Website Privacy Policy

Last Updated: May 24, 2018

This Policy explains who The Rubicon Project, Inc. and its affiliates (“Rubicon Project” or “we”) are, how we collect, share, and use personal information about you, and how you can exercise your privacy rights.

This Policy only applies to personal information we collect through our websites (such as  https://rubiconproject.com) (the “websites“) and in the course of our sales and marketing activities.

NOTE: For personal information that we collect when you use or otherwise interact with digital media properties that use our ad technology, please see the Rubicon Project Advertising Technology Privacy Policy.

QUICK LINKS

We recommend that you read this Policy in full to ensure you are fully informed. However, to make it easier for you to review those parts of this Policy which apply to you, we have divided up the document into the following sections:

ABOUT US

Rubicon Project is headquartered in the United States and provides a digital advertising technology platform and related services. You can find out more about our technology and services in our Advertising Technology Privacy Policy and here.

INFORMATION WE COLLECT

Information you provide to us

Certain parts of our websites may ask you to provide us with personal information about you voluntarily. For example, we may ask you to provide your contact details (such as your name, email address and phone number) when you: register an account with us;  subscribe to our marketing communications; submit enquiries to us; request market reports; and/or request access to a demo.

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information. We will also let you know prior to collection whether the provision of personal information we are collecting is compulsory or may be provided on a voluntary basis and the consequences, if any, of not providing the information.

The personal information we collect may include contact information such as your name, address, telephone number or email address and contact preferences.  It may also include professional information, such as your job title, department or job role, as well as the nature of your request or communication.

In addition, if you choose to correspond with us through email or blog postings, we may retain the content of your email messages together with your email address and our responses.

Information we collect automatically

When using or interacting with our websites and/or marketing emails (collectively with our websites, the “Online Properties“), we may collect certain information automatically from your device. Some of this information, for example your IP addresses and certain unique device identifiers, may identify a particular computer or device, and may therefore be considered “personal data” in some jurisdictions in the European Economic Area and elsewhere. Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and similar tracking technology.”

Specifically, the information we collect automatically may include information like your IP address, device type, domain, referring website address, browser type and language and other technical information.  We may also collect information about how your device has interacted with our Online Properties, including the pages accessed, search keywords and links clicked. We refer to all of this information as “Digital Identifiers”.

HOW WE USE YOUR INFORMATION

How we use information you provide to us:

We may use the personal information for a variety of business purposes, including:

  • To respond to your requests or provide you with information requested by you;
  • To send administrative or account related information to you;
  • To communicate with you about updates to our products and services;
  • To maintain our websites and tailor our websites to your needs;
  • For other business purposes, such as data analysis, identifying usage trends, determining the effectiveness of our marketing and to enhance, customize and improve our websites, products and services;
  • To comply with and enforce applicable legal requirements, agreements and policies;
  • To prevent, detect, identify, investigate, respond and protect against potential or actual claims, liabilities, prohibited behavior, and criminal activity; and
  • To notify you about important changes to our website, new services and special opportunities we think you will find valuable where this is in accordance with your expressed marketing preferences. You may notify us at any time if you do not wish to receive these offers by emailing us at privacy@rubiconproject.com.

How we use the Digital Identifiers we collect:

Collecting this information enables us to better understand the individuals who use and interact with our Online Properties, where they come from, and what content on our Online Properties is of interest to them. We also use this information for our internal analytics purposes and to improve the quality and relevance of our Online Properties.

HOW WE SHARE YOUR INFORMATION

We do not rent, sell or disseminate personal information we collect about you to third parties for promotional purposes without your consent.

We may disclose your personal information to the following categories of recipients:

  • to our group companies, third party services providers and partners who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our websites), or who otherwise process personal information for purposes that are described in this Policy or notified to you when we collect your personal information;
  • to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
  • to a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Policy; and
  • to any other person with your consent to the disclosure.

Rubicon Project also shares Digital Identifiers with third parties, including advertisers, advertising agencies, and publishing partners, who use the information to provide us services, including advertising services, or do work for us. However, Rubicon Project does not otherwise rent, sell, or disseminate information collected from visitors to its corporate website to third parties.

COOKIES AND SIMILAR TRACKING TECHNOLOGY

To find out more about our use of cookies and other tracking technologies to collect information about you, as well as how to manage your preferences, please see our Cookie Policy.

LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION (EEA VISITORS ONLY)

If you are a visitor from the European Economic Area, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.  In some cases, we may also have a legal obligation to collect personal information from you.

Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), such legitimate interests include: (i) improving our technology, websites, products and services; (ii) for our marketing activities; and (iii) measuring the effectiveness of our marketing and promotional campaigns.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contact us” heading below.

EUROPEAN DATA SUBJECT RIGHTS

If you are a resident of a country in the European Economic Area (“EEA”), you have certain rights and protections under the law regarding the collection, processing, and use of information about you.  Specifically, you have the right to: (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information.

If you would like to exercise any of these rights, please write to us at the contact details provided below or see our Data Subject Rights policy for instructions on how to do so: https://rubiconproject.com/terms-conditions/subject-access-request-policy/.  You may also opt-out of receiving marketing communications from Rubicon Project by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you.

You also have the right to lodge a complaint about our processing of personal data with a European Data Protection Authority.  For contact details of your relevant local Data Protection Authority, please see here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.  To protect your privacy and security, we take reasonable steps to verify your identity before granting you access to your personal information or making corrections to your personal information.

DATA TRANSFERS FOR VISITORS FROM THE EUROPEAN ECONOMIC AREA (EEA)

Rubicon Project is a global company headquartered in the United States with data centers located in the United States, Europe and Hong Kong. If you are accessing any of our Online Properties from outside the United States, please be aware that your data may be transferred to, stored and processed by us and our affiliates in our facilities in the United States and other countries (including in Hong Kong, Brazil, Japan, Singapore and Australia, where our global affiliates have offices) and by those third parties with whom we may share your personal information.

These countries (including the United States) may not provide an adequate level of data protection for your personal information (as determined by the European Commission) or have data protection or other laws as comprehensive as those in your country. We will however ensure that where Rubicon Project group companies or third party service providers receive personal information outside of the EEA, appropriate protections are in place under European data protection legislation.

For example, in order to ensure that your personal information is adequately protected when transferred outside of the EEA, The Rubicon Project Ltd. has entered into inter-company “model clause” agreements and other adequacy arrangements with other various entities located outside the EEA that may process your personal information on behalf of The Rubicon Project Ltd.  A copy of such agreements is available on request.

SECURITY

We use industry-standard technical and organizational security measures to help protect information transmitted over or stored on our systems. Please note that no transmission or storage of information, however, can ever be guaranteed to be completely secure, though we take all reasonable precautions to protect against security incidents.

INFORMATION RETENTION

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

The cookies set out on our device expire no later than 366 days after they were last accessed.  We typically store the personal information we collect, such as IP address and other information described above, for up to 90 days before we anonymize and aggregate that data into summary reports. When we no longer need the personal information we collect, it is deleted from either the cookies or our servers (as applicable).

We may keep personal information for longer periods of time where required under certain laws or to comply with law enforcement or regulatory requests – for example, those relating to corporate governance, taxation, money laundering and financial reporting legislation.

CHANGES

We may update this policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. If we make material changes to this policy, we will notify you of any material changes by posting the revised policy on this website, and where necessary, by any other means required by applicable law.

THIRD PARTY WEBSITES

We are not responsible for the practices employed by websites or applications (including widgets) linked to or from our website nor the information or content contained therein. Often links to other websites are provided solely as pointers to information on topics that may be useful to the users of our website. Please remember that your browsing and interaction on any other website, including websites which have a link on our website, is subject to that website’s own rules and policies.

CONTACT US

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact Rubicon Project’s Data Protection Officer by email at privacy@rubiconproject.com or by post using the details provided below:

Residents outside of the European Economic Area

The Rubicon Project, Inc.
Attn: Data Protection Officer
12181 Bluff Creek Drive, 4th Floor
Playa Vista, CA 90094
USA

European Economic Area (EEA) residents

The Rubicon Project Ltd.
Attn: Data Protection Officer
Walmar House
5th Floor
296 Regent St.
London, W1B 3HR
United Kingdom

Important note: The data controller of EEA residents’ personal information is The Rubicon Project Ltd at the above address. The Rubicon Project Ltd. is registered with the UK Information Commissioner’s Office (registration no. ZA118130).