I. What is the purpose of this policy?
On this page you will find information about how LiveRamp processes personal data when providing its services.
The LiveRamp group provides its customers with tools to optimise their online marketing activities. As part of these activities, personal data that can directly or indirectly identify individuals are collected and processed.
In the United Kingdom, the LiveRamp group carries out its activities under the responsibility of LiveRamp UK Limited, a company with its registered address at 8 Kean Street, First Floor, London, United Kingdom, WC2B 4AS (“LiveRamp” or “we“). As explained in this policy, depending on the circumstances, we may act as either a controller of personal data or as a processor acting on behalf of our customers.
This policy provides information about how your personal data is processed when we provide our services. This information is provided as part of a transparency process, to help you understand our processing activities, which are usually carried out in collaboration with our customers and other partners from which we collect personal data. To this end, to supplement the information provided in this policy, please consult the privacy policies of the partners concerned.
Specific legal terminology used in this policy, such as “personal data”, “controller” and “processor”, shall have the same meaning as set out in the UK General Data Protection Regulation (“UK GDPR“).
Who are our “partners” mentioned in this policy? In providing our services we interact with, and in some cases share and receive data from, various partners who are organisations involved in the delivery of online advertising. We use different terminology depending on the type of partner, as explained below:
- “Match, OIDL & ATS Partners” – these are publishers of websites and mobile applications who use LiveRamp’s services to collect personal data from visitors to those sites and applications.
- “Offline Partners” – these are commercial data providers from whom LiveRamp obtains personal data used to build its offline data repositories. These data repositories enable LiveRamp to link personal data for the purpose of providing our services to our customers.
- “Sync Partners” – these are other advertising technology platforms with whom LiveRamp will synchronise user identifiers. These enable our customers to more effectively target online advertising.
Who are our “customers” mentioned in this policy? Our customers are advertisers operating in sectors such as retail, automotive, telecommunications and insurance. LiveRamp provides various services to our customers to enable them to undertake more effective online advertising.
II. In which cases does LiveRamp process your personal data?
LiveRamp processes your personal data in various data repositories. The data held in these repositories is sourced from commercial data providers with whom you have interacted, publicly available sources and from website and mobile application providers which embed LiveRamp technologies.
LiveRamp uses the data held in its data repositories to establish links between the data provided to us by our customers and data concerning the users of other websites and applications. By making these links LiveRamp enables its customers to more effectively target advertising to the users it is trying to reach across different advertising technology platforms. LiveRamp is a controller of the data held in its data repositories, which it uses to facilitate its linking process. This data is not shared with our customers. However, certain online identifiers which are created as a result of the linking process are shared with customers and advertising platforms to facilitate online advertising.
Separately, LiveRamp’s advertiser customers provide us with their own datasets (for example, lists of their existing customers). LiveRamp is a processor of the data provided to it by its customers, which is then linked by LiveRamp. This means we process such data on behalf of our customers and in accordance with their instructions.In some cases LiveRamp is also a joint controller with its customers (see further detail below).
To provide its services, LiveRamp, as the data controller, builds offline and online data repositories of your personal data. The “offline” repository, a database of directly identifying data, and the “online” repository, a database which does not contain directly identifying data (e.g. names) but which includes online user identifiers, are used to enable LiveRamp to provide its services to customers.
The purpose of this processing is to enable LiveRamp to link various data and different devices relating to the same individual via recognition, pseudonymisation and synchronisation technologies, to enable our customers to pursue their own objectives and purposes with regards to measurement, analysis, online and TV targeted advertising.
* Recognition, to link an individual’s personal data collected from potentially various sources or in different formats or structures.
* Pseudonymisation, to ensure maximum confidentiality and security while processing personal data.
* Synchronisation, to link different advertising environments.
You have various rights in relation to our processing of your personal data (e.g. to obtain copies of it and to object to our processing). These rights are not absolute. Further information is provided below. LiveRamp processes your personal data for the purpose of processing your request to exercise your rights.
II.A. LiveRamp processes personal data as a controller to provide solutions based on recognition, pseudonymisation and synchronisation (our purposes)
What is the context? Our business is primarily to develop and provide solutions to advertising customers to enable them to improve their marketing activities. To deliver targeted advertising to selected consumers, our customers want to be able to find their own customers and users in different advertising environments.
To enable our customers to find their clients in different advertising environments, LiveRamp’s solutions are based on “recognition“, “pseudonymisation” and “synchronisation” technologies that link various data (collected “online” or “offline”) and different devices (e.g. phone, computer and tablet) relating to the same individual, and use this to enable our customers to analyse, measure and target across different data management and advertising environments.
What processing does LiveRamp perform as controller? To perform this data link and synchronisation, we have developed data repositories, of which we are the controller. Most of the data contained in our repositories is collected indirectly from our partners via online collection forms (e.g. when individuals complete an online survey) or when otherwise subscribing to our partners’ services. We also use public and free-to-use data registers.
No data from the LiveRamp data repositories is ever shared with our customers. Instead, LiveRamp uses the data repositories to link our customers’ own data about its users so as to enable them to more effectively carry out advertising activities.
We follow a specific process in relation to our data repositories consisting of translating directly identifying information, for example surnames, first names, email and postal addresses, into pseudonymous identifiers. To pseudonymise data, we apply technical and organisational processes aimed at removing any element that directly identifies a person. Pseudonymous data remains personal data protected by personal data protection regulations, but it provides a better level of confidentiality.
When does synchronisation take place? It is only after this pseudonymisation process that we synchronise the pseudonymous identifiers with those of the various advertising environments that operate the campaigns of our common customers. We then share this single list of pseudonymous and synchronised identifiers, and no other information, with advertising platforms to enable them to carry out online advertising campaigns for selected consumers.
II.B. LiveRamp, as a processor, processes personal data on behalf of its customers who perform advertising analytics and targeting, monetise their data and manage cookie consents on their websites
What processing does LiveRamp carry out as a processor? In addition to the data held in our data repositories (for which we are a controller as described above), our customers will also provide us with their own datasets over which we will run linking processes to better enable them to analyse, measure and target those individuals. We process such customer data as a processor acting on behalf of our customers and in accordance with their instructions.
On receipt of our customers personal data sets we firstly pseudonymise the data by removing directly identifying information and replacing it with alternative identifiers. Once our customers’ personal data is pseudonymised, it is made available in their advertising environments for their own purposes.
What are the purposes pursued by LiveRamp’s customers as data controllers? Our customers may have a range of purposes for which they use the personal data processed in connection with our services, and you should review our customers’ privacy policies for full information. Generally, the purposes pursued by our customers, for which we act as a processor, may be broadly categorised as follows:
- To customise the online advertising displayed to you by their advertising partners. For example, if you have visited a clothing website and viewed the “sportswear” pages, you may then see advertisements for sportswear on other websites. This is because a cookie was placed on your device, subject to your consent, and associated you with our customer’s list of consumers interested in sportswear, which is then used by our customer through our services.
- To measure and analyse the effectiveness of their advertising campaigns. For example, a sportswear company wants to better understand whether advertisements for a new sportswear line have contributed to increased sales. Our services can be used by this company to measure this impact.
- To optimise their marketing operations by identifying the most relevant channels for sending you advertising (websites, mobile applications, emails or SMS), while limiting the amount of advertising received. For example, they may send you an email reminding you of the promotions available on the website of the brand of which you are a customer or avoid sending you the same advertisement several times on your various devices (computers, tablets or phones), to limit the amount of advertising you receive.
- To model audience segments to which our customers can promote their products and services. For example, a brand is launching its new clothing range. It may use our services to analyse and enhance its knowledge of the socio-demographic or behavioural characteristics of its existing customers. It will be able to select other consumers with the same characteristics in order to send them advertisements and find new customers.
- To monetise their audience segments for ad targeting or for campaign performance measurement purposes. Some of our customers may make available their audience segments based on demographic and behavioural data for ad targeting purposes. They can thus send us data such as contact data (e.g. an email address) and/or digital identifiers (e.g. a cookie identifier) associated with marketing segments. Our role is to pseudonymise them (i.e. remove all directly identifying information) and make them available within the “LiveRamp Marketplace”, a platform through which the datasets can be accessed and used by our customers’ advertising environments in a selective, secure and pseudonymous manner.
Other customers may market performance analysis of advertising campaigns and appoint us to carry out this analysis. To do this, they send us their transactional data (e.g. purchases made from a brand) or their online or television advertising exposure data, in order to carry out this analysis on behalf of advertisers. Our role is to compare the populations exposed to an advertising campaign with those who bought the product related to this campaign, in order to produce a report presenting the conclusions relating to performance on an aggregate basis.
II.C. LiveRamp, as a processor, may also process your personal data when its customers use its preference management solution
LiveRamp also provides a Consent Management Platform (CMP) solution to its customers.
Our customers, website publishers and mobile applications, use the choices you have made in connection with the CMP solution we operate for them as a processor.
As part of the consent management platform that we make available to our customers, website publishers and mobile applications, we collect information relating to the choices that you have expressed via this platform, as well as technical information such as the type and version of your browser, your operating system and your device, the domain or name of the app that you have viewed, as well as a timestamp. This data is only used to manage your preferences on behalf of our customers and is not cross-referenced with other data we process elsewhere.
They may, however, be used to test and improve the CMP on behalf of our customers, as well as to fulfil our customers’ legal obligations and to enable you to exercise your rights.
II.D. LiveRamp may also process data as a joint data controller
Our online data repository is created jointly with our parent company LiveRamp Inc located at 225 Bush Street – 17th floor – San Francisco – CA 94104 – USA, in accordance with the conditions for processing your data described in this policy. LiveRamp UK Limited is jointly responsible with LiveRamp Inc for all the applicable obligations and responsibilities in this purpose.
We are also joint data controllers along with our ATS Partners (who use LiveRamp’s technology to recognise online users across various sites and applications for the purpose of targeted advertising). This means that together we determine how and why your data are used. In this case, you are informed by our ATS Partners with whom you are in direct contact when such processing is initiated (e.g. through consent wording used on their websites and applications). Our ATS Partners only share pseudonymous data with us, such as your e-mail address (in hashed form), which does not allow you to be directly identified and which we delete immediately after creating a corresponding technical and pseudonymous identifier. Such processing is carried out to enable our ATS Partners to customise the content and advertisements offered to you according to your interests, throughout your online experience (web, emails, mobile apps, connected objects, etc.). Click here to access the distribution of obligations and responsibilities between ATS Partners and LiveRamp.
III. Categories of personal data processed by LiveRamp
LiveRamp does not collect any “special categories of personal data” (i.e., information about your race, ethnicity, religious or philosophical beliefs, sexual orientation, sex life, political opinions, health, trade union membership, or genetic/biometric data), or any personal data about children under the age of 13.
III.A. Directly identifying personal data
Directly identifying personal data: We collect the following directly identifying data: surnames, first names, dates of birth, postal addresses, email addresses and telephone numbers. This data is collected through our trusted partners (“Offline Partners”) who obtain information declared voluntarily by individuals through questionnaires when purchasing goods or subscribing to a service, for example. Furthermore, like many companies, we use information obtained from public sources such as the Electoral Roll.
Data that you send us in connection with the exercise of your rights: In the context of exercising your rights (right to object or access your personal data, for example), we may ask you for certain personal data such as your surname, first name, postal address, email address as well as, for the sole right of access, a proof of your identity. We will only use this proof of identity to process your access request and it will be deleted once we have established your identity. If you choose not to provide us with this data, we may not be able to respond to your request to exercise your rights.
Cookies, pixels and associated data: when you use certain websites and mobile applications of our Match Partners, or when opening an email sent by a Match Partner you have authorised, we read and store cookies and pixels and collect data such as identifiers linked to your devices (cookie identifiers, mobile advertising identifiers, etc.), as well as hashed email addresses and associated data (IP address, user agent, timestamp, URL or app name, etc.). The hashed email address collected is immediately pseudonymised using our technical processes and we do not retain any directly identifying data in the context of our cookies and pixels. This data is used as part of our recognition and synchronisation solutions to link the various data and different devices (e.g. phone, computer and tablet) relating to the same individual, which our customers can target in different advertising environments to send you advertisements tailored to your consumer profile.
You can also refuse our cookies by clicking here.
Your choice not to subscribe is cookie-based. For it to work on your device, your browser must be configured to accept third-party cookies. If you use a new device or browser, or delete your cookies, you may need to unsubscribe again.
Pseudonymous identifiers generated in the context of ATS: these identifiers are generated on the basis of the hashed email addresses sent by our ATS partners.
IV. When LiveRamp is the controller, what is its legal basis for processing and for how long are the data retained?
For maximum clarity, we have chosen to present to you the information concerning the categories of personal data processed, and the legal basis for the processing and the data retention periods in the form of a table, with details provided thereafter.
|Category of data (details)
|Legal basis (details)
|Retention period (details)
|Purpose of processing
|Directly identifying personal data
|2 years from our last interaction with the data
|Link various data and different devices relating to the same individual via recognition (details)
|Cookie, pixel data and associated data
|Cookies: 12 months
Mobile IDs: 240 days
Associated data: 12 months
|Pseudonymous identifiers generated in the context of ATS
|We do not store these pseudonymous identifiers
|Data you provide to us in connection with the exercise of your rights
|Period needed to manage and comply with your request.
Your data will be retained for an additional period of time necessary to comply with our legal or regulatory obligations and the exercise of our legal rights
|Processing your request to exercise your rights
IV.A. Legal basis of processing
We process your personal data as a controller for the purposes outlined under Section II above. These activities for which we are controller are based on the following:
Legitimate interest: The personal data processing we carry out is based on legitimate interest because it is essential to operate our customer solutions and thus honour the agreements concluded with our customers and partners and enable our advertising customers to promote their products and services. We only rely on this legal basis in cases where the above mentioned interests are not overridden by your interests, fundamental rights and freedoms, on the basis of a careful balance of interests test. You may contact our Data Protection Officer to obtain further details in that respect.
This processing also enables consumers to see advertisements and content more suited to their interests when browsing, and to rationalise the amount of advertising received. Finally, this processing contributes to the web ecosystem in general because the additional revenues generated by this customisation make it possible to maintain free access to the content of many websites.
Consent: The processing of personal data associated with cookies and pixels, and hashed emails collected through ATS is based on the consent that we collect in accordance with the regulations applicable to “cookies and other trackers”. Regarding the storing of our cookies, we also comply with the industry standards established by IAB Europe (TCF) and/or the EDAA where applicable and without prejudice to the further compliance safeguards and measures implemented by LiveRamp for a lawful, fair and transparent processing. You can withdraw your consent regarding your data and LiveRamp cookies at any time via our page “Your Personal Data, Your Rights”.
Compliance with a legal obligation: We have a legal obligation to use or keep your personal data when we process your request to exercise your rights.
IV.B. Retention periods for your personal data
The personal data that we process as a controller are retained for as long as is necessary for the provision of our services. We automatically refresh directly identifiable personal data based on the updated data provided by our Offline Partners. This process involves the removal of unusable data by application of the Offline Partner’s retention period and any opt out or erasure request. At the end of our contract with the related Offline Partner, we permanently delete the data they have provided. In any event, we automatically delete directly identifying personal data that have remained inactive for 2 years.
We store our cookie identifiers in our databases for 12 months but no longer use our cookies that have remained inactive for 90 days. We store mobile identifiers for 240 days after their entry into our databases. We store the data associated with our cookies separately and for a maximum of 12 months.
Pseudonymous identifiers generated as part of ATS are not stored in our databases.
As part of the exercise of your rights, we retain a strict minimum of data allowing us, where applicable, to establish, exercise and defend our rights in court.
V. With whom may we share your data?
We may share the pseudonymous data or identifiers we use with various advertising environments when you have provided consent for this (Sync Partners, Match, OIDL and ATS Partners), solely for the purpose of enabling us to synchronise with them, each acting as a data controller. We may also share with some of those partners pseudonymous identifiers to give effect to your consent withdrawals or opt-out.
We may also disclose data to a competent authority or court, but only if permitted or if required by law.
LiveRamp is a multinational company, which means that as part of our services we may transfer the data we collect to other entities in our group. We also use the services of certain service providers who help us operate our information systems.
We reserve the right to disclose data to third parties in case we (consider to) sell or transfer all or part of our business activities or assets to a third party, to the extent permitted by law.
Some of these recipients are located in countries outside the UK:
1/ which have been recognised by the UK as offering the same level of data protection as countries in the UK; or
2/ that have not been the subject of an adequacy decision. In this case, we use appropriate safeguards, in particular the International Data Transfer Agreement (“IDTA”) that gives personal data processed abroad an essentially equivalent protection as in the UK. To receive any further information on the suitable safeguards, please contact our Data Protection Officer.
VI. What are your rights?
In accordance with the UK GDPR, you have the right to request access, rectification, erasure and portability transfer of your data, and the right to limit and request the restriction of and to object to its processing.
You have the right to withdraw your consent at any time where the processing of personal data is based on your consent, it being noted that it does not affect the lawfulness of the processing operations carried out based on your consent prior to its withdrawal.
To exercise these rights, please visit our dedicated page “Your Personal Data, Your Rights”.
As a natural person whose personal data is processed, you have certain rights which are summarised below. Not all of these rights are absolute and we may have lawful grounds to refuse your request to exercise your rights, depending on the circumstances as set out in the applicable data protection legislation.
Right of access
You have the right to obtain confirmation as to whether or not your personal data is processed and, if so, you have the right to request access to such personal data, including, but not limited to, information about the categories of personal data concerned, the purposes of the processing and the recipients or categories of recipients. In any case, we must take into account the rights and freedoms of others, so this right is not absolute. If you request more than one copy of the personal data processed, we may charge a reasonable fee, taking into account the administrative costs.
Right to rectification
You have the right to ask us to rectify incorrect personal data relating to you. Depending on the purpose of processing, you also have the right to request that incomplete personal data be completed, including by means of an additional statement.
Right to erasure (“Right to be forgotten”)
In certain circumstances, as defined by the applicable data protection legislation, you have the right to request the deletion of the personal data relating to you.
Right to restriction of processing
In certain circumstances, as defined by the applicable data protection legislation, you have the right to request the restriction of the processing of your personal data. In this case, your personal data, with the exception of storage, may only be processed with your consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest.
Right to data portability
In certain circumstances as defined in the applicable data protection legislation, you have the right to receive personal data provided by you to us and relating to you in a structured, commonly used and machine-readable format, and you may also have the right to transfer such personal data to another controller or to request us to transfer such data directly to another controller to the extent this is technically possible.
Right to object
In certain circumstances, as defined by the applicable data protection legislation, you have the right to object at any time, for reasons relating to your specific situation, to the processing of your personal data by us, and we may be required to stop the processing of your personal data, unless we demonstrate that there are legitimate and compelling reasons for the processing which prevail on your interests and rights and freedoms, or for the establishment, exercise or defence of legal claims. This applies in particular when the processing of your personal data is based on our legitimate interests.
Right to withdraw consent
In case you have given your consent for the processing of personal data as described in this Privacy Notice, you can revoke this consent at any time with effect for the future. Such withdrawal does not affect the lawfulness of the processing that took place prior to the withdrawal of consent.
LiveRamp has signed the EDAA charter and participates in the “Your Online Choices” programme which enables consumers to learn how targeted advertising has been offered to them and to choose whether they want to continue receiving such offers.
LiveRamp also participates in the “transparency and consent framework” of IAB Europe (TCF) and complies with its specifications and policies, this without prejudice to the further compliance safeguards and measures implemented by LiveRamp for a lawful, fair and transparent processing, as described herein. The identification number of our company within the framework is 97.
VI. Data Security
LiveRamp takes the protection of your data seriously, and we have implemented appropriate technical, organisational, and physical measures to prevent your personal data from being accidentally lost, altered, disclosed, or used or accessed in an unauthorised way. In addition, we limit internal access to your personal data to our employees, agents, contractors, and other third parties who have a legitimate business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
VII. Other information
Click here to contact the Data Protection Officer of LiveRamp.
If you wish to complain about how LiveRamp processes your personal data you may do so by contacting the Information Commissioner’s Office (ico.org.uk).
Updated: January 2024