- 2. The Data LiveRamp Collects Or Processes About You
- 3. LiveRamp’s Uses Of Your Personal Data
- 4. Your Choices Regarding Your Data
- 5. LiveRamp’s Disclosures Of Your Personal Data
- 6. LiveRamp’s International Transfers Of Personal Data
- 7. Data Security
- 8. Data Retention
- 9. Your Legal Rights
- 10. LiveRamp Contact Details
- 11. Updates
- We act as a data controller with respect to personal data about data subjects that we may collect from our providers, partners, clients, and prospective clients; personal data about data subjects that we receive from our data partners; and personal data about data subjects we may collect ourselves (such as from cookies placed by us and by our clients and/or partners from your visits to this and those clients’ or partners’ websites).
- We act as a data processor to the extent that we process personal data about data subjects at the direction of our clients and partners, including personal data that we receive from them. In this instance, our clients and partners are considered data controllers, and we process the personal data according to our contractual requirements and other written instructions from each such data controller and in accordance with GDPR requirements.
Where we obtain information from partner companies, those partner companies or their providers may have collected the personal data directly from data subjects like you. For example, you may have volunteered your personal data to that company or its own providers (such as by completing a lifestyle survey), bought goods from that company or its providers, or subscribed to services provided by that company or its providers.
- Third-party websites, plug-ins, and apps linked to from this website.
2. The Data LiveRamp Collects Or Processes About You
In the production and performance of our products and services for our clients and some partners, we may collect and/or process information about you that has been made available to us and/or such clients or partners by publicly available sources and/or data partners. Such information may originate from both offline and online sources.
- Offline information about you originates from our clients, partners, and/or providers who may have a direct relationship with you, such as brick-and-mortar retail and grocery stores (including their loyalty card programs), payment card brands, catalog orders, and consumer surveys. Offline information may also originate from third parties who may not have a direct relationship with you but collect offline information from their own offline partners.
- Online information about you originates from the use of automated technologies that collect online information automatically (such as through cookies and/or similar technologies like pixel tags and device identifiers) that are activated when, for example, you visit or interact on websites operated by us, our clients, or our partners, or by opening emails from us, our clients, and/or our partners. Online information may also originate from information you choose to manually provide (such as when you fill out an online form). We may also obtain online information from third parties who may not have a direct relationship with you but who collect information using cookies or similar automated technologies as you browse the internet and interact with websites. Automated technologies may also allow the collection of Technical Data (described below) about your equipment and your browsing activities and patterns.
Both the offline information and online information that we collect or process can be categorised into various sub-types of data, and could include:
- Identity Data, such as first name, maiden name, last name, username (or similar identifier), marital status, title, date of birth, and gender;
- Contact Data, such as postal address, email address, and telephone number;
- Unique Identifiers and Associated Data, such as the online and offline IDs that we create or collect, including IDs that we use internally only and IDs that we share with our clients and partners, as well as metadata associated with the IDs, such as timestamp and the website address where you clicked a link;
- Transaction Data, such as details about products and services you have purchased or ordered, as well as information related to payments made to and by you;
- Technical Data, such as internet protocol address (commonly known as your “IP address”), your login data, web browser type and version used, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access websites;
- Usage Data, such as information about how you use websites and their products and services.
LiveRamp does not collect any sensitive data (i.e., information about your race, ethnicity, religious or philosophical beliefs, sexual orientation, sex life, political opinions, health, trade union membership, or genetic/biometric data) or any personal information about children under the age of 13.
Please be aware that as a processor for our clients and partners who are acting as controllers, we may process your personal data without your knowledge or consent where this is required or permitted by law, but in all cases subject to our legal grounds as described below under the “LiveRamp’s Legal Grounds for Processing Your Personal Data” heading under Section 3 (LiveRamp’s Uses Of Your Personal Data).
3. LiveRamp’s Uses Of Your Personal Data
LiveRamp will only use your personal data as the law allows us to do. Most commonly, we will use your personal data to allow us to create and provide solutions to our clients and partners to be used for recognition and online targeted advertising.
- Recognition is where we use the data for matching and linking to other databases, such as those of our clients and partners. For example, a partner would like to use our products and services to better serve advertisements to consumers. The partner sends us a file of their consumer data, which we then match to our data and produce a listing of the resulting matches. We both then use that matched list to exchange data so that the partner can more accurately serve its clients’ advertising to consumers like you.
- Online targeted advertising is where our recognition tools are used to enable our clients to:
- customise their online advertising to members of a specific audience;
- measure the effectiveness of their advertising campaigns;
- connect their data to marketing platforms; and/or
- share that data with other advertisers.
For example, an advertiser client sends us a list of its customers’ names and addresses because they would like to advertise to similar data subjects. We then match their data to our data and provide the resulting pool of data subjects to the client’s advertising service partners, who then send or display the client’s advertisements to those data subjects.
Purposes for Which We May Use Your Personal Data
LiveRamp processes your data for various purposes, which may include one or more of the following:
- To assist our clients and partners in marketing products and services to you. We process personal information about you to help enable our clients and partners to market products and services to you both online and offline based on your interests. More specifically, we may process information about you:
- For online interest-based advertising displayed to you by our partners at the direction of our clients. For example, if you have visited a clothing-related website and browsed through or purchased sports clothing, you may then see advertisements for sports clothing on other websites. This is due to a cookie being placed on your device that has associated you with the advertiser’s audience of consumers interested in sports clothing, which is then used by the advertiser through our services and products.
- For use in the measurement and performance of analytics of the effectiveness of our clients’ advertising campaigns. For example, a sports clothing company wants to better understand if its website advertisements for a new line of sports clothing contributed to an increase in sales. Our services and products can be used by the advertiser to see how many ads were viewed and actually clicked on, and if the consumer purchased any of the advertiser’s sports clothing.
- For enabling our clients and partners to personalise their products and services to you, such as through website and email personalisation or dynamic marketing and advertising optimisation. For example, if you have previously indicated an interest in sports clothing and then visit a sports clothing company’s website, that company can display offers for sports clothing tailored for you on their website.
- For enabling our clients and partners to connect your online behavioural preferences across the various browsers and/or devices you use to more accurately market to you. For example, you are logged into multiple devices (such as your desktop, your smartphone, and your tablet) using the same login and have clicked on a sports clothing company’s online advertisement on at least one of those devices. Where we determine that you are most likely the same user logged in on those different devices, we will communicate that information to the partner. The sports clothing company can thus display more consistent offers to you via automated technologies (such as a de-identified cookie ID) on your different devices.
- For creating modelled audiences to which our clients can market their products and services. For example, a sports clothing company is looking for new potential customers who are likely to be interested in sports clothing. The sports clothing company can use our services and products to look for key characteristics between consumers with similar characteristics that have shown an interest by their online activities in shopping for sports clothing and other consumers with some of the same similar characteristics. A similar interest can be inferred or anticipated based on these similar characteristics, such as from browsing for sports shoes.
- For enabling our clients to associate information they have collected about you with certain identifiers or data made available as part of our products and services to facilitate the delivery of our clients’ marketing and advertisements to you. For example, a sports clothing company has its own lists of names, emails, and/or addresses of customers who have previously purchased sports clothing from them. The sports clothing company wants to reach out to these customers with online advertising for a discount offer on online purchases. The sports clothing company can use LiveRamp’s products and services to convert the company’s lists from identified names, emails, and/or addresses to de-identified groups of cookie and device IDs maintained by LiveRamp’s.
- To analyse, develop, and improve the use, function, and performance of our products and services. For example, we may process personal information for our own research and development purposes in support of our products and services, such as to enhance the quality of our products, to develop new features and support new functions of our services, and for internal statistical analyses of our products’ and services’ performance.
- To manage the security of our sites, networks, and systems, and to operate our business. We may collect usage and systems operations data from our website(s) and/or services platform(s) in order to better manage our operations and/or to help keep our products and services secure (including your information), as well as to investigate and help prevent cyber-attacks or potential fraud, including ad fraud and to detect bots. We may also process personal information in the operation of our day-to-day and overall business, such as when we conduct audits and investigations, as well as for finance, accounting, archiving, and/or insurance purposes.
- To comply with applicable laws and regulations. In some cases, we may process personal information as part of our compliance with applicable laws and regulations, such as in responding to a request from a regulator or to defend a legal claim.
LiveRamp’s Legal Grounds for Use of Your Personal Data
We rely on your consent for the purpose of enabling our clients and partners to use our products and services to market their own products and services to you, including those uses described above under the “Purposes for Which We May Use Your Personal Data” subheading. Except where we specifically and directly collect your information ourselves (such as via our own website or our direct interaction with you), your consent is obtained by our clients and partners themselves (or by their other data providers) or on behalf of LiveRamp and its clients and partners by our third-party data providers. Our clients and partners are required to separately ensure that they have the permission(s) to use your information and to provide LiveRamp with the right to use your information in accordance with GDPR.
You can always withdraw or modify (where applicable) your consent. Please refer to Section 4 (Your Choices Regarding Your Data) below for further details on how to opt out of interest-based data processing based on your consent.
Please be aware that we may process your personal data for more than one legal ground depending on the specific purpose(s) for which we are using your data. You can contact us through the Your Rights page if you need details about the specific legal ground(s) we are relying on to process your personal data and to find out if more than one legal ground applies.
Change(s) of Purpose
We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If you wish for us to provide you with an explanation as to how our processing for the new purpose is compatible with the original purpose, please contact us at firstname.lastname@example.org.
4. Your Choices Regarding Your Data
LiveRamp respects that you have the right to have control over your data, so we provide you with multiple choices for managing that control with us.
- Marketing opt outs
- You can ask us to stop sending you marketing messages as enabled for our clients by LiveRamp’s services at any time by clicking on this Your RightsYOUR RIGHTS page link and utilise the applicable opt-out or other rights request forms found there.
- Where you opt-out of receiving these marketing messages, this will not apply to personal data collected by us as a result of your visiting our website (www.liveramp.uk). In order to exercise your right to opt-out of having your data collected by us through our website, please email us on: email@example.com.
- LiveRamp cookies opt outs
- Cookies are small text files that are downloaded onto your computer and/or other devices you use to browse the internet and visit a website. Cookies allow us to recognize your device and gather some information about your preferences and past actions, which is then stored in connection with your cookie. The cookies and associated information are used to provide you with a more tailored experience on webpages, including remembering your previous activities on the website, providing you with tailored content based on your previous interactions on that website, and remembering your log-in information (where you choose to allow that).
- You can change your default browser settings to be notified whenever a new cookie is dropped on your browser, or even to block cookies all together. You can easily opt out of our cookies by clicking on the Your Rights page and choosing the “Opt-Out Request” you want to apply from the drop-down menu.
- Please be aware:
- that this opt-out tool only applies to our use of your personal data in our own products and services used by and for our clients and partners, as well as our own use in the support and provision of our products and services;
- opting out of cookies does not mean that you will stop seeing advertisements on the internet and in emails, but will only prevent the tailoring of the advertising content to you; and
- our name may still appear some cookie extensions that track advertisements that are shown to you, but none of your data will be collected or processed by us.
- Advertising technology industry opt outs
- You may also opt out of our processing of your information for our products and services by using the opt-out tools provided by the following industry groups:
- Mobile opt outs
Please be aware that if you opt out using any of the first three opt-out methods above, you may still temporarily see interest-based advertising from our clients and partners where their advertising campaigns are already underway. You will, however, be opted out of future advertising campaigns from our clients when they use our products and services.
Also, please be aware that the cookie-based opt out tools above (which excludes MAIDs opt outs for mobile devices) only prevent us from using your personal information for interest-based advertising on the browser on which they are installed. As a result, these opt-out methods only function if your browser is set to accept third-party cookies and may not function where cookies are sometimes automatically disabled or removed (such as in certain mobile devices and operating systems). If you delete cookies, change your browser settings, use a different browser or computer, or use another operating system, you will need to opt out again, since we do not use persistent, unique identifiers to revive your previously opted-out profile or deleted cookie.
If you would like to opt you out of our use of information about you for our products and services but do not want to receive third-party cookies, you can also change your browser settings on your computer or other device you use to connect to the internet. Most browsers also provide functionality that provides you with the ability to opt out of all advertising cookies, including our cookies.
Accessing Information about You
You have the right to request details about the information that we may have collected about you over time by visiting our Your Rights page, and choosing “Subject Access Request” from the drop-down menu. Please ensure that you fill out the necessary information accurately in the form provided so that we can promptly and correctly address your request.
When you make a Subject Access Request to LiveRamp, you are entitled to all the information that we may hold on you. The information that we provide back to you includes:
- Opt-Out Report, which is a report indicating whether you are listed in our existing opt-out list (both for offline and online suppression lists).
- Offline Data, which includes offline identifiers (this means personal data such as your name, address, email, phone) and/or attributes (such as demographic data), depending on what offline data about you we hold.
- Online Data, such as your MAID or IDFA and cookie ID(s) that we have associated with you.
Please be aware that we may need you to confirm your identity before fulfilling your request, such as by asking you for a scan of your government-issued ID. We do this to help us ensure that we do not provide your information to someone that may not be you.
Requesting Information about You to be Rectified
If you feel that we may have processed information about you that is incorrect, or if you wish for us to amend any information about you that we hold that may have changed or is out of date in any way (for example, you now have a different email address than what you believe we have in our system for you), then please visit the Your Rights page and choose “Other Privacy Inquiries or Application of Rights” from the drop-down menu. Please do fill out the information you would like us to correct in the “Message Us” box, indicating what information we may have in the system for you, and what you would like us to change it to.
Deleting Information about You
You can request that we delete all personal information that we may have collected about you by visiting the Your Rights page and choose “Other Privacy Inquiries or Application of Rights” from the drop-down menu. Please then fill out the form accurately by providing us with your email and indicating in the “Message Us” box that you would like to request an erasure.
5. LiveRamp’s Disclosures Of Your Personal Data
Providing our products and services sometimes results in the need to disclose personal data to our clients (or their advertising agencies) who are ‘brands’ for their use in marketing and advertising to consumers like you. Some examples of our clients’ industry types that you could expect to use your data include automotive, charity, education, gaming, retail, travel and leisure, financial services (such as retail banking, investments, loans, credit cards, insurance, wills and funeral plans), health/mobility, home improvements, mail order, market research, publishing and media (including social media), consumer goods (such as cosmetics and food), telecommunications, and utilities.
In the performance and provision of our products and services, we may also disclose personal data to our partners, such as online advertising platforms and other marketing companies who send you advertisements at the direction of their advertising clients.
We may also disclose personal data to our own third-party service providers who support us and our own services and products. We do not allow our third-party service providers to use your personal data for their own purposes, and we and only permit them to process your personal data for specified purposes in accordance with GDPR as per our instructions.
Where we disclose your personal data to our clients and partners, those clients and partners may use your personal data for one or more of the following purposes:
- to send you relevant marketing or other communications;
- to improve the relevance of marketing or other communications to you and other consumers;
- to clean, validate, and enhance their marketing or other relevant database(s);
- to undertake research and analysis;
- for product development and testing;
- for consumer identity validation and fraud reduction;
- to support their relationships with consumers like you;
- to connect and link your data to other marketing and advertising databases and platforms;
- for work planning, management, and strategic decision making; and
- for the fulfilment of statutory functions, such as reminding people about TV licenses.
LiveRamp requires all third parties to which we distribute your personal data to respect the security of your personal data and to treat it in accordance with the law. We make efforts to ensure that the recipients of your data are reputable entities, including by conducting appropriate checks on them.
Third Parties to Whom We May Choose to Sell, Transfer, or Merge Parts of Our Business or Assets
Please be aware that we may also be required to disclose personal data to comply with legal obligations (such as subject to a subpoena or other legal processes), in order to protect both your and our rights, and ensure your safety, as also discussed in Section 3 (LiveRamp’s Uses Of Your Personal Data), under the heading Purposes for Which We May Use Your Personal Data. Such instances can include situations where we must respond to government requests, investigate fraud, and even respond to public and government authorities outside your country of residence for national security and/or law enforcement purposes.
6. LiveRamp’s International Transfers Of Personal Data
LiveRamp is a global organisation, which means that in the performance of our services we may transfer your data outside the European Economic Area (‘EEA’).
- Whenever we transfer your personal data out of the EEA, we require that a degree of protection similar to the protection that we provide ourselves is afforded to your data. We do this by requiring that at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the United States, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between Europe and the United States. For further details, see European Commission: EU-US Privacy Shield.
Should you have any further questions or require further information on the specific mechanism(s) used by us when transferring your personal data out of the EEA, then please contact us via email to firstname.lastname@example.org.
7. Data Security
LiveRamp takes protection of your data seriously and have implemented appropriate technical, organisational, and physical measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed. In addition, we limit internal access to your personal data to our employees, agents, contractors, and other third parties who have a legitimate business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. Data Retention
How Long LiveRamp Will Use Your Personal Data
We take various factors into consideration to determine the appropriate retention period for your personal data, including:
- the amount, nature, and sensitivity of the personal data;
- the potential risk of harm from unauthorised use or disclosure of your personal data;
- the purposes for which we process your personal data;
- whether we can achieve those purposes through other means; and
- the implications of retaining your personal data on our applicable legal, regulatory, tax, accounting, and/or other necessities and obligations.
Based on these criteria, we store your information for the following retention periods:
- Online information about you may be retained for up to six (6) months (except for device identifiers which may be retained until necessary for the applicable purposes described in Section 3).
- Offline information about you will be retained while there’s a continuing need to keep it for the applicable purposes described in Section 3. Data that’s no longer needed for any purpose will be disposed of.
- Personal information relating to exercising your rights as set out in Section 9 (Your Legal Rights) shall be retained for record purposes in accordance with applicable law.
- Personal information necessary to preserve your opt-out preferences is retained indefinitely unless you request erasure as further described in Section 4 (Your Choices Regarding Your Data) above.
We will not store your personal data for longer than necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may, however, retain your personal data for a longer period as reasonably necessary for us to deal with a complaint or if we reasonably believe that litigation may be likely with respect to our relationship with you or our use or retention of your personal data.
9. Your Legal Rights
The GDPR provides individuals in the EU with certain rights in certain circumstances, such as your right to make a subject access request to receive information about your personal data that we have collected (or may collect) over time. In respect of your rights and privacy, we have created the Your Rights page to allow you to easily exercise your rights with us.
No Fee Is Usually Required
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we are permitted by law and may charge you a reasonable fee if your request is determined to be clearly unfounded, or if you submit repetitive or excessive requests. Alternatively, we are permitted by law to refuse to comply with your request in these circumstances.
What LiveRamp May Need from You to Act on Your Request
In order to carry out your requests, we may need to request specific information from you to help us confirm your identity and ensure that your access request is applicable to your own personal data (for both access and to exercise any of your other rights). This is a security measure that we implement to help ensure that your personal data is not disclosed to any other person who has no right to receive it. We may also contact you to ask you for further information related to your request to help speed up our response.
LiveRamp’s Time Limit to Respond to Your Request
We try to respond to all legitimate requests within one (1) month. It could, however, occasionally take us longer than a month if your request is particularly complex or if you have made a number of requests. In these situations, we will notify you and keep you updated on the status of your request.
10. LiveRamp Contact Details
By email to LiveRamp:
By post to LiveRamp:
- LiveRamp UK Limited, 5th Floor South Bank Central, 5 Hatfields, London, SE1 9PG
By post to our DPO:
- ePrivacy GmbH, Prof. Dr. Christoph Bauer, Große Bleichen 21, 20354 Hamburg
You have the right to make a complaint at any time by contacting the Information Commissioner’s Office (‘ICO’), who is the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to address your concerns directly with you before you approach the ICO and ask that you please contact us first.
13th May 2019, updated and revised to more clearly address your rights and our obligations under GDPR.