Last Updated: July 12, 2021
Table of Contents:
Information We Collect
How We Collect User Information
How We Use User Information
Sharing of User Information
Information Our Customers and Vendors Collect
Your Opt-Out Choices
Your Choices and Rights
Additional Information for California Residents
Additional Information for EEA, UK, and Switzerland End Users
Changes to this Policy
This policy applies to the information Rubicon Project (“Rubicon Project,” “we” or “us”) collects and receives from individuals (“end users” or “you”) who interact with Digital Media Properties (defined below) that use Rubicon Project’s technology to provide you with ads. Rubicon Project is committed to transparency, and we want you to fully understand how we may collect, use, and share information relating to individuals (like you), and the choices that are available to you.
Rubicon Project provides a digital advertising technology platform and related services that connects advertising buyers (advertisers) with sellers (publishers) of advertising inventory (in other words, the opportunity to display a buyer’s advertisement on a seller’s Digital Media Property). In this policy, we refer to our buyers and sellers collectively as “clients”.
For example, advertisers (or their agents) use our technology to buy advertising for display on publishers’ websites, mobile applications, television, and other digital media properties (which we collectively refer to as “Digital Media Properties”). We also provide related software and APIs for developers. You can find out more about this here.
When you visit a Digital Media Property that uses our technology, we collect certain information about you and your device (collectively, “User Information”). This information does not directly identify you – we don’t collect your name or contact details – but it may be considered “personal data” or “personal information” under applicable privacy or data protection laws.
In particular, we collect identifiers such as your IP addresses, cookie identifiers, and mobile device identifiers. These identifiers may identify a particular computer, mobile device, television, or other device. We also collect information about your activity online, including the following categories of internet or electronic network activity:
- Information about your behavior on our publishers’ Digital Media Properties: including information about the domain, topic or name of property, your referring website addresses, date/time of visits, view data, search keywords, visitor activities and actions on publisher’s properties, referring/exit pages, platform type, date/time stamp, non-precise location information (including city, country, zip code), click data, types of advertisements viewed;
- Information about your browser: including information about your browser type, version, language, and history;
- Information about your device: including information about your IP address, device make, device model, device operating system, device operating system version, and data connection type; and
- Information about your Internet service: including information about which Internet Service Provider (ISP) you use.
We may also collect precise geolocation information if you have actively enabled location services on your device and a Digital Media Property passes it to us.
Our clients may collect and store inferences about user activity using our technology. The Rubicon Project does not itself make inferences about users interests or preferences, but others may do so using our platform.
Other technologies: Additionally, we use other technologies, including local storage, to collect User Information in order to assist with the delivery of ads and to provide reporting to our customers.
We also work with third-party advertising platforms that separately collect and use User Information to enable our and their customers to deliver targeted advertisements using our advertising technology. As an example, we work with third-party advertising companies that use information about your visits to various websites or applications across multiple devices in order to provide you content and ads of interest across devices that they think are associated with you or your household, including web browsers, mobile apps, and televisions. Our clients may use this third-party data in combination with the User Information we collect to deliver you targeted ads across multiple devices.
Our clients use User Information in order to buy and sell advertising space on Digital Media Properties. In particular, our clients use information we provide, in conjunction with other information they have independently collected, to deliver end users targeted advertising they believe will be of particular interest to those users. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
We also use the User Information we collect for our legitimate business interests, some of which are “business purposes” under California law, including:
- To enable our clients to offer and buy advertising opportunities on Digital Media Properties;
- To operate and improve our technology;
- To compile statistics and conduct research and development for our internal business purposes – all of which is done in aggregate without identifying you;
- To prepare reports that summarize visitor activity;
- To enable standard advertising controls;
- To analyze and report on ad performance (such as tracking views of ad, as well as click-through rates on ads), campaign reporting, and campaign forecasting; and
- To protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
We disclose User Information that we collect as follows:
- Clients: We share User Information with our advertiser clients to help them identify and buy advertising on publishers’ Digital Media Properties. Clients may use this information in conjunction with other information they have independently collected to provide you targeted advertising and to help them evaluate whether a particular ad campaign may be of interest to you.
- Business Transfers: We may share User Information in connection with an actual or proposed sale or transfer of all or a part of our business or assets, corporate merger, consolidation, or bankruptcy.
- Vital interest, legal rights and compliance with laws. We may share User Information with law enforcement, regulatory authorities, courts with competent jurisdictions, emergency services or other necessary third parties for legal, protection, security, and safety purposes, including:
- to comply with laws or regulatory requirements and to respond to lawful requests and legal process;
- to protect the safety of our employees and agents, our customers, or any person.
- Vendors, partners and other service providers: We may share User Information with our vendors and partners who perform functions on our or our clients’ behalf and require access to such information to provide us with services or do work for us. Examples include: analyzing data, fraud prevention, hosting data, engaging technical support for our technology platform, and performing analysis related to our technology platform and related services.
Our clients, our vendors, and our clients’ vendors, who use our technology may use their own tags, pixels, cookies, or other similar technology (or those of their other affiliates) within their advertisements and on certain websites. We are not responsible for our clients’, vendors’ and/or our clients’ vendors’ use of such tracking technologies or for their privacy practices.
There are many ways to opt-out of receiving targeted advertising that our clients may conduct using our technology. Note that different devices use different identifiers and different technologies, so that you must opt out separately from each browser and each device that you would like to be opted out. If you opt-out of targeted advertising, we will no longer collect User Information described above from the opted-out device.
Should you wish to opt-out of the use of information about the websites you visit in order to deliver targeted advertising to you, you can do so using the opt-out tool on our website, at http://rubiconproject.com/privacy/consumer-online-profile-and-opt-out/.
Additionally, you can opt-out by using any of the following three mechanisms:
- Rubicon Project is a member of the NAI and adhere to the NAI’s Code of Conduct. You can therefore opt-out of targeted advertising by NAI participating companies, including Rubicon Project, by visiting the NAI’s opt-out page at http://www.networkadvertising.org/choices/.
- Rubicon Project also adheres to the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Principles. You can out of targeted advertising by companies that adhere to the DAA Self-Regulatory Principles, including Rubicon Project, by visiting the DAA’s opt-out page at http://www.aboutads.info/choices/.
- Finally, for users located in the European Union, Rubicon Project also adheres to IAB Europe’s Online Behavioral Advertising Framework. EU-based users can opt-out of targeted advertising by companies that adhere to IAB Europe’s Online Behavioural Advertising Framework, including Rubicon Project, by visiting http://www.youronlinechoices.eu.
Please note that these opt-outs operate by placing a cookie on your device that is unique to the browser and device you use to opt-out. They may not function properly if you have configured your browser to reject certain cookies. If you change browsers or your device, or delete the cookies on your device, you will need to opt-out again. You also can set your browser to notify you when a cookie is being set and to block most cookies, including ours.
Your device may give you the ability to opt-out of the use of information about the apps you use in order to serve you ads that are targeted to your interests (see “Opt out of Interest-Based Ads” or “Opt out of Ads Personalization” under your settings menu on Android devices or “Limit Ad Tracking” under your settings menu on iOS devices).
You may stop the collection of location information by particular apps or from your device as a whole at any time by changing the preferences on your mobile device. For more information on how to change your preferences, please see http://www.networkadvertising.org/mobile-choice.
Television & Internet Connected Devices
Your Internet connected device (e.g. a smart TV or a set-top box) may give you the ability to opt-out of the use of information for advertising purposes. To determine if your Internet connected device has these options, please visit your device’s settings menu. For more information on how to change your preferences, please see https://www.networkadvertising.org/internet-connected-tv-choices/.
If you live in certain jurisdictions such as the European Economic Area (“EEA”), the United Kingdom (“UK”), Switzerland, or California, you have certain rights and protections under the law regarding the collection, processing, and use of information about you.
In particular, you have the right to: (i) request access and obtain a copy of your User Information, and (ii) request erasure, or deletion of your User Information. You may also have the right to request rectification of your User Information, to obtain your User Information in a portable format, to object to or restrict the processing of your User Information, to prevent the use of your User Information for particular purposes, and to not be discriminated against for exercising your rights.
If you would like to exercise any of these rights, please see our Data Subject Rights policy for instructions on how to do so.
The cookies set out on your device by our advertising technology expire no later than 366 days after the last time you visited a Digital Media Property using our advertising technology.
We typically store the User Information we collect from your device, such as IP address and other information described above, in our systems for up to 90 days before we anonymize and aggregate that data into summary reports.
In some cases, we may keep some of the User Information for longer periods of time where required under certain laws or to comply with law enforcement or regulatory requests – for example, those relating to corporate governance, taxation, money laundering and financial reporting legislation.
We use industry-standard technical and organizational security measures to help protect information transmitted over or stored on our systems. Please note that no transmission or storage of information, however, can ever be guaranteed to be completely secure, though we take all reasonable precautions to protect against security incidents.
If you are a resident of California, please review these additional privacy disclosures.
California law requires us to disclose the categories of personal information we collect and how we use them, the categories of sources from which we collect personal information, and the third parties with whom we share personal information, which we have explained above. We are also required to communicate information about rights you have under California law—for information about these rights, please see “Your Choices and Rights” above. You also have the right to request what information we collect and how we use and disclose it. You may exercise these rights by visiting our Data Subject Rights policy. Please note that because most of the information we store can only identify a particular browser or device, and cannot identify you individually, you need to provide us with some additional information to enable us to identify the User Information we hold about you, if any, and ensure that we accurately fulfill your request. If you have any questions about your rights or our disclosures, you may reach us at +1.888.812.3839.
In addition, we are required to provide you certain information about the business and commercial purposes for which we collect and share your personal information. We use and disclose the information we collect for the business purposes described in the “How We Use User Information” section of this policy, including: to allow our clients to select and display advertisements, to understand how users interact with our services, for auditing purposes, to detect security incidents, to prevent fraud, debug, and repair errors, and for other purposes described above.
Do Not Sell My Personal Information
Rubicon Project does not sell User Information, but our clients may use our technology to buy or sell personal information as defined by California law. If you wish to opt out of the use of your personal information for interest-based advertising purposes, you may do so by clicking here or by following the instructions under Your Opt-Out Choices above. Note that because these opt outs are specific to the device or browser on which they are exercised, you will need to opt out on each browser and device.
Annual Request Statistics
During the period January 1, 2020 to December 31, 2020, we received the following number of requests from individuals:
Requests to know from individuals in the United States: 9 requests. We processed the requests within a medium timeframe of 5 days; however, these requests were denied because we were unable to verify the identity of the individual making the request.
Requests to delete from individuals in the United States: 17 requests, and we complied with all of these requests within a medium timeframe of 5 days.
Requests to opt out from individuals, globally: Although we do not engage in “sales” as defined under the California Consumer Privacy Act, we do honor users’ requests to opt out of interest-based advertising, as explained in this Policy. We received 3,121,600 requests to opt out, and these requests were completed in approximately real time.
If you are an end user located in the EEA, the UK, or Switzerland, please read these additional disclosures.
As an end user located in these countries, you may have the right to: (i) to request access and obtain a copy of your User Information; (ii) to request rectification or erasure of your User Information; (iii) to restrict the processing of your User Information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your User Information.
If you would like to exercise any of these rights, please see “Your Choices and Rights” above.
Legal Basis for Processing
Our legal basis for collecting and using the User Information described above will depend on the User Information concerned and the specific context in which we collect it. However, we normally rely on our legitimate interests to collect User Information from you, except where such interests are overridden by your data-protection interests or fundamental rights and freedoms. Where we rely on our legitimate interests to process your User Information, they include the interests described in the section headed “How We Use User Information.”
In some cases, we may rely on your consent or have a legal obligation to collect User Information from you or may otherwise need the User Information to protect your vital interests or those of another person. If we rely on consent to collect and/or process your User Information, we will obtain such consent in compliance with applicable laws.
If you have questions about or need further information concerning the legal basis on which we collect and use your User Information, please contact us using the contact details provided under the “Contact Us” heading below.
Right to Lodge a Complaint
You have the right to lodge a complaint about our processing of personal data with a European Data Protection Authority. For contact details of your relevant local Data Protection Authority, please see here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm
Data Transfers and Privacy Shield
Rubicon Project is a global company headquartered in the United States with data centers located in the United States, Europe and Hong Kong. If you are accessing any of the Digital Media Properties from outside the United States, please be aware that your data may be transferred to, stored and processed by us and our affiliates in our facilities in the United States and other countries (including in Hong Kong, Brazil, Japan, Singapore and Australia, where our global affiliates have offices) and by those third parties with whom we may share your User Information as described in this policy.
These countries (including the United States) may not provide a level of data protection for your User Information that would be considered adequate as determined by the European Commission or Swiss Federal Data Protection Authority, or have data protection or other laws as comprehensive as those in your country. We will however ensure that where Rubicon Project group companies or third-party service providers receive User Information outside of the EEA, appropriate safeguards are in place under European data protection legislation.
In this regard, The Rubicon Project, Inc. and its US subsidiaries, Rubicon Project Hopper, Inc. and Rubicon Project Apex, Inc. have self-certified to the Privacy Shield (see below) to protect personal information which is transferred outside of the EEA, the UK and Switzerland.
If you would like to learn more about the safeguards we put in place for international transfers, please contact us using the contact details further below.
We may update this policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. If we make material changes to this policy, we will notify you of any material changes by posting the revised policy on this website, and where necessary, by any other means required by applicable law.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact Rubicon Project’s Privacy Team by e-mail at email@example.com or by post using the details provided below:
The Rubicon Project, Inc.
Attn: Privacy Team
12181 Bluff Creek Drive, 4th Floor
Playa Vista, CA 90094
You can also contact Rubicon Project’s Data Protection Officer at firstname.lastname@example.org.