EFFECTIVE DATE: January 22, 2020
WHO WE ARE
AcuityAds (“AcuityAds” “we” “our”) is a leading advertising company that provides a technology platform (the “Platform”) for marketers, offering a powerful and holistic solution for digital advertising across all ad formats and devices to amplify reach and Share of Attention™ throughout the customer journey. AcuityAds has developed a proprietary technology platform that enables marketers and agencies to effectively target consumers with digital advertising. Most of the internet is offered to users free of charge. Web publishers are able to offer valuable content for free because they are supported by advertising. AcuityAds aims to create a better digital experience for web users by allowing advertisers to present relevant advertising content, rather than advertising that is unrelated to users’ interests. Advertisers also benefit because targeted advertising is more effective and better received.
We are members of the Network Advertising Initiative (NAI) and adhere to its Codes of Conduct, as well as the Digital Advertising Alliance (DAA) and the Digital Advertising Alliance of Canada’s (DAAC) Self-Regulatory Principles for Online Behavioral Advertising.
OVERVIEW OF THE TYPES OF DATA COLLECTED BY ACUITYADS
AcuityAds collects personal data in the course of our business. The definitions of personal data vary depending on the laws where you are located. For example, in the European Union (EU), Canada and the U.S. State of California, personal data is defined more broadly than in other places and would include both PII and Pseudonymous Identifiers (defined below). In California, it is sometimes referred to as personal information. AcuityAds will explain the different types of personal data and personal information below, and will try to be clear when we’re describing our use of each throughout this Policy.
Personally Identifiable Information
AcuityAds collects personally identifiable information (“PII”) when you choose to provide it to us. PII is any information that specifically identifies or locates a particular person or entity. We receive and store any PII you provide to us. The types of PII collected may include your name, postal address, telephone number, and email address. For example, you may choose to send PII about yourself in an email, by completing an online form on our Website, or by signing up for our service or e-newsletter. You may also provide us with PII as a Client in order to setup an account with us, to login to access reports or to facilitate billing. AcuityAds uses this information for our reasonable business purposes, including to contact you to respond to your inquiry, to provide the service requested or to maintain your account with us.
AcuityAds also collects pseudonymous identifiers on the Website. Pseudonymous Identifiers help our Website recognize a particular browser or device, but it doesn’t enable us to know your identity as a natural person. This information helps us collect and make use of other personal data to help the Website function and to allow us to conduct analytics to better understand who is utilizing the Website without needed to know their real world identity.
PRIVACY PRACTICES FOR OUR WEBSITE
AcuityAds collects PII from our Website when you choose to provide it to us. For example, you may choose to send PII about yourself in an email, or by completing a form on the Website. AcuityAds uses this information only to contact you to respond to your inquiry. Once collected, AcuityAds will store your PII for a reasonable time for record keeping purposes.
AcuityAds also collects Pseudonymous Identifiers from visitors to this Website such as a cookie ID and IP address. We also collect information about the pages viewed on the Website, your browser type, Internet Service Provider, domain name, the time/date of your visit to this Website, the referring URL and your computer’s operating system.
AcuityAds retains the web log data collected via the Website for a maximum of 180 days, although we generally don’t retain this data for EU data subjects for more than a few days. After 180 days, we aggregate the log data so that it does not identify any individual device and retain the aggregate data for up to three years. Our cookies are set to expire before one year; this expiration date updates every time you encounter our server.
AcuityAds takes reasonable measures to help protect the information we collect from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. This includes but is not limited to the use of firewalls and encryption. No method of transmission over the Internet or method of electronic storage is 100% secure; therefore, while the company strives to use commercially acceptable means to protect your information, it cannot guarantee absolute security.
CHOICE MECHANISM: OBJECTING TO PROCESSING, OPTING OUT
BROWSER BASED CHOICE MECHANISMS
We may target ads on other websites when you visit this Website. If you prefer not to receive targeted advertising from AcuityAds, you may opt-out via one of the links below.
Network Advertising Initiative (“NAI”) – www.networkadvertising.org
Digital Advertising Alliance (“DAA”) – www.aboutads.info
Digital Advertising Alliance of Canada (“DAAC”) – www.youradchoices.ca
European Digital Advertising Alliance (“EDAA”) – www.youronlinechoices.eu/
DISCLOSURE, ONWARD TRANSFER
We contract with a select group of third-party processors and service providers such as networking and storage providers to allow them to carry out their services for us. Other third-party service providers used by Acuity include: a) outsourced computer programmers helping ensure our systems are operating properly; b) email marketing providers, c) website and b2b sales analytics providers, d) customer relationship management, contact database vendors, data hygiene vendors, survey vendors and project management software providers, e) customer billing systems partners, f) login authentication providers to ensure that the logins to our systems are working efficiently, g) social media platforms for advertising and marketing purposes, h) auditing, debugging and security vendors. Those processors and service providers are contractually obligated to process data only as instructed by AcuityAds.
Please take note of the following exceptional situations: AcuityAds may be required to disclose information to third parties when obligated to do so by law and in order to investigate, prevent, or take action regarding suspected, or actual prohibited activities, including transfer reasonably intended to meet national security or law enforcement requirements, or when we believe in good faith that disclosure is necessary to protect our rights, including but not limited to fraud and situations involving potential threats to the physical safety of any person. In the event that AcuityAds sells, merges or transfers all or part of its business, we may transfer visitor information to a third party as part of that transaction.
DO NOT TRACK
A number of industry groups are attempting to develop a Do Not Track (DNT) standard. Currently, the standards regarding the DNT signals and appropriate responses are not consistently defined. Where we can ascertain that a browser being used by a California data subject has enacted DNT, we treat that user as having opted out from AcuityAds’ sale of their personal information.
ACCESSING, CHANGING, REMOVING INFORMATION
If you believe we have PII about you (e.g. because you’re a current or former Client, or you provided PII to receive AcuityAds’ e-newsletters) and you would like to change, suppress or otherwise limit our use of that PII, you may contact us by sending an email containing your request to firstname.lastname@example.org. For your protection, we will only implement such requests with respect to the PII associated with the particular email address that you use to send us your request, and we may need to verify your identity and/or obtain more information from you before implementing your request. If you’re located in the EU or California, scroll down to see any additional rights you may have.
CALIFORNIA DATA SUBJECTS
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) provides additional privacy protections for California data subjects and users, including: a) the right to see what data we have about you, your computer or device (i.e., the right to know), b) the right to delete the data we have about you, your computer or device (i.e., the right to delete) and c) the right to opt-out of the sale of data about you, your computer or device to certain third parties (i.e., the right to opt-out from sales of your information). We do not discriminate against you if you exercise any of the above rights. Moreover, we may not be able to honor a right if doing so would violate applicable law.
The CCPA defines personal information broadly and as such, it includes pseudonymous identifiers such as cookie IDs and mobile advertising IDs. You may access those rights with respect to AcuityAds by sending us an email to email@example.com, by calling our California privacy help line at 1-866-6Acuity, or by visiting our data subject access page here. As a California data subject, if you make a subject access request as set out in this policy, you are entitled to see and delete the personal information that we have about you. We will typically confirm your request within 10 days and make a good faith attempt to fulfill your request within 45 days.
EUROPEAN UNION DATA SUBJECTS
The General Data Privacy Regulation (“GDPR”) affords additional rights to EU data subjects. Those rights include the right to complain to EU Supervisory Authorities and the right to access, correct and delete certain personal data processed by AcuityAds.
As described above, with respect to EU data subjects, personal data includes Pseudonymous Identifiers such as an IP address, a mobile advertising ID or a cookie ID. Where AcuityAds is processing data from our Clients, we are typically doing so in order to honor or facilitate the contractual relationship between AcuityAds and that Client (i.e., contractual necessity). Where we are collecting data via the Website, the legal basis will be both legitimate interest and consent in accordance with Article 6 of the GDPR and depending on the type of information subject to processing. Where we rely upon legitimate interest, we have assessed the processing is not high risk and will not violate fundamental human rights. We process personal data of clients and partners for the performance of our contracts with them in accordance with Article 6 of the GDPR.
Where AcuityAds receives from an EU data subject a request to cease processing of data via one of the choice mechanisms listed above, AcuityAds will stop all data processing with respect to the opted out browser or device unless such processing is required by law. When we are asked to stop processing an email address provided by a Client, we will honor that request unless doing so violates law or makes it impossible to honor our contractual commitments with that Client.
If you believe AcuityAds is processing your data and wish to exercise your right to access, delete, port or remove such information, please click here to visit our EU data subject access request page. If you are a Client of AcuityAds and wish to exercise a right, we request that you first reach out to the person who owns the relationship between your company and AcuityAds.
For all requests concerning the security of your data, please contact our data protection officer at firstname.lastname@example.org.
If you have a particularly sensitive request, please contact our data protection officer by postal mail, as communication by e-mail can always be flawed by security vulnerabilities.
AcuityAds reserves the right to revise its policies and practices periodically. If you would like to keep up to date, please visit this page to find out about any changes. We will post any updates as well as their effective dates on this webpage.
Tal Hayek, CEO