Last Updated: May 21, 2018
Table of Contents:
Information We Collect
How We Collect User Information
How We Use User Information
Legal basis for Processing User Information (EEA end users only)
Sharing of User Information
Information Our Customers and Vendors Collect
Your Opt-Out Choices
European Data Subject Rights
Changes to this Policy
Data Transfers for Residents of the European Economic Area (EEA)
This policy applies to the information Rubicon Project (“Rubicon Project,” “we” or “us”) collects and receives from individuals (“end users” or “you“) who interact with Digital Media Properties (defined below) that use Rubicon Project’s technology to provide you with ads. Rubicon Project is committed to transparency, and we want you to fully understand how we may collect, use, and share data relating to individuals (like you), and the choices that are available to you.
Rubicon Project provides a digital advertising technology platform and related services that connects advertising buyers (advertisers) with sellers (publishers) of advertising inventory. For example, advertisers (or their agents) may use our technology to buy advertising for display on publishers’ websites, mobile applications and other digital media properties (which we collectively refer to as “Digital Media Properties”). We also provide related software and APIs for developers. You can find out more about this here.
When you visit a Digital Media Property that uses our technology, we collect certain information about you and your device (“User Information“). Some of this information (including for example your IP addresses and certain unique device identifiers), may identify a particular computer or device, and may be considered “personal data” in some jurisdictions, including the European Union.
Information that we collect includes:
- Information about your behavior on our publishers’ Digital Media Properties: including information about the domain, your referring website addresses, date/time of visits, page view data, search keywords, visitor activities and actions on publisher’s sites, referring/exit pages, platform type, date/time stamp, geolocation (including city, country, zip code, and potentially geographic coordinates if you have enabled location services on your device), click data, types of advertisements viewed;
- Information about your browser: including information about your browser type and language, and browser history;
- Information about your device: including information about your IP address, device make, device model, device operating system, device operating system version, and data connection type; and
- Information about your Internet service: including information about which Internet Service Provider (ISP) you use.
We do not collect any “sensitive” or “special categories of personal data” as defined under European data protection laws.
Other technologies: Additionally, we use other technologies, including local storage, to collect User Information in order to assist with the delivery of ads and to provide reporting to our customers.
In addition, we also work with third party advertising platforms that separately collect and use User Information to enable our and their customers to deliver targeted advertisements using our advertising technology. As an example, we work with companies that use information about your visits to various websites or applications across multiple devices in order to provide you content and ads of interest across those devices. Our customers may use this third-party data in combination with your User Information to deliver you targeted ads across multiple devices.
We primarily use the User Information we collect to enable our clients to buy and sell advertising space on Digital Media Properties. In particular, our customers use information we provide, in conjunction with other information they have independently collected, to deliver end users targeted advertising they believe will be of particular interest to those users based on interests that might be inferred from the User Information that we collect. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
We may also use the User Information we collect for our legitimate business interests:
- To operate and improve our technology;
- To compile statistics and conduct research and development for our internal business purposes – all of which is done in aggregate without identifying you;
- To enable standard advertising controls;
- To prepare reports that summarize visitor activity;
- To analyze and report on ad performance (such as tracking views of ad, as well as click-through rates on ads), campaign reporting, and campaign forecasting; and
- To protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
If you are an end user located in the European Economic Area, our legal basis for collecting and using the User Information described above will depend on the User Information concerned and the specific context in which we collect it.
However, we normally rely on our legitimate interests to collect User Information from you, except where such interests are overridden by your data protection interests or fundamental rights and freedoms. Where we rely on our legitimate interests to process your User Information, they include the interests described in the section headed “How We Use User Information“.
In some cases, we may rely on our consent or have a legal obligation to collect User Information from you or may otherwise need the User Information to protect your vital interests or those of another person. If we rely on consent to collect and/or process your User Information, we will obtain such consent in compliance with applicable laws.
If you have questions about or need further information concerning the legal basis on which we collect and use your User Information, please contact us using the contact details provided under the “Contact Us” heading below.
We never store any data longer than we think we need it. The cookies set out on our device expire no later than 366 days after they were last accessed. We typically store the User Information we collect, such as IP address and other information described above, for up to 90 days before we anonymize and aggregate that data into summary reports. User Information we no longer need is deleted from either the cookies or our servers (as applicable).
In some cases, we may keep some of the User Information for longer periods of time where required under certain laws or to comply with law enforcement or regulatory requests – for example, those relating to corporate governance, taxation, money laundering and financial reporting legislation.
We share User Information that we collect as follows:
- Customer: We share User Information with our advertiser clients to help them identify and buy advertising on publishers’ Digital Media Properties. Clients may use this information in conjunction with other information they have independently collected to provide you targeted advertising and to help them evaluate whether a particular ad campaign may be of interest to you.
- Business Transfers: We may share User Information in connection with the sale or transfer of all or a part of our business or assets to a third party buyer.
- Vital interest, legal rights and compliance with laws. We may share User Information with law enforcement, regulatory authorities, courts with competent jurisdictions, emergency services or other necessary third parties for legal, protection, security, and safety purposes, including:
- to comply with laws or regulatory requirements and to respond to lawful requests and legal process;
- to protect the safety of our employees and agents, our customers, or any person.
- Vendors, partners and other service providers: We may share User Information with our vendors and partners who perform functions on our or our clients’ behalf and require access to such information to provide us with services or do work for us. Examples include: analyzing data, fraud prevention, hosting data, engaging technical support for our technology platform, and performing analysis related to our technology platform and related services.
Our clients, our vendors, and our clients’ vendors, who use our technology may use their own tags, pixels, cookies, or other similar technology (or those of their other affiliates) within their advertisements and on certain websites. We are not responsible for our clients, vendors and/or our clients’ vendors use of such tracking technologies or for their privacy practices.
There are many ways to opt-out of receiving targeted advertising that our clients may conduct using our technology. Note that different devices use different identifiers and different technologies, so that you must opt out separately from each browser and each device that you would like to be opted out. If you opt-out of targeted advertising, we will no longer collect User Information described above from your device.
Should you wish to opt-out of the use of information about the websites you visit in order to deliver targeted advertising to you using our “display” technology, you can do so using the opt-out tool on our website, at https://rubiconproject.com/privacy/consumer-online-profile-and-opt-out/.
Additionally, you can opt-out by using any of the following three mechanisms. First, because we are a member of the NAI and adhere to the NAI’s code of conduct and mobile code of conduct, you can opt-out of targeted advertising by participating companies, including Rubicon Project, at http://www.networkadvertising.org/choices/. Second, because we adhere to the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Principles, you can visit the DAA’s opt-out page at http://www.aboutads.info/choices/. Third, for users located in the European Union, Rubicon Project also adheres to the Interactive Advertising Bureau of Europe’s Online Behavioral Advertising Framework. Accordingly, EU-based users can opt-out of targeted advertising through the European Interactive Digital Advertising Alliance’s opt-out page at http://www.youronlinechoices.eu.
Please note that these opt-outs operate by placing a cookie on your device that is unique to the browser and device you use to opt-out. They may not function properly if you have configured your browser to reject certain cookies. If you change browsers or computers, or delete the cookies on your computer, you will need to opt-out again. You also can set your browser to notify you when a cookie is being set and to block most cookies, including ours.
Your device may give you the ability to opt-out of the use of information about the apps you use in order to serve you ads that are targeted to your interests (“Opt out of Interest-Based Ads” or “Opt out of Ads Personalization” on Android devices or “Limit Ad Tracking” on iOS devices). You may stop the collection of location information by particular apps or from your device as a whole at any time by changing the preferences on your mobile device.
If you are a resident of a country in the European Economic Area (“EEA”), you have certain rights and protections under the law regarding the collection, processing, and use of information about you. As stated above, the information that we collect about you when you visit Digital Media Properties that use our advertising technology may include certain digital identifiers that are considered “personal data” under European law.
As a resident of a country in the EEA, you have the right to: (i) to request access and obtain a copy of your User Information, (ii) to request rectification or erasure; (iii) to restrict the processing of your User Information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your User Information.
If you would like to exercise any of these rights, please see our Data Subject Rights policy for instructions on how to do so: https://rubiconproject.com/terms-conditions/subject-access-request-policy/. Please note that because most of the information we store can only identify a particular browser or device, and cannot identify you individually, you need to provide us with some additional information to enable us to identify the User Information we hold about you, if any, and ensure that we accurately fulfill your request.
In addition, you may also opt-out of receiving marketing communications from Rubicon Project. If you would like to exercise this right, please write to us at the contact details provided below.
Finally, as a resident of the EEA, you have the right to lodge a complaint about our processing of personal data with a European Data Protection Authority. For contact details of your relevant local Data Protection Authority, please see here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
We use industry-standard technical and organizational security measures to help protect information transmitted over or stored on our systems. Please note that no transmission or storage of information, however, can ever be guaranteed to be completely secure, though we take all reasonable precautions to protect against security incidents.
We may update this policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. If we make material changes to this policy, we will notify you of any material changes by posting the revised policy on this website, and where necessary, by any other means required by applicable law.
Rubicon Project is a global company headquartered in the United States with data centers located in the United States, Europe and Hong Kong. If you are accessing any of the Digital Media Properties from outside the United States, please be aware that your data may be transferred to, stored and processed by us and our affiliates in our facilities in the United States and other countries (including in Hong Kong, Brazil, Japan, Singapore and Australia, where our global affiliates have offices) and by those third parties with whom we may share your User Information.
These countries (including the United States) may not provide a level of data protection for your User Information that would be considered adequate as determined by the European Commission, or have data protection or other laws as comprehensive as those in your country. We will however ensure that where Rubicon Project group companies or third party service providers receive User Information outside of the EEA, appropriate protections are in place under European data protection legislation.
For example, in order to ensure that your User Information is adequately protected when transferred outside of the EEA, The Rubicon Project Ltd. has entered into inter-company “model clause” agreements and other adequacy arrangements with other various entities located outside the EEA that may process your User Information on behalf of The Rubicon Project Ltd. A copy of such agreements is available on request.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact Rubicon Project’s Data Protection Officer by e-mail at firstname.lastname@example.org or by post using the details provided below:
Residents outside of the European Economic Area
The Rubicon Project, Inc.
Attn: Privacy Officer
12181 Bluff Creek Drive, 4th Floor
Playa Vista, CA 90094
European Economic Area (EEA) residents
The Rubicon Project Ltd.
Attn: Data Protection Officer
296 Regent St.
London, W1B 3HR
Important note: The data controller of EEA residents’ User Information is The Rubicon Project Ltd at the above address. The Rubicon Project Ltd is registered with the UK Information Commissioner’s Office (registration no. ZA118130).