LiveRamp Service Privacy Policy

 

Welcome to LiveRamp’s Services Privacy Policy. We respect your privacy and are committed to protecting your personal data. This Services Privacy Policy will inform you how we collect and process your personal data in relation to our products and services and how we and our current and prospective clients and/or partners (through their use of our products and services) may use this information to deliver better marketing experiences to you.

This Services Privacy Policy is designed to be easy for you to use, but you can always email us at: ukprivacy@liveramp.com if you have questions. You can also email us at the preceding email address or visit our Your Rights page to exercise your rights under the General Data Protection Regulation (‘GDPR’).

Please be aware that we may update our Services Privacy Policy from time to time at our discretion to ensure legal compliance and to meet our business needs. If we make any important changes to this Services Privacy Policy that may affect you, we will bring this to your attention in a clear and appropriate manner, such as by a pop-up notice upon visiting our website, and will include the date of such updates at the bottom of this page.

You may return directly to the main page of our Privacy Policy at any time by clicking Overview.

1. Extent Of This Services Privacy Policy

This Services Privacy Policy applies to the personal data received or collected by us through various channels. In some cases we will be the ‘data controller’ of your personal data, which means we have primary responsibility for processing it fairly and in accordance with the law, and for responding to your requests in relation to it. In other cases, we will be a ‘data processor,’ which means we process it on behalf of one of our clients or providers and only in accordance with their instructions. Where we are a data processor, our client or provider is primarily responsible for your personal data and for dealing with any requests you make. We set out below the instances where we will process your personal data as a data controller or as a data processor.

LiveRamp Databases

  • We collect personal data from a variety of external offline and online data sources (‘Database Providers’) for the purpose of creating and maintaining our internal databases (the ‘Databases’), which we use for identity matching and recognition carried out on behalf of our clients (for additional information, see Section 3 (Purposes For Which LiveRamp May Use Your Personal Data) below).
  • For our offline Database, the offline Database Providers may have obtained your personal data because you provided it to them directly (such as by completing a lifestyle survey), because you bought goods from that company or its providers, or because you subscribed to services provided by that company or its own providers.
  • For our online Database, we maintain a network of online Database Provider sources (‘Online Providers’) who provide us with personal data collected from their customers and authenticated users when they visit the Online Providers’ websites and mobile apps. This includes hashed email addresses, in addition to cookie data, mobile IDs, IP addresses and other online identifiers.

Where we collect personal data from Database Providers, and hold it in the Database, we are a data controller.

Matching Services and Client Data

Some of our clients provide us with certain offline personal data (for example, names and contact details of all or a set of their current customers), which we match and link on their behalf to the data held in our Databases. This allows us to find online audiences for those clients that are based on their offline data, in order to allow those clients to deliver targeted advertising to the individuals in those online audiences.

We also receive datasets from additional third parties who hold their customers’ personal data (‘Data Store Sellers’), match this to online identifiers using our Databases, and then make the resulting online marketing audience available on our ‘Data Store’ to our clients who wish to carry out marketing (‘Data Store Buyers’).

We also assist our clients in distributing the matched online data and audiences to third parties (‘Distribution Partners’) who use it in the delivery of our clients’ online targeted advertising.

Where we undertake this matching process and make third-party data available on our Data Store, we act as a data processor on behalf of those Data Store Buyers or Data Store Sellers (as applicable).

What This Services Privacy Policy Does Not Apply To

This Services Privacy Policy does not apply to:

  • The collection of personal data about you by LiveRamp’s clients or Data Store Sellers. Our clients are responsible for their own collection practices and use of personal data for marketing and other purposes (including their use of your personal data in our services in connection with sending you online advertising). To find out more about our clients’ collection and use of personal data (which may include personal data about you), we suggest that you review the relevant privacy policy of the company who collected your personal data or is sending you advertising. Further, we suggest that you consult with that company if you have any further questions about that company’s practices in collecting or using your personal data.
  • Personal data collected for LiveRamp’s own direct marketing purposes. For information about our use of your personal data as collected on our websites and services apps and as used for our own direct marketing purposes, please refer to our Marketing and Website Privacy Policy.
  • The collection of personal data in relation to recruitment. For information about our use of your personal data as collected in employment recruitment processes, please refer to our Recruitment Privacy Policy.
  • Third-party websites, plug-ins, and apps linked to from this website.

2. Personal Data LiveRamp Collects And/Or Otherwise Processes About You

We may hold the following categories of your personal data:.

  • Offline information about you that originates from our Database Providers, Data Store Sellers, and our clients. This may include companies who have a direct relationship with you, such as brick-and-mortar retail and grocery stores (including their loyalty card programs), payment card brands, catalog orders, and consumer surveys. Offline information may also originate from third parties who may not have a direct relationship with you but collect offline information from their own offline sources.
  • Online information about you originates from our Online Providers and includes the use of automated technologies that collect online information automatically (such as through cookies and/or similar technologies like pixel tags and device identifiers) that are activated when, for example, you visit or interact on websites operated by Online Providers, or by opening emails from Online Providers. Online information may also originate from information you choose to manually provide to Online Providers (such as when you fill out an online form). We may also process online information from third parties who may not have a direct relationship with you but who collect information using cookies or similar automated technologies as you browse the internet and interact with websites. In some cases we may process this data on behalf of those parties. For the services we offer for which we license this data, we act as the controller. Automated technologies may also allow the collection of Technical Data (described below) about your equipment and your browsing activities and patterns.

Both the offline information and online information that we collect or process can be categorised into various sub-types of data, and could include:

  • Identity Data, such as first name, maiden name, last name, username (or similar identifier), marital status, title, date of birth, and gender;
  • Contact Data, such as postal address, email address, and telephone number;
  • Unique Identifiers and Associated Data, such as the online and offline IDs that we create or collect, including IDs that we use internally only for database matching and identity recognition purposes and IDs that we share with our clients and providers, as well as Technical Data associated with the IDs;
  • Transaction Data, such as details received from our clients about products and services you have purchased or ordered, as well as information related to payments made to and by you;
  • Technical Data, such as internet protocol address (commonly known as your ‘IP address’), your log-in data, web browser type and version used, time zone setting and country, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access websites;
  • Usage Data, such as information about how you use websites and their products and services.

LiveRamp does not collect any ‘special categories of personal data’ (i.e., information about your race, ethnicity, religious or philosophical beliefs, sexual orientation, sex life, political opinions, health, trade union membership, or genetic/biometric data) or any personal information about children under the age of 13.

3. Purposes For Which LiveRamp May Use Your Personal Data

The primary purposes for which LiveRamp will use your personal data is to allow us to create and provide solutions to our clients and providers to be used for recognition and online targeted advertising.

Recognition is where we use personal data stored in our Databases for matching and linking data provided to us by our clients. For example, a client would use our services to better serve advertisements to their customers. Such client sends us a file of their customer data, which we then match to our data. We then delete the original client data and produce resulting matches that are pseudonymised (all directly identifiable personal data is removed and replaced with our proprietary identifiers called ‘IdentityLinks’). We exchange this matched IdentityLink data list (the audience) with our Distribution Partners, who then facilitate the sending or display of the client’s advertisements to those consumers. In this scenario, the client is the data controller of their customer data and LiveRamp is a data processor acting on the client’s behalf. We are, however, a data controller of the personal data in our Database(s), which data is used in the matching process.

The recognition process is used to assist our clients with online targeted advertising and measurement of advertising effectiveness. More specifically, we may process information about you:

  • For online interest-based advertising displayed to you by our Distribution Partners at the direction of our clients. For example, if you have visited a clothing-related website and browsed through or purchased sports clothing, you may then see advertisements for sports clothing on other websites. This is due to a cookie being placed on your device that has associated you with the advertiser’s audience of consumers interested in sports clothing, which is then used by the advertiser through our services and products.
  • For use in the measurement and performance of analytics of the effectiveness of our clients’ advertising campaigns. For example, a sports clothing company wants to better understand if its website advertisements for a new line of sports clothing contributed to an increase in sales. Our services and products can be used by the advertiser to see how many ads were viewed and actually clicked on, and if the consumer purchased any of the advertiser’s sports clothing.
  • For enabling our clients and partners to personalise their products and services to you, such as through website and email personalisation or dynamic marketing and advertising optimisation. For example, if you have previously indicated an interest in sports clothing and then visit a sports clothing company’s website, that company can display offers for sports clothing tailored for you on their website.
  • For enabling our clients and partners to connect your online behavioural preferences across the various browsers and/or devices you use to more accurately market to you. For example, you are logged into multiple devices (such as your desktop, your smartphone, and your tablet) using the same login and have clicked on a sports clothing company’s online advertisement on at least one of those devices. Where we determine that you are most likely the same user logged in on those different devices, we will communicate that information to the partner. The sports clothing company can thus display more consistent offers to you via automated technologies (such as a de-identified cookie ID) on your different devices.
  • For creating modelled audiences to which our clients can market their products and services. For example, a sports clothing company is looking for new potential customers who are likely to be interested in sports clothing. The sports clothing company can use our services and products to look for key characteristics between consumers with similar characteristics that have shown an interest by their online activities in shopping for sports clothing and other consumers with some of the same similar characteristics. A similar interest can be inferred or anticipated based on these similar characteristics, such as from browsing for sports shoes.
  • For enabling our clients to associate information they have collected about you with certain identifiers or data made available as part of our products and services to facilitate the delivery of our clients’ marketing and advertisements to you. For example, a sports clothing company has its own lists of names, emails, and/or addresses of customers who have previously purchased sports clothing from them. The sports clothing company wants to reach out to these customers with online advertising for a discount offer on online purchases. The sports clothing company can use our products and services to convert the company’s lists from identified names, emails, and/or addresses to de-identified groups of cookie and device IDs maintained by us.

In addition to the above, we also process personal data for the following additional purposes:

  • To analyse, develop, and improve the use, function, and performance of our products and services. For example, we may process personal data for our own research and development purposes in support of our products and services, such as to enhance the quality of our products, to develop new features and support new functions of our services, and for internal statistical analyses of our products’ and services’ performance.
  • To manage the security of our sites, networks, and systems, and to operate our business. We may collect usage and systems operations data from our website(s) and/or services platform(s) in order to better manage our operations and/or to help keep our products and services secure (including your information), as well as to investigate and help prevent cyber-attacks or potential fraud, including ad fraud and to detect bots. We may also process personal data in the operation of our day-to-day and overall business, such as when we conduct audits and investigations, as well as for finance, accounting, archiving, and/or insurance purposes.
  • To comply with applicable laws and regulations. In some cases, we may process personal information as part of our compliance with applicable laws and regulations, such as in responding to a request from a regulator or to defend a legal claim.

4. LiveRamp’s Legal Grounds For Use Of Your Personal Data

Where We Are a Data Controller

Where LiveRamp processes personal data in our Databases, we do so on the basis that it is in our legitimate interests to do so, as balanced against your rights and freedoms as individuals. For example, as you use the internet you may notice that advertising is served to you that is relevant to your interests or lifestyle. We feel that the balance of interests leans towards benefits generated for you through personalised communications, which is an integral part of the freely available internet content funded through advertising revenue. In support of this approach, we require that our Database Providers (discussed in Section 3 (Purposes For Which LiveRamp May Use Your Personal Data) above) provide us with the information they provided to individuals at the point of collection and information about the circumstances in which they have collected the personal data they provide to us.

To the extent that the collection of personal data from an Online Provider involved the placement or reading of a cookie (or similar technologies), we rely on consent as the lawful basis for processing. We require all of our Online Providers adhere to all applicable laws, including the laws relating to the collection and use of cookies for advertising purposes.

Where We Are a Data Processor

As discussed in Section 1 (Extent Of This Services Privacy Policy) above, our clients who use our products and services are responsible for their own data use practices, and this includes clients providing us with customer data for recognition and related online advertising.

You can always object to the use of your data for marketing or for any further use under the grounds of legitimate interests. You can also withdraw your consent at any time. Please refer to Section 5 (Your Choices And Rights Regarding Your Personal Data) below.

5. Your Choices and Rights Regarding Your Personal Data

LiveRamp respects that you have the right to have control over your data, so we provide you with multiple choices for managing that control with us.

The rights and choices set out below are applicable only in relation to your personal data which we process as a data controller, and, except for Opt-Outs, do not apply where we process personal data as a data processor on behalf of our clients. Please see Section 1 (Extent Of This Services Privacy Policy) above for more information on this distinction.

Opt Outs

  • Marketing opt outs
    • You can ask us to stop using your personal data for marketing purposes at any time by clicking on this Your Rights page link and utilising the applicable opt-out or other rights request forms found there.
    • Where you opt-out of receiving these marketing messages, this will not apply to personal data collected by us as a result of your visiting our website (www.liveramp.uk). In order to exercise your right to opt-out of having your data collected by us through our website, please email us at ukprivacy@liveramp.com.
  • LiveRamp cookies opt outs
    • Cookies are small text files that are downloaded onto your computer and/or other devices you use to browse the internet and visit a website. Cookies allow us to recognise your device and gather some information about your preferences and past actions, which is then stored in connection with your cookie. The cookies and associated information are used to provide you with a more tailored experience on webpages, including remembering your previous activities on the website, providing you with tailored content based on your previous interactions on that website, and remembering your log-in information (where you choose to allow that).
    • You can change your default browser settings to be notified whenever a new cookie is dropped on your browser, or even to block cookies all together. You can easily opt out of our cookies by clicking on the Your Rights page and choosing the ‘Opt-Out Request’ you want to apply from the drop-down menu.
    • Please be aware:
      • that this opt-out tool only applies to our use of your personal data in our own products and services used by and for our clients and partners, as well as our own use in the support and provision of our products and services;
      • opting out of cookies does not mean that you will stop seeing advertisements on the internet and in emails, but will only prevent the tailoring of the advertising content to you; and
      • our name may still appear as part of some cookie extensions that track advertisements that are shown to you, but none of your data will be collected or processed by us.
  • Advertising technology industry opt outs
  • Mobile opt outs
    • Even though the opt-out methods described above often also work for web browsing on your mobile devices, mobile app environments (such as a web browser on your mobile phone) do not accept or use cookies. Instead, they use a form of mobile ad IDs (‘MAIDs’), also sometimes referred to as ‘Mobile IDs.’ To more easily manage mobile advertising opt outs, you may want to consider installing the AppChoices app provided by the Digital Advertising Alliance (DAA) to exercise opt-out control for specific companies that are members or participants in the DAA, including LiveRamp. More information on how to download and configure the DAA’s AppChoices app relevant for your mobile platform is available here.

Please be aware that if you opt out using any of the first three opt-out methods above, you may still temporarily see interest-based advertising from our clients and partners where their advertising campaigns are already underway. You will, however, be opted out of future advertising campaigns from our clients when they use our products and services.

Also, please be aware that the cookie-based opt-out tools above (which excludes MAIDs opt outs for mobile devices) only prevent us from using your personal information for interest-based advertising on the browser on which they are installed. As a result, these opt-out methods only function if your browser is set to accept third-party cookies and may not function where cookies are sometimes automatically disabled or removed (such as in certain mobile devices and operating systems). If you delete cookies, change your browser settings, use a different browser or computer, or use another operating system, you will need to opt out again, since we do not use persistent, unique identifiers to revive your previously opted-out profile or deleted cookie.

If you would like to opt you out of our use of information about you for our products and services but do not want to receive third-party cookies, you can also change your browser settings on your computer or other device you use to connect to the internet. Most browsers also provide functionality that provides you with the ability to opt out of all advertising cookies, including our cookies.

Accessing Information about You

You have the right to request details about the personal data that we process about you as a data controller by visiting our Your Rights page, and choosing ‘Subject Access Request’ from the drop-down menu. Please ensure that you fill out the necessary information accurately in the form provided so that we can promptly and correctly address your request.

When you make a Subject Access Request to LiveRamp, you are entitled to all the information that we may hold on you that we process as a data controller. The information that we provide back to you includes:

  • Opt-Out Report, which is a report indicating if you are listed in our existing opt-out list (both for offline and online suppression lists);
  • Offline Data, which includes offline identifiers (this means personal data such as your name, address, email, phone) and/or attributes (such as demographic data), depending on what offline data about you we hold; and
  • Online Data, such as your MAID and cookie ID(s) that we have associated with you.

Please be aware that we may need you to confirm your identity before fulfilling your request, such as by asking you for a scan of your government-issued ID. We do this to help ensure that we do not provide your information to someone that may not be you.

Requesting Information about You to be Rectified

If you feel that we may have processed personal data about you that is incorrect, or if you wish for us to amend any information about you that we hold that may have changed or is out of date in any way (for example, you now have a different email address than what you believe we have in our system for you), then please visit the Your Rights page and choose ‘Other Privacy Inquiries or Application of Rights’ from the drop-down menu. Please fill out the information you would like us to correct in the ‘Message Us’ box, indicating what information we may have in the system for you and what you would like us to change it to.

Deleting Information about You

You can request that we delete all personal data that we process about you as a data controller by visiting the Your Rights page and choose ‘Other Privacy Inquiries or Application of Rights’ from the drop-down menu. Please fill out the form accurately by providing us with your email address and indicating in the ‘Message Us’ box that you would like to request an erasure.

Please be aware that we may need to ‘suppress’ your details if your objective is to stop your data being used for marketing. Suppression involves retaining just enough information about you to ensure that your preference not to receive marketing is respected in future.

6. LiveRamp’s Disclosures Of Your Personal Data

Providing our products and services sometimes results in the need to disclose personal data to our clients (or their advertising agencies) who are ‘brands’ for their use in marketing and advertising to consumers like you. Some examples of our clients’ industry types that you could expect to use your data include automotive, charity, education, gaming, retail, travel and leisure, financial services (such as retail banking, investments, loans, credit cards, insurance, wills, and funeral plans), health/mobility, home improvements, mail order, market research, publishing and media (including social media), consumer goods (such as cosmetics and food), telecommunications, and utilities.

In the performance and provision of our products and services, we may also disclose personal data to our Distribution Partners, such as online advertising platforms and other marketing companies who send you advertisements at the direction of their own advertising clients.

We do not disclose the personal data stored in our Database to any clients or Distribution Partners other than for initial integration with some Distribution Partners where this is strictly necessary. The only information that is provided to clients is pseudonymised (or ‘de-identified’) IdentityLinks that we create from the underlying data in our Databases.

We may also disclose personal data to our own third-party service providers who support us and our own services and products. We do not allow our third-party service providers to use your personal data for their own purposes, and we only permit them to process your personal data per our instructions for specified purposes in accordance with GDPR.

LiveRamp requires all third parties to whom we distribute your personal data to respect the security of your personal data and to treat it in accordance with the law. We make efforts to ensure that the recipients of your data are reputable entities, including by conducting appropriate checks on them.

Third Parties to Whom We May Choose to Sell, Transfer, or Merge Parts of Our Business or Assets

As part of our business activities, we may seek to acquire or merge with other businesses. If such a change happens to our business, then the new owners may use your personal data in the same way as set out in this Services Privacy Policy.

Please be aware that we may also be required to disclose personal data to comply with legal obligations (such as subject to a subpoena or other legal processes), in order to protect both your and our rights, and to ensure your safety, as also discussed in Section 3 (Purposes For Which LiveRamp May Use Your Personal Data) above. Such instances can include situations where we must respond to government requests, investigate fraud, and even where we respond to public and government authorities outside your country of residence for national security and/or law enforcement purposes.

7. LiveRamp’s International Transfers Of Personal Data

LiveRamp is a global organisation, which means that in the performance of our services we may transfer your data outside the European Economic Area (‘EEA’).

Whenever we transfer your personal data out of the EEA, we require that a degree of protection similar to the protection that we provide ourselves is afforded to your data. We do this by requiring that at least one of the following safeguards is implemented:

Should you have any further questions or require further information on the specific mechanism(s) used by us when transferring your personal data out of the EEA, then please contact us via email at ukprivacy@liveramp.com.

8. Data Security

LiveRamp takes protection of your data seriously, and we have implemented appropriate technical, organisational, and physical measures to prevent your personal data from being accidentally lost, altered, disclosed, or used or accessed in an unauthorised way. In addition, we limit internal access to your personal data to our employees, agents, contractors, and other third parties who have a legitimate business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. Data Retention

How Long LiveRamp Will Use Your Personal Data

We take various factors into consideration to determine the appropriate retention period for your personal data, including:

  • the amount, nature, and sensitivity of the personal data;
  • the potential risk of harm from unauthorised use or disclosure of your personal data;
  • the purpose(s) for which we process your personal data;
  • whether we can achieve such purpose(s) through other means; and
  • the implications of retaining your personal data on our applicable legal, regulatory, tax, accounting, and/or other necessities and obligations.

Based on these criteria, we store your information for the following retention periods:

We will not store your personal data for longer than necessary to fulfil the purposes we collected it for or for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may, however, retain your personal data for a longer period as reasonably necessary for us to deal with a complaint or if we reasonably believe that litigation may be likely with respect to our relationship with you or our use or retention of your personal data.

In some circumstances you can ask us to delete your data despite these retention periods. To find out more, click to go to the Your Rights page or read more in Section 5 (Your Choices And Rights Regarding Your Personal Data) above.

10. LiveRamp Contact Details

If you have any questions about this Services Privacy Policy or our privacy practices, please contact us or our data protection officer in the following ways:

By email to LiveRamp:

By post to LiveRamp:

  • LiveRamp UK Limited, 5th Floor South Bank Central, 5 Hatfields, London, SE1 9PG

By post to our DPO:

  • ePrivacy GmbH, Prof. Dr. Christoph Bauer, Große Bleichen 21, 20354 Hamburg

You have the right to make a complaint at any time by contacting the Information Commissioner’s Office (‘ICO’), who is the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to address your concerns directly with you before you approach the ICO and ask that you please contact us first.

11. Updates

This Services Privacy Policy has been updated on:

  • 13th May 2019, updated and revised to more clearly address your rights and our obligations under GDPR.
  • July 2019, updated and revised to more clearly identify when we are a data controller and when we are a data processor, and when we rely on legitimate interests.