, Inc. and Rubicon Project Apex, Inc., have self-certified to the Privacy Shield (see below) to ensure that appropriate safeguards are in place when personal information is transferred outside of the EEA, UK and Switzerland.
If you would like to learn more about the safeguards we put in place for international transfers, please contact us using the contact details further below.
The Rubicon Project, Inc. and its US subsidiaries, Rubicon Project Hopper, Inc. and Rubicon Project Apex, Inc., comply with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce with respect to personal information concerning individuals from the EEA, UK and Switzerland. Please see our Privacy Shield Notice to learn more.
We use industry-standard technical and organizational security measures to help protect information transmitted over or stored on our systems. Please note that no transmission or storage of information, however, can ever be guaranteed to be completely secure, though we take all reasonable precautions to protect against security incidents.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
The cookies set out on our device expire no later than 366 days after they were last accessed. We typically store the personal information we collect, such as IP address and other information described above, for up to 90 days before we anonymize and aggregate that data into summary reports. When we no longer need the personal information we collect, it is deleted from either the cookies or our servers (as applicable).
We may keep personal information for longer periods of time where required under certain laws or to comply with law enforcement or regulatory requests – for example, those relating to corporate governance, taxation, money laundering and financial reporting legislation.
We may update this policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. If we make material changes to this policy, we will notify you of any material changes by posting the revised policy on this website, and where necessary, by any other means required by applicable law.
We are not responsible for the practices employed by websites or applications (including widgets) linked to or from our website nor the information or content contained therein. Often links to other websites are provided solely as pointers to information on topics that may be useful to the users of our website. Please remember that your browsing and interaction on any other website, including websites which have a link on our website, is subject to that website’s own rules and policies.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact Rubicon Project’s Privacy Team by email at firstname.lastname@example.org or by post using the details provided below:
The Rubicon Project, Inc.
Attn: Privacy Team
12181 Bluff Creek Drive, 4th Floor
Playa Vista, CA 90094
You can also contact Rubicon Project’s Data Protection Officer at email@example.com
The data controller of EEA and UK residents’ personal information is The Rubicon Project, Inc. at the above address.
Our EU data protection representative is The Rubicon Project Ltd., who can be contacted at: Walmar House, 5th Floor, 296 Regent Street, London W1B 3AP, United Kingdom.