Rubicon Project is committed to respecting the data protection rights you may have under applicable privacy laws (often referred to as “data subject rights“).
Your Rights Explained
Residents of some countries (for example the European Economic Area (“EEA”)), can exercise certain data subject rights available to them under applicable data protection laws.
These rights may include the right to request access to, or to request erasure or portability of, your personal information. You may also have a right to object to, or request that we restrict, processing of your personal information. Where such rights apply, we will comply with requests to exercises these rights in accordance with applicable data protection laws.
If you make a request to access personal information we hold about you (also known as an “access request“), we will provide the Digital Identifiers of your browser(s) and/or device(s) that Rubicon Project may store. Additionally, we may also provide you with certain other information that we may have stored and associated with your Digital Identifiers.
Please note, however, that we have a very short retention period for most files with Digital Identifiers that we store or process. As such, we may not be able to provide you any records at all in response to an access request. In such cases, however, we will inform you that we have not been able to locate any records associated with your Digital Identifiers.
Important Note: We have a responsibility to verify your identity before we respond to an access request. This is to make sure that we provide a copy of your personal information only to the person who is entitled to it – you. For that reason, it is our policy to only accept requests submitted directly to us by the data subject. If you wish to make an access request, we kindly ask that you contact us directly, with sufficient details for us to verify your identity (as explained below).
How to Make a Data Subject Rights Request
If you wish to exercise a data subject rights request, please follow the steps described below:
Step 1: Locate Your Digital Identifiers
In order for us to locate relevant records, we will need you to provide us with your Digital Identifiers. You can find your Digital Identifiers as follows:
Please keep in mind that different cookies are placed on each browser that you use to access the Internet. As a result, if you use multiple browsers (for example, Google Chrome and Mozilla Firefox), you will need to locate the “khaos” and “ruid” cookies for each browser.
Additionally, certain mobile devices (for example, mobile phones or tablets using the iOS or Android operating systems) generate a persistent “Advertising Identifier” per device, which, among other things, can be used by third parties for purposes of providing you with targeted advertising. On iOS devices, your Advertising Identifier may be referred to as an “IDFA,” “IFA,” or an “ID for Advertising.” On Android devices, your Advertising Identifier may be referred to as an “Advertising ID.” Please follow instructions from your mobile device manufacturer on how to locate your specific Advertising Identifier.
Step 2: Verify Your Digital Identifiers
In order to make sure that we are responding to the correct person, we also will need some supporting proof to demonstrate that you are indeed connected to the Digital Identifiers you located in Step 1. For Digital Identifiers stored in cookies, please take a screenshot of each cookie, taking care to make sure that the screenshot shows both the name of the cookie and the full Digital Identifier. For Digital Identifiers located on a mobile device, please take a screenshot of a screen that displays the Digital Identifier. Additionally, please fill out and sign the Identity Verification Form (click here to download PDF) that we have prepared, which attests that the Digital Identifiers you have located are indeed associated with you. We may also request that you respond to a few personalized questions, so that we can appropriately verify your identity.
Step 3: Contact Rubicon Project
Once you have located your Digital Identifiers and can provide us with verification of those Digital Identifiers, please contact us with details of the data subject rights you wish to exercise. The easiest way to do so would be to email us at firstname.lastname@example.org. Please make sure to include the following information in your email:
You can also make a data subject rights request by mail, by sending a written request with all of the above-listed information to the following address:
Residents outside of the European Economic Area:
The Rubicon Project, Inc.
Attn: Privacy Officer
12181 Bluff Creek Drive, 4th Floor
Playa Vista, CA 90094
European Economic Area (EEA) residents:
The Rubicon Project Ltd.
Attn: Data Protection Officer
296 Regent St.
London, W1B 3HR
Important note: The data controller of EEA residents’ personal information is The Rubicon Project Ltd at the above address. The Rubicon Project Ltd is registered with the UK Information Commissioner’s Office (registration no. ZA118130)