Last Updated: April 23, 2019
Table of Contents:
Information We Collect
How We Collect User Information
How We Use User Information
Legal basis for Processing User Information (EEA and UK end users only)
Sharing of User Information
Information Our Customers and Vendors Collect
Your Opt-Out Choices
European Data Subject Rights
Changes to this Policy
Data Transfers for Residents of the European Economic Area (EEA)
This policy applies to the information Rubicon Project (“Rubicon Project,” “we” or “us”) collects and receives from individuals (“end users” or “you“) who interact with Digital Media Properties (defined below) that use Rubicon Project’s technology to provide you with ads. Rubicon Project is committed to transparency, and we want you to fully understand how we may collect, use, and share data relating to individuals (like you), and the choices that are available to you.
Rubicon Project provides a digital advertising technology platform and related services that connects advertising buyers (advertisers) with sellers (publishers) of advertising inventory. For example, advertisers (or their agents) may use our technology to buy advertising for display on publishers’ websites, mobile applications and other digital media properties (which we collectively refer to as “Digital Media Properties”). We also provide related software and APIs for developers. You can find out more about this here.
When you visit a Digital Media Property that uses our technology, we collect certain information about you and your device (“User Information“). Some of this information (including for example your IP addresses and certain unique device identifiers), may identify a particular computer or device, and may be considered “personal data” in some jurisdictions, including the European Union.
Information that we collect includes:
We do not collect any “sensitive” or “special categories of personal data” as defined under European data protection laws.
Other technologies: Additionally, we use other technologies, including local storage, to collect User Information in order to assist with the delivery of ads and to provide reporting to our customers.
In addition, we also work with third party advertising platforms that separately collect and use User Information to enable our and their customers to deliver targeted advertisements using our advertising technology. As an example, we work with companies that use information about your visits to various websites or applications across multiple devices in order to provide you content and ads of interest across those devices. Our customers may use this third-party data in combination with your User Information to deliver you targeted ads across multiple devices.
We primarily use the User Information we collect to enable our clients to buy and sell advertising space on Digital Media Properties. In particular, our customers use information we provide, in conjunction with other information they have independently collected, to deliver end users targeted advertising they believe will be of particular interest to those users based on interests that might be inferred from the User Information that we collect. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
We may also use the User Information we collect for our legitimate business interests:
If you are an end user located in the European Economic Area or the United Kingdom, our legal basis for collecting and using the User Information described above will depend on the User Information concerned and the specific context in which we collect it.
However, we normally rely on our legitimate interests to collect User Information from you, except where such interests are overridden by your data protection interests or fundamental rights and freedoms. Where we rely on our legitimate interests to process your User Information, they include the interests described in the section headed “How We Use User Information“.
In some cases, we may rely on your consent or have a legal obligation to collect User Information from you or may otherwise need the User Information to protect your vital interests or those of another person. If we rely on consent to collect and/or process your User Information, we will obtain such consent in compliance with applicable laws.
If you have questions about or need further information concerning the legal basis on which we collect and use your User Information, please contact us using the contact details provided under the “Contact Us” heading below.
We never store any data longer than we think we need it. The cookies set out on your device expire no later than 366 days after they were last accessed. We typically store the User Information we collect, such as IP address and other information described above, for up to 90 days before we anonymize and aggregate that data into summary reports. User Information we no longer need is deleted from either the cookies or our servers (as applicable).
In some cases, we may keep some of the User Information for longer periods of time where required under certain laws or to comply with law enforcement or regulatory requests – for example, those relating to corporate governance, taxation, money laundering and financial reporting legislation.
We share User Information that we collect as follows:
Our clients, our vendors, and our clients’ vendors, who use our technology may use their own tags, pixels, cookies, or other similar technology (or those of their other affiliates) within their advertisements and on certain websites. We are not responsible for our clients, vendors and/or our clients’ vendors use of such tracking technologies or for their privacy practices.
There are many ways to opt-out of receiving targeted advertising that our clients may conduct using our technology. Note that different devices use different identifiers and different technologies, so that you must opt out separately from each browser and each device that you would like to be opted out. If you opt-out of targeted advertising, we will no longer collect User Information described above from your device.
Should you wish to opt-out of the use of information about the websites you visit in order to deliver targeted advertising to you using our “display” technology, you can do so using the opt-out tool on our website, at http://rubiconproject.com/privacy/consumer-online-profile-and-opt-out/.
Additionally, you can opt-out by using any of the following three mechanisms. First, because we are a member of the NAI and adhere to the NAI’s code of conduct and mobile code of conduct, you can opt-out of targeted advertising by participating companies, including Rubicon Project, at http://www.networkadvertising.org/choices/. Second, because we adhere to the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Principles, you can visit the DAA’s opt-out page at http://www.aboutads.info/choices/. Third, for users located in the European Union, Rubicon Project also adheres to the Interactive Advertising Bureau of Europe’s Online Behavioral Advertising Framework. Accordingly, EU-based users can opt-out of targeted advertising through the European Interactive Digital Advertising Alliance’s opt-out page at http://www.youronlinechoices.eu.
Please note that these opt-outs operate by placing a cookie on your device that is unique to the browser and device you use to opt-out. They may not function properly if you have configured your browser to reject certain cookies. If you change browsers or computers, or delete the cookies on your computer, you will need to opt-out again. You also can set your browser to notify you when a cookie is being set and to block most cookies, including ours.
Your device may give you the ability to opt-out of the use of information about the apps you use in order to serve you ads that are targeted to your interests (“Opt out of Interest-Based Ads” or “Opt out of Ads Personalization” on Android devices or “Limit Ad Tracking” on iOS devices). You may stop the collection of location information by particular apps or from your device as a whole at any time by changing the preferences on your mobile device. For more information on how to change your preferences, please see http://www.networkadvertising.org/mobile-choice.
If you are a resident of a country in the European Economic Area (“EEA”) or the United Kingdom (“UK“), you have certain rights and protections under the law regarding the collection, processing, and use of information about you. As stated above, the information that we collect about you when you visit Digital Media Properties that use our advertising technology may include certain digital identifiers that are considered “personal data” under European law.
As a resident of those countries, you have the right to: (i) to request access and obtain a copy of your User Information, (ii) to request rectification or erasure; (iii) to restrict the processing of your User Information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your User Information.
If you would like to exercise any of these rights, please see our Data Subject Rights policy for instructions on how to do so: http://rubiconproject.com/terms-conditions/subject-access-request-policy/. Please note that because most of the information we store can only identify a particular browser or device, and cannot identify you individually, you need to provide us with some additional information to enable us to identify the User Information we hold about you, if any, and ensure that we accurately fulfill your request.
In addition, you may also opt-out of receiving marketing communications from Rubicon Project. If you would like to exercise this right, please write to us at the contact details provided below.
Finally, as a resident of the EEA or UK, you have the right to lodge a complaint about our processing of personal data with a European Data Protection Authority. For contact details of your relevant local Data Protection Authority, please see here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
We use industry-standard technical and organizational security measures to help protect information transmitted over or stored on our systems. Please note that no transmission or storage of information, however, can ever be guaranteed to be completely secure, though we take all reasonable precautions to protect against security incidents.
We may update this policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. If we make material changes to this policy, we will notify you of any material changes by posting the revised policy on this website, and where necessary, by any other means required by applicable law.
Rubicon Project is a global company headquartered in the United States with data centers located in the United States, Europe and Hong Kong. If you are accessing any of the Digital Media Properties from outside the United States, please be aware that your data may be transferred to, stored and processed by us and our affiliates in our facilities in the United States and other countries (including in Hong Kong, Brazil, Japan, Singapore and Australia, where our global affiliates have offices) and by those third parties with whom we may share your User Information.
These countries (including the United States) may not provide a level of data protection for your User Information that would be considered adequate as determined by the European Commission, or have data protection or other laws as comprehensive as those in your country. We will however ensure that where Rubicon Project group companies or third party service providers receive User Information outside of the EEA, appropriate protections are in place under European data protection legislation.
In this regard, The Rubicon Project, Inc. and its US subsidiaries, Rubicon Project Hopper, Inc. and Rubicon Project Apex, Inc. have self-certified to the Privacy Shield (see below) to ensure that appropriate safeguards are in place when personal information is transferred outside of the EEA, the UK and Switzerland.
If you would like to learn more about the safeguards we put in place for international transfers, please contact us using the contact details further below.
The Rubicon Project, Inc. and its US subsidiaries, Rubicon Project Hopper Inc. and Rubicon Project Apex, Inc., comply with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce with respect to personal information concerning individuals from the EEA, the UK and Switzerland. Please see our Privacy Shield Notice to learn more.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact Rubicon Project’s Privacy Team by e-mail at firstname.lastname@example.org or by post using the details provided below:
The Rubicon Project, Inc.
Attn: Privacy Team
12181 Bluff Creek Drive, 4th Floor
Playa Vista, CA 90094
You can also contact Rubicon Project’s Data Protection Officer at email@example.com.
The data controller of EEA and UK residents’ User Information is The Rubicon Project, Inc. at the above address.
Our EU data protection representative is The Rubicon Project Ltd., who can be contacted at: Walmar House, 5th Floor, 296 Regent Street, London W1B 3AP, United Kingdom.