Eyeota is an audience technology platform. We and our partners collect and use data to ensure that the advertising you see is relevant. Our technology uses aggregated data to map information and devices together so we can create a broad picture of groups of individuals and their preferences.
Eyeota is committed to being transparent about its processes and the data it interacts with and ensuring that the legal rights of individuals are respected and protected. We appreciate that the nature of our business and the legal rights of individuals are complicated topics and that you may have additional questions. If you want to contact us, please email email@example.com.
Any data we collect is processed in accordance with regional privacy laws, including GDPR in Europe. We advise you to check back with this page from time to time, as we may make changes in accordance with legal requirements.
What does Eyeota's Platform do?
Eyeota owns and operates a technology platform (the "Platform") which collects, organizes, maintains and distributes pseudonymized profile information (the "Platform Data"). Platform Data is collected from a variety of online sources, such as website publishers, and also offline data sources such as market research companies.
What is the purpose of Eyeota's Platform?
Eyeota's Platform allows Eyeota's clients to buy, sell & distribute Platform Data for the specific purposes of:
Eyeota's clients and partners are contractually obliged to have adequate privacy policies which also facilitate these purposes.
What information does Eyeota Platform hold?
The Platform Data that is sent to us by our partners includes aggregated pseudonymized profile information, and data that is sent via the HTTP header including IP address, cookie information, date and time, URLs, operating system, and browser version.
The pseudonymized profile information is aggregated and then organized in to audience segments that fall into the categories of interest data (e.g., interest in sports, news, fashion and associated sub-categories etc.), demographic data (e.g., age, gender, employment sector, income band etc.) and purchase intent data (e.g. in-market for electronics, financial products, online fashion etc.).
Eyeota's Platform is not designed to collect any Personal Data such as full name, email address, physical address or sensitive Personal Data such as social security number etc. In addition, our clients and partners are contractually prohibited from transmitting any data which can directly identify an individual to Eyeota. We do not intentionally collect data that we consider to be sensitive.
The definition of Sensitive Data within the EU (as defined by Article 9.1 of the General Data protection Regulation or "GDPR") includes:
In the US and Asia, Eyeota does receive the following data from some of our data providers:
For information relating to our age data policies, please refer to the Protecting Children's Data section of this policy under 4. Personal Rights for EU Data Subjects below.
What is Eyeota Platform Data used for?
Eyeota's Platform is designed to enable manufacturers and brands to discover audiences who may have a preference for their advertising. The platform helps advertisers discover new audiences who have traits, preferences and interests which are similar to their existing customers or their desired audiences. Eyeota's Platform Data is useful to a number of different groups
If, at any time, you would like to opt-out of participating in this type of online interest-based advertising where the adverts you see can be based on your pseudonymized profile information, please go to the opt-out section of this policy.
The Platform is operated by Eyeota Pte Ltd, a Singapore registered company with company number 201223893Z and with the registered address of
Eyeota Pte Ltd
12a Upper Circular Road
How does Eyeota collect Platform Data?
We use online technologies such as Cookies, Pixel Tags, Server-to-Server Connections and Secure Data Transfers with our partners to collect and store Platform Data. We do not use "flash cookies" or any other embedded tracking mechanisms.
Does Eyeota process data collected from consent signals?
Yes. Eyeota is a registered Global Vendor within the IAB Transparency and Consent Framework (IAB Vendor ID: 120) which in turn pushes vendor list and consent rights through various market-facing Consent Management Platforms (CMPs). We use this framework to collect and manage consent signals from our data partners for Matching Data to Offline Sources as well as for the purposes of Storage and Access of Information, Personalisation, Ad Selection, Reporting and Delivery, Content Delivery, Selection and Reporting, and Measurement.
Our platform also accepts consent-based data sets from CMPs that operate outside of the IAB Transparency and Consent Framework.
Does Eyeota also accept data collected under Legitimate Interest?
Yes. Some of our data partners have chosen to handle data collection for pseudonymous targeting under legitimate interest. Following the legitimate interest provisions of GDPR, we accept this data. However, we also require additional information that supports a data provider's case for legitimate interest.
Eyeota is able to filter and separate data collected under consent and legitimate interest and provide specific siloed consent data based on client demand.
We believe it is likely that consent will ultimately be required under the ePrivacy Regulation and strongly encourage our data partners to obtain a consent as (may be) required under the ePrivacy Regulation.
What is Eyeota's legal basis for collecting and processing Platform Data in the EEA?
For data from EU data subjects processed via the Platform, Eyeota operates under the legitimate interest provisions of the GDPR.
For example, as you use the internet to discover content, products and services or to use a digital service for your daily life, advertising may be served to you that is relevant to your interests or lifestyle. Brands and Advertisers use data companies like Eyeota to identify groups of people with particular interests or preferences so that they can serve advertising that is more relevant to them than other groups of people.
This legal basis of legitimate interest is founded on the position that the advertising-funded internet delivers significant value to internet users as well as wider economies. The types of data segments utilized by Eyeota (e.g., pseudonymous Personal Data) and the profiling activities are not generally considered high risk. Eyeota adopts controls to ensure that the data collected is secured and won't fall into the hands of an entity that might be in position to harm the human rights of data subjects. Thus, the balance of interests leans towards benefits generated for data subjects, publishers and advertisers outweigh the risks to the fundamental human rights of data subjects.
The only data that Eyeota interacts with which are directly classified as Personal Data under the GDPR are IP addresses and cookie IDs. However, as all profile information is attached to pseudonymous Personal Data such as a cookie ID, all profile information is also considered to be Personal Data.
For Eyeota to process your data, you may have consented to accept a cookie or to processing of your data from one of our partner data providers, thus, we also expect to handle data that has been collected and provided on the basis of consent.
If you have any further questions relating to Eyeota's legal basis for collecting and processing data in the European Economic Area, please contact us here.
How long does Eyeota store Platform Data for?
What Platform Data information is shared with third parties?
Eyeota shares Platform Data with partners who provide online advertising services to marketers, advertisers, and online publishers. For a full list of the organizations that receive Platform Data from Eyeota directly, please refer to Eyeota's Integration list here. We will endeavor to keep this list updated on a regular basis as our partners may change from time to time. Under California law, Eyeota is deemed to have sold Platform Data to each of these partners over the previous 12 months.
Reporting is also an integral part of Eyeota's business. Under contract, our clients and data providers receive periodic operational reports for performance tracking and billing and auditing. We also generate reports that provide insights on the popularity and usage of the aggregated data, such as the number of data subjects that appear in a segment, in aggregate. The reports are prepared using aggregated Platform Data and contain only pseudonymized data.
The aggregated Platform Data may be shared with authorized employees, independent contractors, consultants, and subsidiaries. User-level Platform Data is only made available to full-time employees in our technology team, who need access to execute their job requirements, on a limited-access basis, and in line with our Data Minimization Policy (Eyeota Company Policy designed to protect the individual rights of data subjects or users and to ensure that employees understand their obligations with respect to user-level data).
We may also use the services of third-party service providers for cloud data storage, analysis, and processing facilities and to provide operational or other support services. Other third-party service providers used by Eyeota include: a) cloud computer, data storage and file storage providers, b) email marketing providers, c) website and b2b sales analytics providers, d) customer relationship management, contact database vendors, data hygiene vendors, survey vendors and project management software providers, e) customer billing systems partners, f) login authentication providers to ensure that the logins to our systems are working efficiently, g) social media platforms for advertising and marketing purposes, h) outsourced computer programmers helping ensure our systems are operating properly, i) auditing, debugging and security vendors. Data is shared only to enable these entities to perform professional and technical functions in relation to Eyeota's business. These entities are subject to confidentiality restrictions and are not authorized to use, access or transform information they receive from us for any purpose other than providing their services to Eyeota.
We may be required to share Platform Data and information with regulatory authorities, government agencies, and law enforcement officials, as permitted or enforced by law. Additionally, we may share data and information to defend or protect our legal rights, our intellectual and physical property, our employees and service providers, the safety and security of our business partners and their online users, and to protect us against fraud.
Our corporate website at www.eyeota.com is designed for our business partners, those seeking information about Eyeota, and also for recruiting new employees. Eyeota collects partner and client data from its customers and website and marketing data from its corporate website www.eyeota.com for business purposes such as billing, account maintenance and other customer services, marketing to current and prospective customers, recruitment, responding to general inquiries and also for website analytics, detecting and preventing malicious behavior on our website and improving and organizing the content of our website. These data sets are collectively known as Business Data.
Business Data is collected from our website as follows:
Why do you collect this Business Data?
Do you share Business Data?
Business Data is not shared with third parties except for the purposes stated in this statement. We may share Business Data with authorized employees, affiliates, subsidiaries, vendors, or other third parties to perform services on our behalf that are related to the purposes stated in this statement (e.g. our customer relationship management (CRM) system provider, etc).
We may disclose Business Data to third parties when we believe we are reasonably required to do so by law, and in order to investigate, prevent, or take action regarding suspected or actual prohibited activities, including but not limited to fraud and situations involving potential threats to the physical safety of any person.
We may transfer Business Data, including any personally identifiable data, to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, debt refinancing, or other corporate change. In these instances, Eyeota will take the steps necessary to ensure that the Business Data will continue to be governed by this privacy statement.
How long do you keep Business Data for?
We retain Business Data for as long as we have an active relationship with our partners unless otherwise specified, or until it is deleted following a request from the subject of the data. Business Data is deleted 13-months after our last interaction unless Business Data is required to be stored under applicable law.
Do you transfer this Business Data to other countries?
Eyeota has employees around the world, and due to the fact that we utilize a global CRM system, Business Data is transferred to other countries.
From 25th May 2018 onwards, where we are transferring data from the European Union to non-European Union countries, we will do so using EU-approved model contract clauses.
What is Eyeota's legal basis for collecting and processing Business Data?
The legal basis for processing Business Data is contractual necessity. We also process data for sales and marketing purposes under our Legitimate Interest in expanding, managing and operating our business. We obtain consent when collecting Business Data via registration forms on www.eyeota.com.
Platform Data: Choice Mechanism
Eyeota honors your choice with respect to how data is processed on the Platform. Different jurisdictions provide you with different rights. For example, EU data subjects have the right to object to certain forms of data processing and/or to withdraw their consent to such processing. Data subjects in California have the right to opt-out from Eyeota’s sale of Platform Data. Data subjects in the rest of the United States and many other places have the right to opt-out from many forms of ad targeting.
When you click onto Eyeota's choice mechanism, we will attempt to place a non-unique cookie on your browser which tells our systems to stop targeting ads to that browser and to cease processing of data with respect to that browser. For California consumers, the presence of the non-unique opt-out cookie means that we will stop the sale of Platform Data. Please note that you will still see adverts online, however, these adverts may be less relevant because they won't be based on your interests.
Other ways to opt-out (on desktop computers & laptops)
Users can also exercise choice with respect to Eyeota's Platform Data collection via any one of the methods operated by certain advertising trade associations below:
Please note that if you change your browser settings to block, delete and/or control the use of all third-party cookies, it may negatively impact Eyeota's ability to place an opt-out cookie on your browser. Also, if you use a different computer or device, you may need to renew your choice.
Note for EU data subjects. When we can reasonably see that a data subject is coming from the EU and has an Eyeota opt-out cookie on their browser, that tells our systems to stop processing data with respect to that browser.
The lifespan of Eyeota's choice cookie is 5 years if our opt-out cookie is not deleted from the users' browser.
Business Data: Opt-out Information
You are entitled to opt-out from our marketing lists and databases at any time. If you wish to update or change any information previously provided to Eyeota via our website, please re-submit your details via the "Contact us" section, or submit a request to update your details here. You may also request to delete any previously submitted information using the same form.
Please allow up to 72 hours for your contact details to be removed from our database. Please note, if you do decide to opt-out and you or your business have a contractual agreement with Eyeota regarding the provision of products or services, we may still be required to send you emails in regards to these services and to support our contractual obligations.
Subject Access Requests
Please complete a Subject Access Request form to receive a copy of any platform and/or business data we hold about you. You can also use this form to request the following further options:
The information you supply in this form will only be used to identify the platform and/or business data you are requesting and responding to your request. Once you submit a Subject Access Request form we will endeavor to respond to you within 72 hours of receipt of your request. Please allow 30 days for Eyeota to process your request.
You can also email Eyeota at firstname.lastname@example.org with any questions or queries you have regarding your data. EU data subjects and California consumers are afforded additional privacy rights as described below.
Personal Rights for California Consumers
Users that are located within the State of California are afforded certain rights under the California Consumer Privacy Act (CCPA), including: a) the right to see what data we have about you, your computer or device (i.e., the right to know), b) the right to delete the data we have about you, your computer or device (i.e., the right to delete) and c) the right to opt-out of the sale of data about you, your computer or device to certain third parties (i.e., the right to opt-out from sales of your information). We do not discriminate against you if you exercise any of the above rights. Moreover, we may not be able to honor a right if doing so would violate applicable law.
You may access those rights with respect to Eyeota by visiting our Subject Access Request page. As a California data subject, if you make a subject access request as set out in this policy, you are entitled to see and delete the personal information that we have about you.
The CCPA defines personal information broadly and as such, it includes pseudonymous identifiers such as cookie IDs and mobile advertising IDs. Under the CCPA, your request to see the personal information that we have about you may include: (1) specific pieces of personal information that we may have about you; (2) categories of personal information we have collected about you; (3) categories of sources from which the personal information is collected; (4) categories of personal information that we sold or disclosed for a business purpose about you; (5) categories of third parties to whom the personal information was sold or disclosed for a business purpose under the CCPA; and (6) the business or commercial purpose for collecting or selling personal information.
We may take reasonable steps to verify your request. We will fulfill requests we are able to verify so long as we are not prohibited from doing so by applicable law and/or the information is not essential for us for billing, fraud prevention or security purposes. We will share our reason(s) for denying your request in the event that we are unable to fulfill your request.
Users that are located within the European Union are afforded certain rights under Chapter III of the GDPR. These rights include:
With respect to personal right 1 above
If you would like to receive a copy of your data, please submit a Subject Access Request here.
With respect to personal right 7 above
Eyeota's supervisory authority in Europe is the Information Commissioner's Office (ICO) of the United Kingdom. If you would like to lodge a complaint to the UK ICO, please contact them here.
Do you transfer Business or Platform Data to other countries?
Yes, Eyeota will typically transfer data outside of the country of origin for a number of purposes including:
From 25th May 2018 onwards, where we are transferring Personal Data to or from the European Union to non-European Union countries, we will do so under contract and using the standard EU EU-approved model contract clauses and/or another viable cross-border data transfer mechanism, such as Privacy Shield.
How is the data you collect secured & protected?
Eyeota takes appropriate security measures to safeguard Platform Data and other information in our possession against unauthorized access, use, modification, disclosure, and destruction. Our security measures include physical security, appropriate encryption, and restricted access to guard against the unauthorized use of data or information.
While we take all precautions to protect the data in our control, no security measures, however thorough, are perfect nor can they be guaranteed to be completely secure. Therefore, we cannot ensure or warrant absolute security of any Platform Data or other information. In particular, we cannot guarantee that Platform Data or information will not be disclosed, altered, accessed or destroyed in accidental circumstances or by unauthorized acts of others.
Protecting children's data
Within the EU, Eyeota does not collect age data on users under the age of 16 and does not operate on digital properties that are directed to persons under 16. Eyeota is compliant with COPPA regulations within the US. Outside of the EU does not collect age data on users under the age of 13.
If there are any questions, comments, concerns or complaints related to this policy, please contact us here, or please write to us at the following address:
Eyeota Pte Ltd, 12a Upper Circular Road, 058410, Singapore, Attention: Privacy Team
Eyeota supports industry self-regulation, and we endorse and align our business processes to the best practices and self-regulatory requirements that apply to our industry and the Platform.
In Europe, Eyeota is a certified member of the European Interactive Digital Advertising Alliance (EDAA) and adheres to the EDAA Self Regulating Principles for Online Behavioural Advertising. You can learn more about the EDAA at their website.
Our Privacy Body Associations
Eyeota is associated with numerous data privacy bodies including being: