Privacy Policy: 11th September 2020
Eyeota is an audience technology platform. We and our partners collect and use data to ensure that the advertising you see is relevant. Our technology uses aggregated data to map information and devices together so we can create a broad picture of groups of individuals and their preferences.
This privacy policy provides the details of the Eyeota business; the data that we collect; the purpose for this data collection and what your individual rights are with respect to any Personal Data that Eyeota may hold on you.
Eyeota is committed to being transparent about its processes and the data it interacts with and ensuring that the legal rights of individuals are respected and protected. We appreciate that the nature of our business and the legal rights of individuals are complicated topics and that you may have additional questions. If you want to contact us, please email privacy@eyeota.com.
Any data we collect is processed in accordance with regional privacy laws, including GDPR in Europe. We advise you to check back with this page from time to time, as we may make changes in accordance with legal requirements.
Contents of Privacy Policy
What does Eyeota's Platform do?
Eyeota owns and operates a technology platform (the "Platform") which collects, organizes, maintains and distributes pseudonymized profile information (the "Platform Data"). Platform Data is collected from a variety of online sources, such as website publishers, and also offline data sources such as market research companies.
What is the purpose of Eyeota's Platform?
Eyeota's Platform allows Eyeota's clients to buy, sell & distribute Platform Data for the specific purposes of:
Eyeota's clients and partners are contractually obliged to have adequate privacy policies which also facilitate these purposes.
What information does Eyeota Platform hold?
The Platform Data that is sent to us by our partners includes aggregated pseudonymized profile information, and data that is sent via the HTTP header including IP address, cookie and mobile advertising IDs, hashed email addresses,, date and time, URLs, operating system, and browser version.
Where we can reasonably infer that a particular computer and mobile device belong to the same user or household, we may consider those browser(s) and/or device(s) as linked for the purposes of leveraging the Platform Data. This process is sometimes called a device graph. We may also augment the Platform Data via a heuristic onboarding methodology that pulls aggregate data via postal code.
The pseudonymized profile information is aggregated and then organized in to audience segments that fall into the categories of interest data (e.g., interest in sports, news, fashion and associated sub-categories etc.), demographic data (e.g., age, gender, employment sector, income band etc.) and purchase intent data (e.g. in-market for electronics, financial products, online fashion etc.).
Eyeota's Platform is not designed to collect any Personal Data such as full name, email address, physical address or sensitive Personal Data such as social security number etc. In addition, our clients and partners are contractually prohibited from transmitting any data which can directly identify an individual to Eyeota. We do not intentionally collect data that we consider to be sensitive.
The definition of Sensitive Data within the EU (as defined by Article 9.1 of the General Data protection Regulation or "GDPR") includes:
Outside of the EU, Eyeota does receive the following data from some of our data providers:
For information relating to our age data policies, please refer to the Protecting Children's Data section of this policy under 4. Personal Rights for EU Data Subjects below.
What is Eyeota Platform Data used for?
Eyeota's Platform is designed to enable manufacturers and brands to discover audiences who may have a preference for their advertising. The platform helps advertisers discover new audiences who have traits, preferences and interests which are similar to their existing customers or their desired audiences. Eyeota's Platform Data is useful to a number of different groups
If, at any time, you would like to opt-out of participating in this type of online interest-based advertising where the adverts you see can be based on your pseudonymized profile information, please go to the opt-out section of this policy.
The Platform is operated by Eyeota Pte Ltd, a Singapore registered company with company number 201223893Z and with the registered address of
Eyeota Pte Ltd
12a Upper Circular Road
058410
Singapore.
How does Eyeota collect Platform Data?
We use online technologies such as Cookies, Mobile advertising IDs, Hashed Email Addresses, Pixel Tags, Server-to-Server Connections and Secure Data Transfers with our partners to collect and store Platform Data. We do not use "flash cookies" or any other embedded tracking mechanisms.
How does Eyeota use cookies within the Eyeota Platform?
Eyeota's Platform utilizes cookies for identifying individual browsers and storing data against cookie IDs for the purposes of interest-based advertising and analytics. The Platform also uses cookies to store users' opt-out preferences. Eyeota's cookies are considered to be "third-party" cookies; please note that some browsers or other software might be configured to block third-party cookies by default.
Does Eyeota process data collected from consent signals?
Yes, in places such as the EU where it is required Eyeota is a registered Global Vendor within the IAB Transparency and Consent Framework (IAB Vendor ID: 120) which in turn pushes vendor list and consent rights through various market-facing Consent Management Platforms (CMPs). We use this framework to collect and manage consent signals from our data partners for Matching Data to Offline Sources as well as for the purposes of Store and/or access information on a device, Create a personalised ads profile, Create a personalised content profile, Apply market research to generate audience insights, Develop and improve products. .
Our platform also accepts consent-based data sets from CMPs that operate outside of the IAB Transparency and Consent Framework.
Does Eyeota also accept data collected under Legitimate Interest?
No. As of 25th March 2020, Eyeota only accepts and processes data from the EU/EEA under the basis of consent.
What is Eyeota's legal basis for collecting and processing Platform Data in the EEA?
For data from EU data subjects processed via the Platform, Eyeota operates under the consent provisions of the GDPR.
The only data that Eyeota interacts with which are directly classified as Personal Data under the GDPR are IP addresses, hashed email addresses and cookie IDs. However, as all profile information is attached to pseudonymous Personal Data such as a cookie ID, all profile information is also considered to be Personal Data.
For Eyeota to process your data, you may have consented to accept a cookie or to processing of your data from one of our partner data providers, thus, we also expect to handle data that has been collected and provided on the basis of consent.
If you have any further questions relating to Eyeota's legal basis for collecting and processing data in the European Economic Area, please contact us here.
How long does Eyeota store Platform Data for?
What Platform Data information is shared with third parties?
Eyeota shares Platform Data with partners who provide online advertising services to marketers, advertisers, and online publishers. For a full list of the organizations that receive Platform Data from Eyeota directly, please refer to Eyeota's Integration list here. We will endeavor to keep this list updated on a regular basis as our partners may change from time to time. Under California law, Eyeota is deemed to have sold Platform Data to each of these partners over the previous 12 months.
Reporting is also an integral part of Eyeota's business. Under contract, our clients and data providers receive periodic operational reports for performance tracking and billing and auditing. We also generate reports that provide insights on the popularity and usage of the aggregated data, such as the number of data subjects that appear in a segment, in aggregate. The reports are prepared using aggregated Platform Data and contain only pseudonymized data.
The aggregated Platform Data may be shared with authorized employees, independent contractors, consultants, and subsidiaries. User-level Platform Data is only made available to full-time employees in our technology team, who need access to execute their job requirements, on a limited-access basis, and in line with our Data Minimization Policy (Eyeota Company Policy designed to protect the individual rights of data subjects or users and to ensure that employees understand their obligations with respect to user-level data).
We may also use the services of third-party service providers for cloud data storage, analysis, and processing facilities and to provide operational or other support services. Other third-party service providers used by Eyeota include: a) cloud computer, data storage and file storage providers, b) email marketing providers, c) website and b2b sales analytics providers, d) customer relationship management, contact database vendors, data hygiene vendors, survey vendors and project management software providers, e) customer billing systems partners, f) login authentication providers to ensure that the logins to our systems are working efficiently, g) social media platforms for advertising and marketing purposes, h) outsourced computer programmers helping ensure our systems are operating properly, i) auditing, debugging and security vendors. Data is shared only to enable these entities to perform professional and technical functions in relation to Eyeota's business. These entities are subject to confidentiality restrictions and are not authorized to use, access or transform information they receive from us for any purpose other than providing their services to Eyeota.
We may be required to share Platform Data and information with regulatory authorities, government agencies, and law enforcement officials, as permitted or enforced by law. Additionally, we may share data and information to defend or protect our legal rights, our intellectual and physical property, our employees and service providers, the safety and security of our business partners and their online users, and to protect us against fraud.
Finally, we may share some or all Platform Data and information assets if our company is sold, acquired, transferred or merged, files bankruptcy, undergoes debt refinancing, undergoes any form organizational change or any other business transaction that may require assets under our control to transferred to third parties as part of the business transaction. In these instances, Eyeota will take the steps necessary to ensure that the Platform Data and information will continue to be governed by this privacy policy.
Business Data
Our corporate website at www.eyeota.com is designed for our business partners, those seeking information about Eyeota, and also for recruiting new employees. Eyeota collects partner and client data from its customers and website and marketing data from its corporate website www.eyeota.com for business purposes such as billing, account maintenance and other customer services, marketing to current and prospective customers, recruitment, responding to general inquiries and also for website analytics, detecting and preventing malicious behavior on our website and improving and organizing the content of our website. These data sets are collectively known as Business Data.
Business Data is collected from our website as follows:
Why do you collect this Business Data?
The Business Data is used only for the purposes of marketing, communicating with our customers, responding to general inquiries, providing our services and recruitment. The Business Data which is collected using cookies does not include any data that can directly identify an individual and the purpose of this data is to allow website analytics, detecting and preventing malicious behavior on our website, and improving and organizing the content of our website. Business Data is not used or combined with our Platform Data, nor is it used for the Platform purposes outlined above in this privacy policy.
Do you share Business Data?
Business Data is not shared with third parties except for the purposes stated in this statement. We may share Business Data with authorized employees, affiliates, subsidiaries, vendors, or other third parties to perform services on our behalf that are related to the purposes stated in this statement (e.g. our customer relationship management (CRM) system provider, etc).
We may disclose Business Data to third parties when we believe we are reasonably required to do so by law, and in order to investigate, prevent, or take action regarding suspected or actual prohibited activities, including but not limited to fraud and situations involving potential threats to the physical safety of any person.
We may transfer Business Data, including any personally identifiable data, to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, debt refinancing, or other corporate change. In these instances, Eyeota will take the steps necessary to ensure that the Business Data will continue to be governed by this privacy statement.
How long do you keep Business Data for?
We retain Business Data for as long as we have an active relationship with our partners unless otherwise specified, or until it is deleted following a request from the subject of the data. Business Data is deleted 13-months after our last interaction unless Business Data is required to be stored under applicable law.
Do you transfer this Business Data to other countries?
Eyeota has employees around the world, and due to the fact that we utilize a global CRM system, Business Data is transferred to other countries.
From 25th May 2018 onwards, where we are transferring data from the European Union to non-European Union countries, we will do so using EU-approved model contract clauses.
What is Eyeota's legal basis for collecting and processing Business Data?
The legal basis for processing Business Data is contractual necessity. We also process data for sales and marketing purposes under our Legitimate Interest in expanding, managing and operating our business. We obtain consent when collecting Business Data via registration forms on www.eyeota.com.
Platform Data
How to opt-out: Desktop
Eyeota honors your choice with respect to how data is processed on the Platform. Different jurisdictions provide you with different rights. For example, EU data subjects have the right to object to certain forms of data processing and/or to withdraw their consent to such processing. Data subjects in California have the right to opt-out from Eyeota’s sale of Platform Data. Data subjects in the rest of the United States and many other places have the right to opt-out from many forms of ad targeting.
CHOICE MECHANISM: OPT-OUT OF EYEOTA'S PLATFORM
When you click onto Eyeota's choice mechanism, we will attempt to place a non-unique cookie on your browser which tells our systems to stop targeting ads to that browser and to cease processing of data with respect to that browser. For California consumers, the presence of the non-unique opt-out cookie means that we will stop the sale of Platform Data. Please note that you will still see adverts online, however, these adverts may be less relevant because they won't be based on your interests.
Other ways to opt-out
Users can also exercise choice with respect to Eyeota's Platform Data collection via any one of the methods operated by certain advertising trade associations below:
Please note that if you change your browser settings to block, delete and/or control the use of all third-party cookies, it may negatively impact Eyeota's ability to place an opt-out cookie on your browser. Also, if you use a different computer or device, you may need to renew your choice.
Note for EU data subjects. When we can reasonably see that a data subject is coming from the EU and has an Eyeota opt-out cookie on their browser, that tells our systems to stop processing data with respect to that browser.
Please refer to your web browser's help documentation for more information for managing the use of cookies directly through the browser settings.
The lifespan of Eyeota's choice cookie is 5 years if our opt-out cookie is not deleted from the users' browser.
How to Opt-out on Mobile:
We honor the mobile device settings for Android and Apple iOS devices. To exercise this opt-out, please visit the privacy settings of your Android or iOS device and select “limit ad tracking” (Apple iOS) or “opt-out of interest based ads” (Android). For devices where we are able to see that such a selection has been made, our systems stop targeting ads to that device and to cease processing of data with respect to that device. Please note that you will still see adverts online, however, these adverts may be less relevant because they won't be based on your interests.
The NAI provides a helpful guide that outlines opt-out processes for most of the major mobile operating systems.
Business Data: Opt-out Information
You are entitled to opt-out from our marketing lists and databases at any time. If you wish to update or change any information previously provided to Eyeota via our website, please submit a request to update your details here. You may also request to delete any previously submitted information using the same form.
UNSUBSCRIBE FROM EYEOTA MARKETING
Please allow up to 72 hours for your contact details to be removed from our database. Please note, if you do decide to opt-out and you or your business have a contractual agreement with Eyeota regarding the provision of products or services, we may still be required to send you emails in regards to these services and to support our contractual obligations.
Subject Access Requests
Please complete a Subject Access Request form to receive a copy of any platform and/or business data we hold about you. You can also use this form to request the following further options:
The information you supply in this form will only be used to identify the platform and/or business data you are requesting and responding to your request. Once you submit a Subject Access Request form we will endeavor to respond to you within 72 hours of receipt of your request. Please allow 30 days for Eyeota to process your request.
You can also email Eyeota at privacy@eyeota.com with any questions or queries you have regarding your data. EU data subjects and California consumers are afforded additional privacy rights as described below.
Personal Rights for California Consumers
Users that are located within the State of California are afforded certain rights under the California Consumer Privacy Act (CCPA), including: a) the right to see what data we have about you, your computer or device (i.e., the right to know), b) the right to delete the data we have about you, your computer or device (i.e., the right to delete) and c) the right to opt-out of the sale of data about you, your computer or device to certain third parties (i.e., the right to opt-out from sales of your information). We do not discriminate against you if you exercise any of the above rights. Moreover, we may not be able to honor a right if doing so would violate applicable law.
You may access those rights with respect to Eyeota by visiting our Subject Access Request page or calling the following toll-free number: 1-866-I-OPT-OUT. Eyeota Service Code: 714. As a California data subject, if you make a subject access request as set out in this policy, you are entitled to see and delete the personal information that we have about you.
The CCPA defines personal information broadly and as such, it includes pseudonymous identifiers such as cookie IDs and mobile advertising IDs. Under the CCPA, your request to see the personal information that we have about you may include: (1) specific pieces of personal information that we may have about you; (2) categories of personal information we have collected about you; (3) categories of sources from which the personal information is collected; (4) categories of personal information that we sold or disclosed for a business purpose about you; (5) categories of third parties to whom the personal information was sold or disclosed for a business purpose under the CCPA; and (6) the business or commercial purpose for collecting or selling personal information.
We may take reasonable steps to verify your request. We will fulfill requests we are able to verify so long as we are not prohibited from doing so by applicable law and/or the information is not essential for us for billing, fraud prevention or security purposes. We will share our reason(s) for denying your request in the event that we are unable to fulfill your request.
Users that are located within the European Union are afforded certain rights under Chapter III of the GDPR. These rights include:
With respect to personal right 1 above
If you would like to receive a copy of your data, please submit a Subject Access Request here.
With respect to personal right 7 above
Eyeota's supervisory authority in Europe is the Information Commissioner's Office (ICO) of the United Kingdom. If you would like to lodge a complaint to the UK ICO, please contact them here.
Do you transfer Business or Platform Data to other countries?
Yes, Eyeota will typically transfer data outside of the country of origin for a number of purposes including:
From 25th May 2018 onwards, where we are transferring Personal Data to or from the European Union to non-European Union countries, we will do so under contract and using the standard EU-approved model contract clauses.
How is the data you collect secured & protected?
Eyeota takes appropriate security measures to safeguard Platform Data and other information in our possession against unauthorized access, use, modification, disclosure, and destruction. Our security measures include physical security, appropriate encryption, and restricted access to guard against the unauthorized use of data or information.
While we take all precautions to protect the data in our control, no security measures, however thorough, are perfect nor can they be guaranteed to be completely secure. Therefore, we cannot ensure or warrant absolute security of any Platform Data or other information. In particular, we cannot guarantee that Platform Data or information will not be disclosed, altered, accessed or destroyed in accidental circumstances or by unauthorized acts of others.
Protecting children's data
Within the EU, Eyeota does not collect age data on users under the age of 16 and does not operate on digital properties that are directed to persons under 16. Eyeota is compliant with COPPA regulations within the US. Outside of the EU does not collect age data on users under the age of 13.
Questions
If there are any questions, comments, concerns or complaints related to this policy, please contact us here, or please write to us at the following address:
Eyeota Pte Ltd, 12a Upper Circular Road, 058410, Singapore, Attention: Privacy Team
Eyeota supports industry self-regulation, and we endorse and align our business processes to the best practices and self-regulatory requirements that apply to our industry and the Platform.
In Europe, Eyeota is a certified member of the European Interactive Digital Advertising Alliance (EDAA) and adheres to the EDAA Self Regulating Principles for Online Behavioural Advertising. You can learn more about the EDAA at their website.
Our Privacy Body Associations
Eyeota is associated with numerous data privacy bodies including being:
Eyeota reserves the right to update this Privacy Policy from time to time to reflect our practices and the law.
