This section relates to data collected for use in our products and services. Our full Privacy Policy, we believe, will help you understand LiveRamp and how we use the data to help businesses deliver better marketing experiences to people.

Scope

We respect the right of individuals to privacy. Our Privacy Policy explains:

• Who we are
• What kinds of personal data we may hold about you
• How we obtain data about you
• What we do with personal data
• Who we may share your personal data with
• Data retention, security and transfers
• Your rights
• Other data protection information.

Who we are

Our company is LiveRamp UK Limited. Our registered company registered number is 11393386. Individuals wishing to contact us about data protection issues may do so by calling 0203 966 4150 or by emailing us at ukprivacy@liveramp.com.

What kinds of personal data we may hold about you

LiveRamp holds personal data such as names, addresses, dates of birth, emails and telephone numbers. This information is kept in its identifiable form for the purposes listed below.

How we obtain data about you

We obtain data from partner companies who in turn obtain information from people who volunteer information when they complete lifestyle surveys or when they buy goods or subscribe to clubs or services. In the past, we also collected information directly from our own lifestyle questionnaire program which we no longer run. We obtain data through various channels such as online, by telephone or in paper format. In common with many marketing companies, we also use information that we obtain from public sources, such as the open electoral register and the royal mail postal address file. 

What we do with personal data

We use this data to create solutions to be used for recognition, which enables online targeted advertising services.

Recognition: we use the data for matching and linking to other databases. For example, an advertiser sends us a list of names and addresses, then we match those names and addresses to our product.

Online targeted advertising: our recognition tools enable our clients to customise their online advertising to members of a specific audience, measure the effectiveness of advertising campaigns, connect their data to marketing platforms and share that data with other advertisers.

We do not carry out any marketing ourselves with these solutions, and businesses using them to contact people need separately to ensure they may do so in accordance with data protection law.

Who we may share your personal data with

We share information with our commercial partners – such as brands, advertising platforms and marketing companies – in all industry sectors to help them deliver better marketing and service/communication experiences to people. They may use this personal data for the following purposes:

• to send you relevant marketing or other communications
• to improve the relevance of marketing or other communications
• to clean, validate and enhance marketing or other databases
• to undertake research and analysis
• for product development and testing
• for identity validation and fraud reduction
• to support client relationship
• to connect and link your data to other marketing and advertising databases and platforms
• for work planning, management and strategic decision making and
• for the fulfilment of statutory functions, for example reminding people about TV licences.

Some examples of the industry types you can expect data to be used in are: automotive, charity, education, gaming, retail, leisure, financial services (including retail banking, investments, loans, credit cards, insurance, wills and funeral plans), politics, health/mobility, home improvements, mail order, market research, publishing, media, FMCG (toiletries/cosmetics/food and drink), travel, telecoms and utilities.

We share data directly with brands and via agencies. We also share data (usually in a form where individuals cannot be directly identified) with other marketing companies such as social media and programmatic platforms. We make sure the recipients of our data are reputable entities by conducting appropriate checks on them. Before we share our data we enter into written agreements with recipients which contain data protection terms that safeguard your data.

Personal data used in LiveRamp’s data products and services may also be passed to and used by members of the LiveRamp group of companies worldwide. We may also pass data to other companies that process personal data on our behalf to help us conduct our business. When we do so, we ensure that appropriate contractual safeguards are put in place.

LiveRamp may also disclose personal data as required by law and to comply with legal process.

Data retention, security and transfers

The data we hold is non-sensitive personal data and not subject to any sector specific data retention requirements. That said, our data retention periods are as follows:

Personal data not used for any purpose is deleted. If someone objects to us processing their data then we remove it first of all from our data products, and then from our environment in accordance with our data deletion cycle unless we have a valid justification to hold on to it such as to resolve disputes or comply with our legal obligations. We also retain that which is necessary to keep on a suppression file so if we obtain someone’s data again we know not to use it.

Security

LiveRamp takes security seriously. We make considerable investments and use an industry-recognised security objective control framework to keep our sites and systems secure and to prevent personal data from being made available to any unauthorised persons or businesses. Examples of measures we take to ensure data security are as follows:

Physical Data Security: Personal data is only loaded and accessed by authorised LiveRamp staff in a locked and secure environment. All media containing personal data are stored in a locked and secure environment and all personal data and media are returned to the supplying company or destroyed at the expiration or termination of the relevant agreement or applicable retention period.

Data and System Security: Logical security of the personal data contained within our data centre is protected by multiple layers and techniques that conform to security industry standards and guidelines such as the combination of unique terminal identifiers and passwords.

Document Security and Confidentiality: LiveRamp associates are instructed to ensure that their working areas are left clear with all working information locked away at the end of each business day and when away from their normal place of work for any significant period during the working day.

Data Back-up: LiveRamp backs up all disk system files to the appropriate tape media on daily, weekly, or monthly cycles, according to available processing schedules and periods. One or more generations of a back-up cycle are retained and either stored in an alternate building or moved and stored at a secure offsite location.

Building and Personnel Security: All LiveRamp buildings have a security guard on duty 24 hours a day and access is only granted to personnel displaying a valid security badge. Visitors must identify themselves and sign in before being escorted into an LiveRamp facility.

Security Officer: LiveRamp has a designated member of staff responsible for all aspects of security. Their function is to ensure that all LiveRamp staff are aware of security responsibilities, that procedures are being followed and to carry out periodic audits and compliance spot checks on adherence to security procedures.

Business Partner Security: We expect recipients of our data to have in place similar security measures, and we carry out checks to assess their suitability and put in place adequate contractual safeguards before any data is shared with them.

Transfers

Your personal data cannot be transferred outside the EEA unless a valid adequacy mechanism is in place legitimising such a transfer. We will only transfer personal data outside the EEA once an appropriate transfer mechanism is in place. This might include either EU model clauses, and/or in the case of US recipients, a Privacy Shield certification.

Safeguards afforded by the EU model clauses may be accessed here: https://ico.org.uk/media/1571/model_contract_clauses_international_transfers_of_personal_data.pdf

Your rights

Individuals may request access to, deletion or correction of their personal data, or restrict or object to the use of their data by writing to us at Consumer Services Department, LiveRamp UK Limited, 6th Floor South Bank Central, 30 Stamford Street, London, United Kingdom, SE1 9LQ.  Our data protection officer may be contacted at our registered address or by emailing ukprivacy@liveramp.com.

In the event of a complaint you may contact the relevant supervisory authority which in the UK is the Information Commissioner’s Office whose address is Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Other data protection information

LiveRamp uses and shares personal data based on its legitimate commercial interests, and those of its partner businesses, in accordance with Article 6(1)(f) of the General Data Protection Regulation. We take great care to handle all personal data in accordance with data protection law and to ensure that it is never used in ways that unduly prejudice individuals’ interests. Users of our data are prohibited by contractual restrictions from using our data in a way which discriminates unfairly against individuals or produces legal or similar effects. You have the right to object to this processing and if you wish to do so please inform us by using one of the contact channels in the preceding section.

Transfer of Assets

As LiveRamp develops its business, there may be a change of control of LiveRamp or divisions, subsidiaries, affiliates or portions of LiveRamp. In this situation, personal data is typically considered a transferable asset. Also, in the event that LiveRamp or a part of its divisions, affiliates or subsidiaries are purchased, personal data will be one of the transferred assets.

Changes To Our Privacy Policy

LiveRamp reserves the right to update and revise this Privacy Policy from time to time to take into account legislative and other developments. Any changes we may make to our Privacy Policy will be posted on this page and contain an “effective date” reflecting when the last changes occurred.

Use of cookies and protection of your personal data

This is the Privacy and cookie Policy of LiveRamp Inc (“LiveRamp”), whose registered address is at 225 Bush Street, 17th Floor, San Francisco, CA 94104 (USA). This Policy relates to cookies set and data collected for use in our products and services. LiveRamp provides products and services to its clients which contain personal data.

LiveRamp respects your privacy. The purpose of this policy is to explain how we collect, use and protect your personal data, as well as the ways in which you can make informed choices. We are committed to complying with the applicable regulation and the laws and guidance that implement it.

Personal data legally means any information that can directly or indirectly identify an individual.

1. Our technology – our cookies

LiveRamp cookies are dropped on your browser when you open an email or visit one of our partners’ websites. LiveRamp collects a version of your email address which has been encrypted in an irreversible process which allows us to create a technical ID matched with the cookies. By dropping these cookies, certain technical information can also be collected (such as your IP address or your type of browser or operating system type). These cookies do not track your navigation. You can refuse these cookies at any time and easily by clicking on the opt-out cookie below.

LiveRamp is responsible for processing cookies (and other related data) that are collected from our partners. The latter operate websites and mobile applications through which LiveRamp cookies are dropped. These cookies are used in LiveRamp’s products and services.

The LiveRamp cookies are used to offer you or enable our clients to offer you targeted advertising, to conduct analyses and to measure the performance of these advertisements for marketing purposes. For example, our clients can display an advert on your browser based on your navigation or your consumer habits.

To learn more about how our cookies work, click here.

We only use cookies for our products and services that have been dropped or refreshed within a maximum of 90 days.

A few of our partners also provide us with smart phone identifiers collected and used for advertising (Mobile Advertising ID or MAID) when you have expressed your consent beforehand on these partners’ mobile applications.

All the partners that have allowed us to collect cookies and MAIDs and related data have undergone a rigorous due diligence process, to ensure these operations are compliant with applicable law.

We also partner with marketing platforms which drop their own cookies via their network of websites.  These platforms allow us to sync our cookies with those of the platforms to collaborate on the implementation of our respective clients’ targeted advertising campaigns. To view a full list of these platform partners, click here.

2. Collection and processing of your data

The partners which allow us to drop cookies do not communicate any directly identifiable information with us but only a technical ID, created by hashing your email. This process allows for the creation of an irreversible code that is transferred to us, and thereby, allows us to pseudonymise your personal data.

When we drop cookies, we receive certain technical information which constitute personal data under applicable law, such as your IP address and your type of browser or operating system type.

We use this data to create a unified marketing vision of individuals. This allows us in particular to link cookies from different devices and MAIDs to one individual to avoid duplicating adverts. This allows our clients to improve the effectiveness of their marketing campaigns.

In order to do this, we apply an irreversible encryption process to that data and create a pseudonymous ID. We then match these IDs with the information we have collected about you through our cookies.

In this way, LiveRamp only uses de-identified and pseudonymised data in its services and products.

When we find matches, we link our client’s data to our cookies and MAIDs to allow them to target you in the digital advertising landscape based on your consumer profile. In this way advertisers can offer you adverts that is in line with your purchasing habits. We may also link our clients’ company-related data to our IP addresses to enable them to provide marketing segments to B2B advertisers.

These consumer profiles are not created based on your navigation history but on the information collected by our clients and partners in compliance with the GDPR (the European regulation on data protection) and our own internal policy.

Purpose and lawfulness of the processing

LiveRamp and its clients process personal data to:

• connect and link your data to other marketing and advertising databases and platforms
• enable our clients to offer you relevant online marketing communications
• to market our products and services
• develop and test new products
• improve clients’ customer relations

We drop cookies and collect and process MAIDs on the basis of consent, in accordance with applicable law. LiveRamp processes all other personal data on the basis of legitimate interest.

Retention Period

LiveRamp only uses de-identified and pseudonymised personal data. We retain this data for the length of time necessary for the creation of digital matches and for the provision of our services and products, in accordance with applicable law.

3. Your consent

When you navigate our partner websites or mobile applications or when you open one of their emails, a notice should appear informing you of the drop of cookies and your options relating to them. This notice should also include a link towards more substantive privacy page. This page should specifically mention third party cookies and include a link towards LiveRamp’s cookie policy.

For more information about our opt out process, please click here.

You can also refuse cookies by opting out below:

 

4. Transfers

The personal data used in LiveRamp’s products and services may be shared and used by LiveRamp’s companies throughout the world, in accordance with applicable laws. LiveRamp Inc is certified under the Privacy Shield, a self-certification mechanism for US companies that has been recognised by the European Commission as offering an adequate level of protection for personal data transferred by a European entity to one established in the US.

We will only share personal data outside LiveRamp with (a) LiveRamp’s clients and (b) commercial partners that process personal data on our behalf and our clients, and their sub-processors. When we do so, we ensure that appropriate contractual measures have been put in place. These partners may be based in the UK or abroad.

LiveRamp may also share personal data to comply with  statutory provisions or legal proceedings.

5. Individuals’ rights

Individuals may request access to, deletion or correction of their personal data, or restrict, object to or limit the use of their data by writing to us at any time. Alternatively you can email ukprivacy@liveramp.com.

You have the right to complain about LiveRamp’s processing of your personal data by contacting the relevant regulatory authority.

6. Memberships

 

 

 

Changes to our Privacy Policy

LiveRamp reserves the right to update and revise this Privacy Policy from time to time to take into account legislative and other developments. Any changes we may make to our Privacy Policy will be posted on this page and contain an “effective date” reflecting when the last changes occurred.

 

Effective date: May 2018