Privacy Policy: September 9, 2024
Eyeota is an audience technology platform. We and our partners collect and use data to ensure that the advertising you see is relevant. Our technology uses pseudonymous data to map information and devices together so we can create a broad picture of groups of individuals and their preferences.
This privacy policy provides the details of the Eyeota business; the data that we collect; the purpose for this data collection and what your individual rights are with respect to any Personal Data that Eyeota may hold on you.
Eyeota is committed to being transparent about its processes and the data it interacts with and ensuring that the legal rights of individuals are respected and protected. We appreciate that the nature of our business and the legal rights of individuals are complicated topics and that you may have additional questions. If you want to contact us, please email privacy@eyeota.com.
Any data we collect is processed in accordance with regional privacy laws, including GDPR in Europe. We advise you to check back with this page from time to time, as we may make changes in accordance with legal requirements.
Contents of Privacy Policy
What does Eyeota's Platform do?
Eyeota owns and operates a technology platform (the "Platform") which collects, organizes, maintains and distributes pseudonymized profile information (the "Platform Data"). Platform Data is collected from a variety of online and offline sources, such as via website publishers, mobile applications, data brokers and market research companies.
What is the purpose of Eyeota's Platform?
Eyeota's Platform allows Eyeota's clients to buy, sell & distribute Platform Data for the specific purposes of:
Eyeota's clients and partners are contractually obliged to have adequate privacy policies which also facilitate these purposes.
What information does Eyeota Platform hold?
The categories of Platform Data processed by the Eyeota platform includes: (a) pseudonymous information such as a cookie ID on your browser, mobile advertising IDs, or addressable media identifiers; (b) obfuscated personal information such as hashed email addresses where direct identifiers are removed; (c) IP addresses and information derived from IP addresses, such as geographic location; (d) Information aggregated by postal code; (ed) information about your device, such as browser, device type, operating system, the presence or use of "apps", screen resolution, or the preferred language; (f) demographic information such as gender, age, and income range; and (g) behavioral data of the internet connected computer or device you use when interacting with websites, applications, or other connected devices, such as advertisements clicked or viewed, websites and content areas, date and time of these activities, or the web search used to locate and navigate to a website.
The Platform Data that is sent to us by our partners includes aggregated pseudonymized profile information, and data that is sent via the HTTP header including IP address, cookie and mobile advertising IDs, hashed email addresses, date and time, URLs, operating system, and browser version.
Where we can reasonably infer that a particular computer and mobile device belong to the same user or household, we may consider those browser(s) and/or device(s) as linked for the purposes of leveraging the Platform Data. This process is sometimes called a device graph. We may also augment the Platform Data via a heuristic onboarding methodology that pulls aggregate data via postal code.
The pseudonymized profile information is aggregated and then organized into audience segments that fall into the categories of interest data (e.g., interest in sports, news, fashion and associated sub-categories etc.), demographic data (e.g., age, gender, employment sector, income band etc.) and purchase intent data (e.g., in-market for electronics, financial products, online fashion etc.).
Eyeota's Platform is not designed to collect any identifiable Personal Data such as full name, email address, physical address or sensitive Personal Data such as social security number etc. In addition, our clients and partners are contractually prohibited from transmitting any data which can directly identify an individual to Eyeota. We do not intentionally collect data that is considered to be sensitive but recognize that different jurisdictions may have different definitions of what they consider sensitive.
Sensitive personal data within the EU ("special category data" as defined by Article 9.1 of the General Data protection Regulation or "GDPR") includes:
Outside of the EU, Eyeota receives the data about inferred political opinions from some of our data providers:
In certain jurisdictions, Eyeota receives non-sensitive data that is related to political or financial interests for use in connection with ad targeting via the Platform.
Eyeota does not collect any data related to adult-oriented products or services such as pornography, hate speech or firearms.
For information relating to our age data policies, please refer to the Protecting Children's Data section of this policy under 4. Personal Rights for EU Data Subjects below.
What is Eyeota Platform Data used for?
Eyeota's Platform is designed to enable manufacturers and brands to discover audiences who may have a preference for their advertising. The platform helps advertisers discover new audiences who have traits, preferences and interests which are similar to their existing customers or their desired audiences. Eyeota's Platform Data is useful to a number of different groups
If, at any time, you would like to opt-out of participating in this type of online interest-based advertising where the adverts you see can be based on your pseudonymized profile information, please go to the opt-out section of this policy.
The Platform is operated by Eyeota Pte Ltd, a Singapore registered company with company number 201223893Z and with the registered address of
Eyeota PTE Ltd
31 Hong Kong Street #03-01
Singapore, 059670
How does Eyeota collect Platform Data?
We use online technologies such as Cookies, Mobile advertising IDs, Hashed Email Addresses, Pixel Tags, Server-to-Server Connections and Secure Data Transfers with our partners to collect and store Platform Data. We do not use "flash cookies" or any other embedded tracking mechanisms.
How does Eyeota use cookies within the Eyeota Platform?
Eyeota's Platform utilizes cookies and similar tracking technologies for recognizing individual browsers and storing data against cookie IDs for the purposes of interest-based advertising and analytics. The Platform also uses cookies to store users' opt-out preferences.
Does Eyeota process data collected from consent or opt-out signals?
Yes, in places such as the EU where it is required Eyeota is a registered Global Vendor within the IAB Transparency and Consent Framework (IAB Vendor ID: 120) which in turn pushes vendor list and consent rights through various market-facing Consent Management Platforms (CMPs). We use this framework to collect and manage consent signals from our data partners for Matching Data to Offline Sources as well as for the purposes of Store and/or access information on a device, Create a personalised ads profile, Create a personalised content profile, Apply market research to generate audience insights, Develop and improve products. Where required by law, Eyeota honors Do Not Track and similar opt-out preference signals.
Our platform also accepts consent-based data sets from CMPs that operate outside of the IAB Transparency and Consent Framework.
Does Eyeota also accept data collected under Legitimate Interest?
No. As of 25th March 2020, Eyeota only accepts and processes data from the EU/EEA under the basis of consent.
What is Eyeota's legal basis for collecting and processing Platform Data in the EEA?
For data from EU data subjects processed via the Platform, Eyeota operates under the consent provisions of the GDPR.
The only data that Eyeota interacts with which are directly classified as Personal Data under the GDPR are IP addresses, hashed email addresses and cookie IDs. However, as all profile information is attached to pseudonymous Personal Data such as a cookie ID, all profile information is also considered to be Personal Data.
For Eyeota to process your data, you may have consented to accept a cookie or to processing of your data from one of our partner data providers, thus, we also expect to handle data that has been collected and provided on the basis of consent.
For example, Eyeota may process TC Strings for the purpose of ensuring and being able to demonstrate that Users have consented to or not objected to the processing of their personal data in connection with targeted ads.
If you have any further questions relating to Eyeota's legal basis for collecting and processing data in the European Economic Area, please contact us here.
How long does Eyeota store Platform Data for?
What Platform Data information is shared with third parties?
Eyeota shares Platform Data with partners who provide online advertising services to marketers, advertisers, and online publishers and may share such data with marketers, advertisers and online publishers directly. For a representative list of the partners that receive Platform Data from Eyeota directly, please refer to Eyeota's list of integration partners here. We will endeavor to keep this list updated on a regular basis as our partners may change from time to time. Under California law, Eyeota is deemed to have sold Platform Data to each of these partners as well as some of our advertiser customers over the previous 12 months.
Reporting is also an integral part of Eyeota's business. Under contract, our clients and data providers receive periodic operational reports for performance tracking and billing and auditing. We also generate reports that provide insights on the popularity and usage of the aggregated data, such as the number of data subjects that appear in a segment, in aggregate. The reports are prepared using aggregated Platform Data and contain only pseudonymized data.
The aggregated Platform Data may be shared with authorized employees, independent contractors, consultants, and subsidiaries. User-level Platform Data is only made available to full-time employees in our technology team, who need access to execute their job requirements, on a limited-access basis, and in line with our Data Minimization Policy (Eyeota Company Policy designed to protect the individual rights of data subjects or users and to ensure that employees understand their obligations with respect to user-level data).
We may also use the services of third-party service providers for cloud data storage, analysis, and processing facilities and to provide operational or other support services. Other third-party service providers used by Eyeota include: a) cloud computer, data storage and file storage providers, b) email marketing providers, c) website and b2b sales analytics providers, d) customer relationship management, contact database vendors, data hygiene vendors, survey vendors and project management software providers, e) customer billing systems partners, f) login authentication providers to ensure that the logins to our systems are working efficiently, g) social media platforms for advertising and marketing purposes, h) outsourced computer programmers helping ensure our systems are operating properly, i) auditing, debugging and security vendors. Data is shared only to enable these entities to perform professional and technical functions in relation to Eyeota's business. These entities are subject to confidentiality restrictions and are not authorized to use, access or transform information they receive from us for any purpose other than providing their services to Eyeota.
We may be required to share Platform Data and information with regulatory authorities, government agencies, and law enforcement officials, as permitted or enforced by law. Additionally, we may share data and information to defend or protect our legal rights, our intellectual and physical property, our employees and service providers, the safety and security of our business partners and their online users, and to protect us against fraud.
Finally, we may share some or all Platform Data and information assets if our company is sold, acquired, transferred or merged, files bankruptcy, undergoes debt refinancing, undergoes any form organizational change or any other business transaction that may require assets under our control to transferred to third parties as part of the business transaction.
Business Data
Our corporate website at www.eyeota.com is designed for our business partners, those seeking information about Eyeota, and also for recruiting new employees. Eyeota collects partner and client data from its customers and website and marketing data from its corporate website www.eyeota.com for business purposes such as billing, account maintenance and other customer services, marketing to current and prospective customers, recruitment, responding to general inquiries and also for website analytics, detecting and preventing malicious behavior on our website and improving and organizing the content of our website. These data sets are collectively known as Business Data.
Certain U.S. state laws such as the California Consumer Privacy Act ("CCPA") provide data subjects with the right to opt-out of the sale or sharing of their personal information. Eyeota not sell identifiable personal data (e.g., email, telephone number) collected via our website or pursuant to our sales and marketing activities. However, our marketing team may co-promote events with other companies that may involve the sharing of attendee lists. The sharing of those attendee lists across companies may constitute a sale. Moreover, we enable third-parties operating on our website to place pixels and/or cookies that collect pseudonymous data from visitors to our website and which may be deemed a sale of personal information in California and other places. This pseudonymous data includes pseudonymous IDs, IP addresses and similar information and is used for marketing and advertising purposes. We provide a notice of these practices when you first visit our website and provide the appropriate choice mechanism as required by law. You may control the use of cookies via your browser settings. You may also opt-out from the sale or sharing of this information by Eyeota as described in the Cookie Policy.
Business Data is collected from our website as follows:
Why do you collect this Business Data?
The Business Data is used only for the purposes of marketing, communicating with our customers, responding to general inquiries, providing our services and recruitment. The Business Data which is collected using cookies does not include any data that can directly identify an individual and the purpose of this data is to allow website analytics, detecting and preventing malicious behavior on our website, and improving and organizing the content of our website. Business Data is not used or combined with our Platform Data, nor is it used for the Platform purposes outlined above in this privacy policy.
Do you share Business Data?
Business Data is not shared with third parties except for the purposes stated in this statement. We may share Business Data with authorized employees, affiliates, subsidiaries, vendors, or other third parties to perform services on our behalf that are related to the purposes stated in this statement (e.g., our customer relationship management (CRM) system provider, etc.)
We may disclose Business Data to third parties when we believe we are reasonably required to do so by law, and in order to investigate, prevent, or take action regarding suspected or actual prohibited activities, including but not limited to fraud and situations involving potential threats to the physical safety of any person.
We may transfer any data we have, including Platform Data and Business Data to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, debt refinancing, or other corporate change.
How long do you keep Business Data for?
We retain Business Data for as long as we have an active relationship with our partners unless otherwise specified, or until it is deleted following a request from the subject of the data. Business Data is deleted 13-months after our last interaction unless Business Data is required to be stored under applicable law.
Do you transfer this Business Data to other countries?
Eyeota has employees around the world, and due to the fact that we utilize a global CRM system, Business Data is transferred to other countries.
From 25th May 2018 onwards, where we are transferring data from the European Union or UK to non-European Union countries, we will do so using EU/UK-approved model contract clauses.
What is Eyeota's legal basis for collecting and processing Business Data?
The legal basis for processing Business Data is contractual necessity. We also process data for sales and marketing purposes under our Legitimate Interest in expanding, managing and operating our business. We obtain consent when collecting Business Data via registration forms on www.eyeota.com.
Platform Data
How to opt-out: Desktop / Browser Choice recorded in cookies
Eyeota honors your choice with respect to how data is processed on the Platform. Different jurisdictions provide you with different rights. For example, EU data subjects have the right to object to certain forms of data processing and/or to withdraw their consent to such processing. Data subjects in California have the right to opt-out from Eyeota’s sale of Platform Data. Data subjects in the rest of the United States and many other places have the right to opt-out from many forms of ad targeting.
CHOICE MECHANISM: OPT-OUT OF EYEOTA'S PLATFORM
When you click onto Eyeota's choice mechanism, we will attempt to place a non-unique cookie on your browser which tells our systems to stop targeting ads to that browser and to cease processing of data with respect to that browser. For California data subjects, the presence of the non-unique opt-out cookie means that we will stop the sale of Platform Data. Please note that you will still see adverts online, however, these adverts may be less relevant because they won't be based on your interests.
Other ways to opt-out via your browser
Users can also exercise choice with respect to Eyeota's Platform Data collection via any one of the methods operated by certain advertising trade associations below:
Please note that if you change your browser settings to block, delete and/or control the use of all third-party cookies, it may negatively impact Eyeota's ability to place an opt-out cookie on your browser. Also, if you use a different computer or device, you may need to renew your choice.
Note for EU, UK and Swiss data subjects. When we can reasonably see that a data subject is coming from the EEA/UK/Switzerland and has an Eyeota opt-out cookie on their browser, that tells our systems to stop processing data with respect to that browser.
Please refer to your web browser's help documentation for more information for managing the use of cookies directly through the browser settings.
The lifespan of Eyeota's choice cookie is 5 years if our opt-out cookie is not deleted from the users' browser.
How to Opt-out on Mobile:
We honor the mobile device settings for Android and Apple iOS devices. To exercise this opt-out, please visit the privacy settings of your Android or iOS device and select “limit ad tracking” (Apple iOS) or “opt-out of interest based ads” (Android). For devices where we are able to see that such a selection has been made, our systems stop targeting ads to that device and to cease processing of data with respect to that device. Please note that you will still see adverts online, however, these adverts may be less relevant because they won't be based on your interests.
The NAI provides a helpful guide that outlines opt-out processes for most of the major mobile operating systems. You can also deny or revoke a specific company from processing your mobile device identifiers by installing the AppChoices App provided by the Digital Advertising Alliance (DAA). See more information which companies use AppChoices and how to download and configure the AppChoices App relevant for your mobile platform.
How to Opt-out on Smart TVs:
We honor the privacy settings for the major Smart TV platforms that allow Eyeota data to be actioned or profiling and/or targeted ads. To exercise this opt-out, please visit the privacy settings of your CTV/OTT device. For devices where we are able to see that such a selection has been made, our systems stop targeting ads to that device and to cease processing of data with respect to that device.
The Network Advertising Initiative (NAI) provides a helpful guide that outlines opt-out processes for most of the major CTV/OTT systems.
Hashed Email: Opt-out Information
As noted above, Eyeota sometimes uses email addressed that are hashed in order to create a pseudonymous UID to help us recognize a particular browser or device. When an email is hashed, your identifiable Personal Data is removed so that we can no longer identify you directly from the hashed data set. The Network Advertising Initiative (NAI) provides an email-based opt-out that enables you to opt-out of this activity. Please visit the NAI’s website for more information and instructions on opting out Eyeota’s use of hashed emails. Opt-out here. When you opt-out via this method, Eyeota will stop using that email address on the Platform.
Business Data: Opt-out Information
You are entitled to opt-out from our marketing lists and databases at any time. If you wish to update or change any information previously provided to Eyeota via our website, please submit a request to update your details here. You may also request to delete any previously submitted information using the same form.
UNSUBSCRIBE FROM EYEOTA MARKETING
Please allow up to 72 hours for your contact details to be removed from our database. Please note, if you do decide to opt-out and you or your business have a contractual agreement with Eyeota regarding the provision of products or services, we may still be required to send you emails in regards to these services and to support our contractual obligations.
Subject Access Requests
Please complete a Subject Access Request form to receive a copy of any platform and/or business data we hold about you. You can also use this form to request the following further options:
The information you supply in this form will only be used to identify the platform and/or business data you are requesting and responding to your request. Once you submit a Subject Access Request form we will endeavor to respond to you within 72 hours of receipt of your request. Please allow 30 days for Eyeota to process your request.
You can also email Eyeota at privacy@eyeota.com with any questions or queries you have regarding your data. EU/UK, Swiss, and California data subjects are afforded additional privacy rights as described below.
Personal Rights for certain U.S. Data Subjects
Users that are located within certain U.S. States such as State of California, Colorado, Connecticut, Virginia and Utah are afforded certain rights under applicable law, which may include: a) the right to see what data we have about you, your computer or device (i.e., the right to know), b) the right to delete the data we have about you, your computer or device (i.e., the right to delete) and c) the right to correct certain data we have about you, your computer or device and d) the right to opt-out of profiling, targeted advertising and/or the sale/sharing of data about you, your computer or device to certain third parties (i.e., the right to opt-out from sales/sharing of your information). We do not discriminate against you if you exercise any of the above rights. Moreover, we may not be able to honor a right if doing so would violate applicable law. Certain states (e.g., Colorado, Virginia) provide the right to issue an appeal in the event that you disagree with the way Eyeota has honored one or more of your rights, and may enable you to further appeal to your state’s Attorney General’s office.
You may access those rights with respect to Eyeota by visiting our Subject Access Request page or calling the following toll-free number: 1-866-I-OPT-OUT. Eyeota Service Code: 714. As a data subject living in a place that affords you these rights, if you make a subject access request as set out in this policy, you are entitled to see and delete the personal information that we have about you.
The number of CCPA requests to know that Eyeota received, compiled with whole or part and denied in 2023: 33, 33 and 0.
The number of CCPA requests to delete that Eyeota received, compiled with whole or part and denied in 2023: 311, 311 and 0.
The number of CCPA requests to opt-out that Eyeota received compiled with whole or part and denied in 2023: 2,004,133, 2,004,133 and 0.
The median number of days within which Eyeota substantively responded to requests to know and requests to delete in 2023: 30, 30 and 0. Requests to opt-out made here are honored instantly.
The CCPA and other U.S. privacy laws define personal information broadly and as such, it includes pseudonymous identifiers such as cookie IDs and mobile advertising IDs. Note: The categories of data we process under CCPA includes (a) Personal and Online Identifiers such as: IP address, mobile advertising IDs and similar pseudonymous UIDs and (b) Internet or other electronic network activity information, including, but not limited to, browsing history, and information regarding a consumer’s interaction with an internet website application, or advertisement.
Under the CCPA, your request to see the personal information that we have about you may include: (1) specific pieces of personal information that we may have about you; (2) categories of personal information we have collected about you; (3) categories of sources from which the personal information is collected; (4) categories of personal information that we sold or disclosed for a business purpose about you; (5) categories of third parties to whom the personal information was sold or disclosed for a business purpose under the CCPA; and (6) the business or commercial purpose for collecting or selling personal information.
We may take reasonable steps to verify your request. We will fulfill requests we are able to verify so long as we are not prohibited from doing so by applicable law and/or the information is not essential for us for billing, fraud prevention or security purposes. We will share our reason(s) for denying your request in the event that we are unable to fulfill your request.
Users that are located within the European Economic Area (EEA), Switzerland and the United Kingdom are afforded certain rights under applicable law (e.g., Chapter III of the GDPR for EU data subjects). The UK and Switzerland provide similar protections. These rights include:
With respect to personal right 1 above
If you would like to receive a copy of your data, please submit a Subject Access Request here.
Do you transfer Business or Platform Data to other countries?
Yes, Eyeota will typically transfer data outside of the country of origin for a number of purposes including:
Where we are transferring Personal Data to or from the European Union to non-European Union countries, we will do so under contract and using the standard EU-approved model contract clauses.
How is the data you collect secured & protected?
Eyeota takes appropriate security measures to safeguard Platform Data and other information in our possession against unauthorized access, use, modification, disclosure, and destruction. Our security measures include physical security, appropriate encryption, and restricted access to guard against the unauthorized use of data or information.
While we take all precautions to protect the data in our control, no security measures, however thorough, are perfect nor can they be guaranteed to be completely secure. Therefore, we cannot ensure or warrant absolute security of any Platform Data or other information. In particular, we cannot guarantee that Platform Data or information will not be disclosed, altered, accessed or destroyed in accidental circumstances or by unauthorized acts of others.
Protecting children's data
Within the EU, Eyeota does not collect age data on users under the age of 16 and does not operate on digital properties that are directed to persons under 16. Eyeota is compliant with COPPA regulations and similar state children’s privacy laws within the US. Outside of the EU does not collect age data on users under the age of 16.
Questions
If there are any questions, comments, concerns or complaints related to this policy, please contact us here, or please write to us at the following address:
Eyeota PTE Ltd, 31 Hong Kong Street #03-01, 059670, Singapore, Attention: Privacy Team
Data Protection Officer
ePrivacy GmbH
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21
20354 Hamburg
Germany
dpo@eprivacy.eu
EU Representative
ePrivacy Holding GmbH
Große Bleichen 21
20354 Hamburg
Germany
eu.rep@eprivacy.eu
UK Representative
199 Bishopsgate
London EC2A 2EX
United Kingdom
Eyeota supports industry self-regulation, and we endorse and align our business processes to the best practices and self-regulatory requirements that apply to our industry and the Platform.
In Europe, Eyeota is a certified member of the European Interactive Digital Advertising Alliance (EDAA) and adheres to the EDAA Self Regulating Principles for Online Behavioural Advertising. You can learn more about the EDAA at their website.
Our Privacy Body Associations
Eyeota is associated with numerous data privacy bodies including being:
Eyeota reserves the right to update this Privacy Policy from time to time to reflect our practices and the law.
We see that you have the Global Privacy Control enabled in your browser. We have turned off all but "Required" cookies which are necessary to enable the basic features of this site to function. If you wish to further exercise any applicable data subject rights (DSR) please complete the form available at Your Privacy Choices. For further information on how Dun & Bradstreet uses your personal information, please see our Cookie Policy.
