Rubicon Project respects the data protection and privacy rights you may have under applicable privacy laws (often referred to as “data subject rights“ or “consumer privacy rights”).
For that reason, in order for us to honor any data protection and privacy requests you submit, we need you to provide us with your Digital Identifiers and certain other information. This is necessary to locate any records we hold about your device or browser. We explain below how to do this, and use this additional information only for the purpose of processing your data protection and privacy requests.
Your Rights Explained
Residents of some jurisdictions (for example the European Economic Area (“EEA”), the United Kingdom (“UK”), Switzerland, and California), have certain rights available to them under the laws of those jurisdictions.
These rights may include the right to request access to, rectify, or request erasure/deletion or portability of, personal information. Residents of these jurisdictions may also have a right to object to, or request that we restrict, processing of their personal information. Where such rights apply, we will comply with requests to exercise these rights in accordance with applicable data protection laws. We will also make efforts to honor such requests even in jurisdictions that do not provide for these rights
If you make a request to access the specific pieces of personal information we hold about you in accordance with applicable law (also known as an “access request“), we will provide the Digital Identifiers of your browser(s) and/or device(s) that Rubicon Project may store. Additionally, we may also provide you with certain other information that we may have stored and associated with your Digital Identifiers.
Please note, however, that we have a very short retention period for the data we associate with Digital Identifiers. As a result, we may not be able to provide you any records in response to an access request. In such cases, however, we will inform you that we have not been able to locate any records associated with your Digital Identifiers.
Important Note: We have a responsibility to verify your identity before we respond to an access request. This is to make sure that we provide a copy of your personal information only to the person who is entitled to it – you. If you wish to make an access request, we kindly ask that you contact us directly, with sufficient details for us to verify your identity (as explained below).
How to Make a Data Subject Rights Request
If you wish to exercise a data subject rights request, please follow the steps described below:
Step 1: Locate Your Digital Identifiers
In order for us to locate relevant records, we will need you to provide us with your Digital Identifiers. You can find your Digital Identifiers as follows:
Please keep in mind that different cookies are placed on each browser that you use to access the Internet. As a result, if you use multiple browsers (for example, Google Chrome and Mozilla Firefox), you will need to locate the “khaos” and “ruid” cookies for each browser.
Mobile Devices and other Internet Connected Devices
Additionally, certain mobile devices (for example, mobile phones or tablets using the iOS or Android operating systems) generate a persistent “Advertising Identifier” per device, which, among other things, can be used by third parties, like Rubicon Project, for purposes of providing you with targeted advertising.
On iOS devices, your Advertising Identifier may be referred to as an “IDFA,” “IFA,” or an “ID for Advertising.” On Android devices, your Advertising Identifier may be referred to as an “Advertising ID.” Please follow instructions from your mobile device manufacturer on how to locate your specific Advertising Identifier.
Step 2: Verify Your Digital Identifiers
In order to make sure that we are responding to the correct person, we also will need some supporting proof to demonstrate that the devices that have the Digital Identifiers you located in Step 1 are yours and that the information you are requesting relates to you. For Digital Identifiers stored in cookies, please take a screenshot of each cookie, taking care to make sure that the screenshot shows both the name of the cookie and the full Digital Identifier. For Digital Identifiers located on a mobile device, please take a screenshot of a screen that displays the Digital Identifier.
We may also request that you respond to a few questions, so that we can appropriately verify your identity. Doing this helps us to validate that you have access to the device on which the Digital Identifiers have been placed (and that you are not an unauthorized third party attempting to “guess” Digital Identifiers).
Step 3: Submit to Rubicon Project
Once you have located your Digital Identifiers and can provide us with verification of those Digital Identifiers, please contact us with details of the rights you wish to exercise. The easiest way to do so would be submit the relevant information into our END USER REQUEST PORTAL. We will request the following information:
Your full name
The region in which you are located at the time you are making your request
The data subject rights you wish to exercise
A full list of your Digital Identifiers
Device validation information, as set forth in Step 2