I. What is the purpose of this policy?
| Summary: On this page you will find information about how LiveRamp processes personal data when providing its services.For any information relating to the use of your personal data during your visit to our website, you can consult the dedicated website privacy policy. |
The LiveRamp group provides its customers with tools to optimise their online marketing activities. As part of these activities, personal data that can directly or indirectly identify individuals are processed.
In the United Kingdom, the LiveRamp group carries out its activities under the responsibility of LiveRamp UK Limited, a company with its registered address at 8 Kean Street, First Floor, London, United Kingdom, WC2B 4AS (“LiveRamp” or “we“). As explained in this policy, depending on the circumstances, we may act as either a controller of personal data or as a processor acting on behalf of our customers.
Specific legal terminology used in this policy, such as “personal data”, “controller” and “processor”, shall have the same meaning as set out in the UK General Data Protection Regulation (“UK GDPR“).
Who are our “Data Partners” mentioned in this policy? Our Data Partners are third parties which provide datasets to us which we incorporate into our internal data repositories and which support the provision of our services to our customers. You can consult our current list of our Data Partners.
Who are our “customers” mentioned in this policy? Our customers are advertisers operating in sectors such as retail, automotive, telecommunications and insurance, which subscribe to or otherwise use our products and services. It also includes publishers which deploy LiveRamp technologies (including our “Authenticated Traffic Solution” (ATS)) on their sites to support their advertising related activities.
II. In which cases does LiveRamp process your personal data?
| Summary:
In the course of providing our services, LiveRamp processes personal data it obtains from its customers. We process that personal data on behalf of those customers as their processor. In order to provide certain aspects of our services more effectively LiveRamp also uses its own internal database which we process as a controller. More specifically:
Further information regarding this processing is set out in section III (B) below. |
A. LiveRamp, as a processor, processes personal data on behalf of its customers who perform advertising analytics and targeting, monetize their data and manage cookie consents on their websites
What processing does LiveRamp carry out as a personal data processor? As stated above, LiveRamp acts as a processor on behalf of its customers when it obtains their personal data, pseudonymises it and enables synchronisation with third party advertising platforms.
What are the purposes pursued by LiveRamp’s customers as data controllers? As controllers, our customers may have a range of purposes for using our technologies and LiveRamp plays no role in determining such purposes. However, by way of illustrative example only, our customers purposes may include the following:
- To customise the online advertising displayed to you by their advertising partners.
- To measure and analyse the effectiveness of their advertising campaigns.
- To optimise their marketing operations by identifying the most relevant channels for sending you advertising (websites, mobile applications, emails or SMS), while limiting the amount of advertising received.
- To model audience segments to which our customers can promote their products and services.
- To monetise their audience segments for ad targeting or for campaign performance measurement purposes.
- To undertake market performance analysis of advertising campaigns and appoint us to carry out this analysis.
B. As a data processor, LiveRamp processes your personal data when publishers use LiveRamp’s ATS
We also act as a processor on behalf of our ATS publishers. ATS enables publishers to convert email addresses or mobile phone numbers of their own users into secure, pseudonymous identifiers which they can then use for advertising related purposes.
Our ATS publishers only share pseudonymous data with us (your e-mail address in hashed form), which does not allow you to be directly identified and which we delete immediately after creating a corresponding technical and pseudonymous identifier. Such processing is carried out to enable our ATS publishers to customise the content and advertisements offered to you according to your interests, throughout your online experience (web, emails, mobile apps, connected objects, etc.).
III. When LiveRamp is the data controller, what personal data are processed, on what legal basis and for how long are the data retained?
The table below summarises the personal data LiveRamp processes as a controller, the legal basis for processing, the purpose for processing and the applicable retention periods. Further detail follows the table.
| Category of data (details) | Legal basis (details) | Retention period (details) | Purpose of processing |
|---|---|---|---|
| Contact data (name, postal address, email address, gender, date of birth, telephone numbers) | Legitimate interest | 2 years from our last interaction with the data concerned | Link various data and different devices relating to the same individual |
| Pseudonymous identifiers derived from the contact data | Legitimate interest | 12 months after the pseudonymous identifiers generation | Enable synchronisation of data across different advertising platforms |
| Data you provide to us in connection with the exercise of your rights | Compliance with a legal obligation | Period needed to manage and comply with your request. After management of your request, your data will be retained for an additional period (6 years following the last interaction) of time necessary to comply with our legal or regulatory obligations and the exercise of our legal rights | Processing your request to exercise your rights |
LiveRamp does not knowingly collect any “special categories of personal data” (i.e., information about your race, ethnicity, religious or philosophical beliefs, sexual orientation, sex life, political opinions, health, trade union membership, or genetic/biometric data), or any personal data about children under the age of 13.
A. Categories of personal data processed by LiveRamp
Contact data: We collect the following directly identifying data (“Directly Identifying Data”): surnames, first names, dates of birth, postal addresses, email addresses and telephone numbers. This data is collected through our Data Partners which obtain information directly from individuals when, for example, they purchase goods or subscribe to a service,. Furthermore, like many companies, we use information obtained from public sources such as the Electoral Roll.
We pseudonymise this contact data (“Indirectly Identifying Data”) to be used as part of our recognition and synchronisation solutions to link the various data and different devices relating to the same individual which are provided to us by our customers. This enables LiveRamp’s customers to target selected consumer audiences across different advertising platforms.
Data that you send us in connection with the exercise of your rights: In the context of exercising your rights (right to object or access your personal data, for example), we may ask you for certain personal data such as your surname, first name, postal address, email address as well as, for the sole right of access, a proof of your identity. We will only use this proof of identity to process your access request and it will be deleted once we have established your identity. If you choose not to provide us with this data, we may not be able to respond to your request to exercise your rights.
The legal basis for our activities for which we are a controller are:
- Legitimate interest
The personal data processing we carry out is based on legitimate interest because it is essential to operate our recognition and synchronisation solutions and thus honour the agreements concluded with our customers and their various advertising environments and enable our advertising customers to promote their products and services. We only rely on this legal basis in cases where the above mentioned interests are not overridden by your interests, fundamental rights and freedoms, on the basis of a careful balance of interests test. You may contact our Data Protection Officer to obtain further details in that respect.
This processing also enables consumers to see advertisements and content more suited to their interests when browsing, and to rationalise the amount of advertising received. Finally, this processing contributes to the web ecosystem in general because the additional revenues generated by this customisation make it possible to maintain free access to the content of many websites.
- Compliance with a legal obligation
We have a legal obligation to use or keep your personal data when we process your request to exercise your rights.
C. Retention periods for your personal data
The personal data that we process as a controller are retained for as long as is necessary for the provision of our products and services. We automatically refresh Contact Data based on the updated data provided by our Data Partners. This process involves the removal of unusable data by application of the Data Partner’s retention period and any opt out or erasure request. In any event, we automatically delete directly identifying personal data that have remained inactive for 2 years. At the end of our contract with the related Data Partner, we permanently delete the data they have provided.
As part of the exercise of your rights, we retain a strict minimum of data allowing us, where applicable, to establish, exercise and defend our rights in court.
V. With whom may we share your data?
We may share the Indirectly Identifying Data we use with various advertising environments, solely for the purpose of enabling us to synchronise with them so that our customers own data may be used to target advertisements to consumer audiences within those third party platforms. We may also share Indirectly Identifying Data with some of those various advertising environments to give effect to opt-outs we may receive.
We may also disclose data to a competent authority or court, but only if permitted or if required by law.
LiveRamp is a multinational company, which means that as part of our services we may transfer the data we collect to other entities in our group. We also use the services of certain service providers who help us operate our information systems.
We reserve the right to disclose data to third parties in case we (consider to) sell or transfer all or part of our business activities or assets to a third party, to the extent permitted by law.
Some of these recipients are located in countries outside the UK:
- which have been recognised by the UK as offering the same level of data protection as countries in the UK; or
- that have not been the subject of an adequacy decision. In this case, we use appropriate safeguards, in particular the International Data Transfer Agreement (“IDTA”) that are designed to ensure that personal data processed abroad are afforded an essentially equivalent protection as in the UK. To receive any further information on the suitable safeguards, please contact our Data Protection Officer.
VI. What are your rights?
|
Summary: In accordance with the UK GDPR, you have the right to request access, rectification, erasure and portability transfer of your data, and the right to limit and request the restriction of and to object to its processing. To exercise these rights, please visit our dedicated page “Your Personal Data, Your Rights. |
As a natural person whose personal data is processed, you have certain rights which are summarised below. Not all of these rights are absolute and we may have lawful grounds to refuse your request to exercise your rights, depending on the circumstances as set out in the applicable data protection legislation.
Right of access
You have the right to obtain confirmation as to whether or not your personal data is processed and, if so, you have the right to request access to such personal data, including, but not limited to, information about the categories of personal data concerned, the purposes of the processing and the recipients or categories of recipients. In any case, we must take into account the rights and freedoms of others, so this right is not absolute. If you request more than one copy of the personal data processed, we may charge a reasonable fee, taking into account the administrative costs.
Right to rectification
You have the right to ask us to rectify incorrect personal data relating to you. Depending on the purpose of processing, you also have the right to request that incomplete personal data be completed, including by means of an additional statement.
Right to erasure (“Right to be forgotten”)
In certain circumstances, as defined by the applicable data protection legislation, you have the right to request the deletion of the personal data relating to you.
Right to restriction of processing
In certain circumstances, as defined by the applicable data protection legislation, you have the right to request the restriction of the processing of your personal data. In this case, your personal data, with the exception of storage, may only be processed with your consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest.
Right to data portability
In certain circumstances as defined in the applicable data protection legislation, you have the right to receive personal data provided by you to us and relating to you in a structured, commonly used and machine-readable format, and you may also have the right to transfer such personal data to another controller or to request us to transfer such data directly to another controller to the extent this is technically possible.
Right to object
In certain circumstances, as defined by the applicable data protection legislation, you have the right to object at any time, for reasons relating to your specific situation, to the processing of your personal data by us, and we may be required to stop the processing of your personal data, unless we demonstrate that there are legitimate and compelling reasons for the processing which prevail on your interests and rights and freedoms, or for the establishment, exercise or defence of legal claims. This applies in particular when the processing of your personal data is based on our legitimate interests.
Right to withdraw consent
In case you have given your consent for the processing of personal data as described in this Privacy Notice, you can revoke this consent at any time with effect for the future. Such withdrawal does not affect the lawfulness of the processing that took place prior to the withdrawal of consent.
LiveRamp has signed the EDAA charter and participates in the “Your Online Choices” programme which enables consumers to learn how targeted advertising has been offered to them and to choose whether they want to continue receiving such offers.
LiveRamp also participates in the “transparency and consent framework” of IAB Europe (TCF) and complies with its specifications and policies, this without prejudice to the further compliance safeguards and measures implemented by LiveRamp for a lawful, fair and transparent processing, as described herein. The identification number of our company within the framework is 97.
VI. Data Security
LiveRamp takes the protection of your data seriously, and we have implemented appropriate technical, organisational, and physical measures to prevent your personal data from being accidentally lost, altered, disclosed, or used or accessed in an unauthorised way. In addition, we limit internal access to your personal data to our employees, agents, contractors, and other third parties who have a legitimate business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
VII. Other information
Click here to contact the Data Protection Officer of LiveRamp.
If you wish to complain about how LiveRamp processes your personal data you may do so by contacting the Information Commissioner’s Office (ico.org.uk).
Changes to our privacy policy: LiveRamp reserves the right to update and revise this policy to reflect any regulatory changes or changes to our services. Any changes we may make to our privacy policy will be posted on this page, which displays the date of the last update.
Updated: September 2025