- We collect personal data from a variety of external offline and online data sources (‘Database Providers’) for the purpose of creating and maintaining our internal databases (the ‘Databases’), which we use for identity matching and recognition carried out on behalf of our clients (for additional information, see Section 3 (Purposes For Which LiveRamp May Use Your Personal Data) below).
- For our offline Database, the offline Database Providers may have obtained your personal data because you provided it to them directly (such as by completing a lifestyle survey), because you bought goods from that company or its providers, or because you subscribed to services provided by that company or its own providers.
- For our online Database, we maintain a network of online Database Provider sources (‘Online Providers’) who provide us with personal data collected from their customers and authenticated users when they visit the Online Providers’ websites and mobile apps. This includes hashed email addresses, in addition to cookie data, mobile IDs, IP addresses and other online identifiers.
Where we collect personal data from Database Providers, and hold it in the Database, we are a data controller.
Matching Services and Client Data
Some of our clients provide us with certain offline personal data (for example, names and contact details of all or a set of their current customers), which we match and link on their behalf to the data held in our Databases. This allows us to find online audiences for those clients that are based on their offline data, in order to allow those clients to deliver targeted advertising to the individuals in those online audiences.
We also receive datasets from additional third parties who hold their customers’ personal data (‘Data Store Sellers’), match this to online identifiers using our Databases, and then make the resulting online marketing audience available on our ‘Data Store’ to our clients who wish to carry out marketing (‘Data Store Buyers’).
We also assist our clients in distributing the matched online data and audiences to third parties (‘Distribution Partners’) who use it in the delivery of our clients’ online targeted advertising.
Where we undertake this matching process and make third-party data available on our Data Store, we act as a data processor on behalf of those Data Store Buyers or Data Store Sellers (as applicable).
- Third-party websites, plug-ins, and apps linked to from this website.
2. Personal Data LiveRamp Collects And/Or Otherwise Processes About You
We may hold the following categories of your personal data:.
- Offline information about you that originates from our Database Providers, Data Store Sellers, and our clients. This may include companies who have a direct relationship with you, such as brick-and-mortar retail and grocery stores (including their loyalty card programs), payment card brands, catalog orders, and consumer surveys. Offline information may also originate from third parties who may not have a direct relationship with you but collect offline information from their own offline sources.
- Online information about you originates from our Online Providers and includes the use of automated technologies that collect online information automatically (such as through cookies and/or similar technologies like pixel tags and device identifiers) that are activated when, for example, you visit or interact on websites operated by Online Providers, or by opening emails from Online Providers. Online information may also originate from information you choose to manually provide to Online Providers (such as when you fill out an online form). We may also process online information from third parties who may not have a direct relationship with you but who collect information using cookies or similar automated technologies as you browse the internet and interact with websites. In some cases we may process this data on behalf of those parties. For the services we offer for which we license this data, we act as the controller. Automated technologies may also allow the collection of Technical Data (described below) about your equipment and your browsing activities and patterns.
Both the offline information and online information that we collect or process can be categorised into various sub-types of data, and could include:
- Identity Data, such as first name, maiden name, last name, username (or similar identifier), marital status, title, date of birth, and gender;
- Contact Data, such as postal address, email address, and telephone number;
- Unique Identifiers and Associated Data, such as the online and offline IDs that we create or collect, including IDs that we use internally only for database matching and identity recognition purposes and IDs that we share with our clients and providers, as well as Technical Data associated with the IDs;
- Transaction Data, such as details received from our clients about products and services you have purchased or ordered, as well as information related to payments made to and by you;
- Technical Data, such as internet protocol address (commonly known as your ‘IP address’), your log-in data, web browser type and version used, time zone setting and country, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access websites;
- Usage Data, such as information about how you use websites and their products and services.
LiveRamp does not collect any ‘special categories of personal data’ (i.e., information about your race, ethnicity, religious or philosophical beliefs, sexual orientation, sex life, political opinions, health, trade union membership, or genetic/biometric data) or any personal information about children under the age of 13.
3. Purposes For Which LiveRamp May Use Your Personal Data
The primary purposes for which LiveRamp will use your personal data is to allow us to create and provide solutions to our clients and providers to be used for recognition and online targeted advertising.
Recognition is where we use personal data stored in our Databases for matching and linking data provided to us by our clients. For example, a client would use our services to better serve advertisements to their customers. Such client sends us a file of their customer data, which we then match to our data. We then delete the original client data and produce resulting matches that are pseudonymised (all directly identifiable personal data is removed and replaced with our proprietary identifiers called ‘IdentityLinks’). We exchange this matched IdentityLink data list (the audience) with our Distribution Partners, who then facilitate the sending or display of the client’s advertisements to those consumers. In this scenario, the client is the data controller of their customer data and LiveRamp is a data processor acting on the client’s behalf. We are, however, a data controller of the personal data in our Database(s), which data is used in the matching process.
The recognition process is used to assist our clients with online targeted advertising and measurement of advertising effectiveness. More specifically, we may process information about you:
- For online interest-based advertising displayed to you by our Distribution Partners at the direction of our clients. For example, if you have visited a clothing-related website and browsed through or purchased sports clothing, you may then see advertisements for sports clothing on other websites. This is due to a cookie being placed on your device that has associated you with the advertiser’s audience of consumers interested in sports clothing, which is then used by the advertiser through our services and products.
- For use in the measurement and performance of analytics of the effectiveness of our clients’ advertising campaigns. For example, a sports clothing company wants to better understand if its website advertisements for a new line of sports clothing contributed to an increase in sales. Our services and products can be used by the advertiser to see how many ads were viewed and actually clicked on, and if the consumer purchased any of the advertiser’s sports clothing.
- For enabling our clients and partners to personalise their products and services to you, such as through website and email personalisation or dynamic marketing and advertising optimisation. For example, if you have previously indicated an interest in sports clothing and then visit a sports clothing company’s website, that company can display offers for sports clothing tailored for you on their website.
- For enabling our clients and partners to connect your online behavioural preferences across the various browsers and/or devices you use to more accurately market to you. For example, you are logged into multiple devices (such as your desktop, your smartphone, and your tablet) using the same login and have clicked on a sports clothing company’s online advertisement on at least one of those devices. Where we determine that you are most likely the same user logged in on those different devices, we will communicate that information to the partner. The sports clothing company can thus display more consistent offers to you via automated technologies (such as a de-identified cookie ID) on your different devices.
- For creating modelled audiences to which our clients can market their products and services. For example, a sports clothing company is looking for new potential customers who are likely to be interested in sports clothing. The sports clothing company can use our services and products to look for key characteristics between consumers with similar characteristics that have shown an interest by their online activities in shopping for sports clothing and other consumers with some of the same similar characteristics. A similar interest can be inferred or anticipated based on these similar characteristics, such as from browsing for sports shoes.
- For enabling our clients to associate information they have collected about you with certain identifiers or data made available as part of our products and services to facilitate the delivery of our clients’ marketing and advertisements to you. For example, a sports clothing company has its own lists of names, emails, and/or addresses of customers who have previously purchased sports clothing from them. The sports clothing company wants to reach out to these customers with online advertising for a discount offer on online purchases. The sports clothing company can use our products and services to convert the company’s lists from identified names, emails, and/or addresses to de-identified groups of cookie and device IDs maintained by us.
In addition to the above, we also process personal data for the following additional purposes:
- To analyse, develop, and improve the use, function, and performance of our products and services. For example, we may process personal data for our own research and development purposes in support of our products and services, such as to enhance the quality of our products, to develop new features and support new functions of our services, and for internal statistical analyses of our products’ and services’ performance.
- To manage the security of our sites, networks, and systems, and to operate our business. We may collect usage and systems operations data from our website(s) and/or services platform(s) in order to better manage our operations and/or to help keep our products and services secure (including your information), as well as to investigate and help prevent cyber-attacks or potential fraud, including ad fraud and to detect bots. We may also process personal data in the operation of our day-to-day and overall business, such as when we conduct audits and investigations, as well as for finance, accounting, archiving, and/or insurance purposes.
- To comply with applicable laws and regulations. In some cases, we may process personal information as part of our compliance with applicable laws and regulations, such as in responding to a request from a regulator or to defend a legal claim.
4. LiveRamp’s Legal Grounds For Use Of Your Personal Data
Where We Are a Data Controller
Where LiveRamp processes personal data in our Databases, we do so on the basis that it is in our legitimate interests to do so, as balanced against your rights and freedoms as individuals. For example, as you use the internet you may notice that advertising is served to you that is relevant to your interests or lifestyle. We feel that the balance of interests leans towards benefits generated for you through personalised communications, which is an integral part of the freely available internet content funded through advertising revenue. In support of this approach, we require that our Database Providers (discussed in Section 3 (Purposes For Which LiveRamp May Use Your Personal Data) above) provide us with the information they provided to individuals at the point of collection and information about the circumstances in which they have collected the personal data they provide to us.
Where We Are a Data Processor
You can always object to the use of your data for marketing or for any further use under the grounds of legitimate interests. You can also withdraw your consent at any time. Please refer to Section 5 (Your Choices And Rights Regarding Your Personal Data) below.
5. Your Choices and Rights Regarding Your Personal Data
LiveRamp respects that you have the right to have control over your data, so we provide you with multiple choices for managing that control with us.
- Marketing opt outs
- You can ask us to stop using your personal data for marketing purposes at any time by clicking on this Your Rights page link and utilising the applicable opt-out or other rights request forms found there.
- Where you opt-out of receiving these marketing messages, this will not apply to personal data collected by us as a result of your visiting our website (www.liveramp.uk). In order to exercise your right to opt-out of having your data collected by us through our website, please email us at email@example.com.
- LiveRamp cookies opt outs
- Cookies are small text files that are downloaded onto your computer and/or other devices you use to browse the internet and visit a website. Cookies allow us to recognise your device and gather some information about your preferences and past actions, which is then stored in connection with your cookie. The cookies and associated information are used to provide you with a more tailored experience on webpages, including remembering your previous activities on the website, providing you with tailored content based on your previous interactions on that website, and remembering your log-in information (where you choose to allow that).
- You can change your default browser settings to be notified whenever a new cookie is dropped on your browser, or even to block cookies all together. You can easily opt out of our cookies by clicking on the Your Rights page and choosing the ‘Opt-Out Request’ you want to apply from the drop-down menu.
- Please be aware:
- that this opt-out tool only applies to our use of your personal data in our own products and services used by and for our clients and partners, as well as our own use in the support and provision of our products and services;
- opting out of cookies does not mean that you will stop seeing advertisements on the internet and in emails, but will only prevent the tailoring of the advertising content to you; and
- our name may still appear as part of some cookie extensions that track advertisements that are shown to you, but none of your data will be collected or processed by us.
- Advertising technology industry opt outs
- You may also opt out of our processing of your information for our products and services by using the opt-out tools provided by the following industry groups:
- Mobile opt outs
Please be aware that if you opt out using any of the first three opt-out methods above, you may still temporarily see interest-based advertising from our clients and partners where their advertising campaigns are already underway. You will, however, be opted out of future advertising campaigns from our clients when they use our products and services.
Also, please be aware that the cookie-based opt-out tools above (which excludes MAIDs opt outs for mobile devices) only prevent us from using your personal information for interest-based advertising on the browser on which they are installed. As a result, these opt-out methods only function if your browser is set to accept third-party cookies and may not function where cookies are sometimes automatically disabled or removed (such as in certain mobile devices and operating systems). If you delete cookies, change your browser settings, use a different browser or computer, or use another operating system, you will need to opt out again, since we do not use persistent, unique identifiers to revive your previously opted-out profile or deleted cookie.
If you would like to opt you out of our use of information about you for our products and services but do not want to receive third-party cookies, you can also change your browser settings on your computer or other device you use to connect to the internet. Most browsers also provide functionality that provides you with the ability to opt out of all advertising cookies, including our cookies.
Accessing Information about You
You have the right to request details about the personal data that we process about you as a data controller by visiting our Your Rights page, and choosing ‘Subject Access Request’ from the drop-down menu. Please ensure that you fill out the necessary information accurately in the form provided so that we can promptly and correctly address your request.
When you make a Subject Access Request to LiveRamp, you are entitled to all the information that we may hold on you that we process as a data controller. The information that we provide back to you includes:
- Opt-Out Report, which is a report indicating if you are listed in our existing opt-out list (both for offline and online suppression lists);
- Offline Data, which includes offline identifiers (this means personal data such as your name, address, email, phone) and/or attributes (such as demographic data), depending on what offline data about you we hold; and
- Online Data, such as your MAID and cookie ID(s) that we have associated with you.
Please be aware that we may need you to confirm your identity before fulfilling your request, such as by asking you for a scan of your government-issued ID. We do this to help ensure that we do not provide your information to someone that may not be you.
Requesting Information about You to be Rectified
If you feel that we may have processed personal data about you that is incorrect, or if you wish for us to amend any information about you that we hold that may have changed or is out of date in any way (for example, you now have a different email address than what you believe we have in our system for you), then please visit the Your Rights page and choose ‘Other Privacy Inquiries or Application of Rights’ from the drop-down menu. Please fill out the information you would like us to correct in the ‘Message Us’ box, indicating what information we may have in the system for you and what you would like us to change it to.
Deleting Information about You
You can request that we delete all personal data that we process about you as a data controller by visiting the Your Rights page and choose ‘Other Privacy Inquiries or Application of Rights’ from the drop-down menu. Please fill out the form accurately by providing us with your email address and indicating in the ‘Message Us’ box that you would like to request an erasure.
Please be aware that we may need to ‘suppress’ your details if your objective is to stop your data being used for marketing. Suppression involves retaining just enough information about you to ensure that your preference not to receive marketing is respected in future.
6. LiveRamp’s Disclosures Of Your Personal Data
Providing our products and services sometimes results in the need to disclose personal data to our clients (or their advertising agencies) who are ‘brands’ for their use in marketing and advertising to consumers like you. Some examples of our clients’ industry types that you could expect to use your data include automotive, charity, education, gaming, retail, travel and leisure, financial services (such as retail banking, investments, loans, credit cards, insurance, wills, and funeral plans), health/mobility, home improvements, mail order, market research, publishing and media (including social media), consumer goods (such as cosmetics and food), telecommunications, and utilities.
In the performance and provision of our products and services, we may also disclose personal data to our Distribution Partners, such as online advertising platforms and other marketing companies who send you advertisements at the direction of their own advertising clients.
We do not disclose the personal data stored in our Database to any clients or Distribution Partners other than for initial integration with some Distribution Partners where this is strictly necessary. The only information that is provided to clients is pseudonymised (or ‘de-identified’) IdentityLinks that we create from the underlying data in our Databases.
We may also disclose personal data to our own third-party service providers who support us and our own services and products. We do not allow our third-party service providers to use your personal data for their own purposes, and we only permit them to process your personal data per our instructions for specified purposes in accordance with GDPR.
LiveRamp requires all third parties to whom we distribute your personal data to respect the security of your personal data and to treat it in accordance with the law. We make efforts to ensure that the recipients of your data are reputable entities, including by conducting appropriate checks on them.
Third Parties to Whom We May Choose to Sell, Transfer, or Merge Parts of Our Business or Assets
Please be aware that we may also be required to disclose personal data to comply with legal obligations (such as subject to a subpoena or other legal processes), in order to protect both your and our rights, and to ensure your safety, as also discussed in Section 3 (Purposes For Which LiveRamp May Use Your Personal Data) above. Such instances can include situations where we must respond to government requests, investigate fraud, and even where we respond to public and government authorities outside your country of residence for national security and/or law enforcement purposes.
7. LiveRamp’s International Transfers Of Personal Data
LiveRamp is a global organisation, which means that in the performance of our services we may transfer your data outside the European Economic Area (‘EEA’).
Whenever we transfer your personal data out of the EEA, we require that a degree of protection similar to the protection that we provide ourselves is afforded to your data. We do this by requiring that at least one of the following safeguards is implemented:
- Transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use standard contractual clauses approved by the European Commission that give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the United States, or transfer personal data to our parent company in the United States, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between Europe and the United States. For further details, see European Commission: EU-US Privacy Shield.
Should you have any further questions or require further information on the specific mechanism(s) used by us when transferring your personal data out of the EEA, then please contact us via email at firstname.lastname@example.org.
8. Data Security
LiveRamp takes protection of your data seriously, and we have implemented appropriate technical, organisational, and physical measures to prevent your personal data from being accidentally lost, altered, disclosed, or used or accessed in an unauthorised way. In addition, we limit internal access to your personal data to our employees, agents, contractors, and other third parties who have a legitimate business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
9. Data Retention
How Long LiveRamp Will Use Your Personal Data
We take various factors into consideration to determine the appropriate retention period for your personal data, including:
- the amount, nature, and sensitivity of the personal data;
- the potential risk of harm from unauthorised use or disclosure of your personal data;
- the purpose(s) for which we process your personal data;
- whether we can achieve such purpose(s) through other means; and
- the implications of retaining your personal data on our applicable legal, regulatory, tax, accounting, and/or other necessities and obligations.
Based on these criteria, we store your information for the following retention periods:
- Online information about you may be retained for up to six (6) months or twelve (12) months, depending on the data and the applicable purpose(s) (except for device identifiers which may be retained until necessary for the applicable purposes described in Section 3 (Purposes For Which LiveRamp May Use Your Personal Data) above).
- Offline information collected from Database Providers will be retained while there’s a continuing need to keep it for the applicable purposes described in Section 3 (Purposes For Which LiveRamp May Use Your Personal Data) above. Data that is no longer needed for any purpose will be disposed of.
- Offline information provided by our clients for identity-matching purposes will be matched with our Databases to create a de-identified IdentityLink and then deleted within seven (7) days.
- Personal data relating to exercising your rights as set out in Section 5 (Your Choices And Rights Regarding Your Personal Data) will be retained for record purposes in accordance with applicable law.
- Personal information necessary to preserve your opt-out preferences will be retained indefinitely unless you request erasure as further described in Section 5 (Your Choices And Rights Regarding Your Personal Data) above.
We will not store your personal data for longer than necessary to fulfil the purposes we collected it for or for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may, however, retain your personal data for a longer period as reasonably necessary for us to deal with a complaint or if we reasonably believe that litigation may be likely with respect to our relationship with you or our use or retention of your personal data.
In some circumstances you can ask us to delete your data despite these retention periods. To find out more, click to go to the Your Rights page or read more in Section 5 (Your Choices And Rights Regarding Your Personal Data) above.
10. LiveRamp Contact Details
By email to LiveRamp:
By post to LiveRamp:
- LiveRamp UK Limited, 5th Floor South Bank Central, 5 Hatfields, London, SE1 9PG
By post to our DPO:
- ePrivacy GmbH, Prof. Dr. Christoph Bauer, Große Bleichen 21, 20354 Hamburg
You have the right to make a complaint at any time by contacting the Information Commissioner’s Office (‘ICO’), who is the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to address your concerns directly with you before you approach the ICO and ask that you please contact us first.
- 13th May 2019, updated and revised to more clearly address your rights and our obligations under GDPR.
- July 2019, updated and revised to more clearly identify when we are a data controller and when we are a data processor, and when we rely on legitimate interests.