IAS Website Privacy Policy
1.0 Applicability and Scope
1.1 Applicability
The IAS Website Privacy policy (hereafter referred to as this “Policy”) applies to the various operations within Integral Ad Science Holding Corp. (IAS) its sales platforms, all employees and, as applicable, subsidiaries, affiliates and third parties that support IAS’ business activities (collectively, “IAS Entities”). This Policy establishes the minimum requirements for IAS and its entities.
1.2 Scope
This privacy policy applies to Personal Data that IAS collects, uses, and discloses from IAS corporate websites (“Websites”). This policy does not cover data that is collected, used, or disclosed through IAS’s Technology Solutions or the IAS Portal (the “Platform”). For more information on privacy as it relates to the IAS Platform, please see IAS Technology and Platform Privacy Policy here .
If the visitor and/por client has a disability which prevents them from electronically accessing this privacy policy and require it to be provided in alternative format (e.g., audio, large print), they can send IAS a message at privacy privacy@integralads.com for assistance.
IAS is the “data controller,” as defined by the EU General Data Protection Regulation for the Personal Data collected through our Websites.
2.0 Overview and Purpose
Integral Ad Science, Inc. and its subsidiaries (“IAS”) is a global measurement and analytics company that builds verification, optimization, and analytics solutions to empower the advertising industry to invest with confidence and activate consumers everywhere, on every device. As part of its role in promoting trust and transparency in digital advertising, IAS takes its responsibilities with respect to privacy seriously. This Policy is provided to visitors and others whose Personal Data is collected by IAS. IAS knows that visitors and others care about how their information and Personal Data is collected, used, shared, and retained.
IAS is the “data controller,” as defined by the EU General Data Protection Regulation for the Personal Data collected through IAS Websites.
3.0 Policy Content
3.1 Definitions
The following acronyms and terms are used within this document.
Term | Definition |
---|---|
Personal Data | Business contact information collected from visitors and clients who wish to obtain information or support, or to purchase their Technology Solutions. Contact information includes first name, last name, business email address, job title, name of the organization, country, business phone number, and organization type. |
Visitors and Clients | Visitors to IAS websites as well as IAS clients (or potential clients), whose Personal Data (when collected by IAS) are subject to this Policy. |
Website | www.integralads.com and any other website where this Policy is displayed. |
3.2 Business Requirements
3.2.1 Information IAS Collects
3.2.1.1 Information about website visitors (end-users) that they provide
IAS and third-party vendors (which provide services to IAS [“Sub Processors”]), may collect information visitors and/or clients provide directly to IAS and/or its Sub Processors via the Website. For example, IAS collects information when visitors and/or clients submit an inquiry via the “Contact Us” form on the IAS Website. Information IAS and its Sub Processors collect may include:
• Contact Personal Data: IAS collect business contact information from visitors and clients who wish to obtain information or support, or to purchase its Technology Solutions. Contact information is provided via browser forms, online order forms, email, sweepstakes, and during events via submission of business cards or physical forms and include first name, last name, business email address, job title, name of visitor’s and/or client’s organization, country, business phone number, and organization type.
• Aggregate Data: In an ongoing effort to better understand IAS clients and visitors, and how they interact with its Website, IAS may analyze their information in aggregate form to operate, maintain, manage, and improve its Website. This aggregate data does not identify visitors and/or clients personally. IAS may share this aggregate data with itsaffiliates, agents, and business partners. IAS may also disclose aggregated user statistics in order to describe its Technology Solutions, Website, and Client Portal to current and prospective business partners and to other third parties for additional lawful purposes.
3.2.1.2 Information collected automatically
IAS and its Sub Processors may also automatically collect certain information about clients and/or visitors when they access or use the Website (“Usage Information”). Usage Information may include IP address, device identifier, browser type, operating system, information about clients’ and visitors’ use of the Website, and data regarding network connected hardware (e.g., computer or mobile device). Except to the extent required by applicable law, IAS does not consider Usage Information to be Personal Data. The methods that may be used on the Website to collect Usage Information include:
• Log Information: Log information is data about clients and/or visitors use of the Website, such as IP address, browser type, Internet service provider, referring/exit pages, operating system, date/time stamps, and related data, and may be stored in log files.
• Information Collected by Cookies and Other Tracking Technologies: Cookies, web beacons (also known as “tracking pixels”), embedded scripts, location-identifying technologies, fingerprinting, device recognition technologies, in-app tracking methods, and other tracking technologies now and hereafter developed (“Tracking Technologies”) may be used to collect information about interactions with the Service or e-mails.
Some information about client’s and/or visitor’s use of the Website and certain Third-Party Services (defined below) may be collected using tracking technologies across time and services and used by IAS and third parties for purposes such as to associate different devices they use and deliver relevant ads and/or other content to them on the Website and certain Third-Party Services. IAS does not recognize browser “Do Not Track” signals.
3.2.2 How IAS uses the information it obtains
IAS may use information collected about clients and/or visitors from the Website for the following purposes:
• To facilitate, manage, personalize, and improve the visitor’s online experience.
• To process the visitor’s registration and manage their account.
• To transact with the visitor and/or client, provide services or information that they request, respond to their comments, questions, and requests, serve them content and/or advertising, and send them notices.
• To improve the Website.
• To tailor IAS content, advertisements, and offers.
• To fulfill other purposes disclosed at the time the visitor and/or client provides the Personal Data or otherwise where IAS are legally permitted or are required to do so.
• To prevent and address fraud, breach of policies or terms, and threats of harm.
3.2.3 How and why IAS discloses visitor’s and/or client’s personal data
3.2.3.1 Disclosures to Third Parties
Like many businesses, IAS hires other companies to perform certain business-related services. IAS may disclose Personal Data to certain types of third-party companies but only to the extent needed to enable them to provide such services. The types of companies that may receive Personal Data and their functions are: direct marketing assistance (including disclosure to IAS distributors for direct marketing of IAS Technology Solutions), data storage, hosting services, and disaster recovery services.
All such third parties function as IAS agents, performing services at its instruction and on IAS behalf pursuant to contracts which require they provide at least the same level of privacy protection as is required by this Privacy Policy and implemented by IAS.
3.2.3.2 Disclosures to Affiliates
IAS may also disclose Personal Data to its affiliates in order to support the marketing, sale, and delivery of IAS Technology Solutions. Personal Data may be disclosed between affiliate, subsidiary, and parent organizations of IAS.
3.2.3.3 Business Disclosures
IAS may share visitor’s and/or client’s Personal Data, in connection with or during negotiations of any proposed or actual financing of IAS business, or merger, purchase, sale, joint venture, or any other type of acquisition or business combination of all or any portion of IAS’s assets, or transfer of all or a portion of IAS’s business to another company, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.
3.2.3.4 Disclosures to Public Authorities
IAS may share visitor’s and/or client’s Personal Data to comply with the law, law enforcement or other legal process, and, where permitted, in response to a government request. IAS may also disclose Personal Data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
3.2.4 Third-party content, services, analytics, and social features
The Website may include hyperlinks to websites, platforms, applications, or services operated by third parties (“Third-Party Service(s)”). These Third-Party Services may use their own cookies, web beacons, and other tracking technologies to independently collect information about visitors and/or clients and may solicit Personal Data from them.
Certain functionalities on the Website permit interactions that visitors and/or clients initiate between the Website and certain Third-Party Services, such as third-party social networks (“Social Features”). Examples of Social Features include: “liking” or “sharing” IAS’s content or logging in to the Service using a Third-Party account (e.g., using LinkedIn to sign in to the Website). If they post information on a Third-Party service that references IAS (e.g., by using a hashtag associated with IAS in a tweet or status update), their post may be used on or in connection with the Website or otherwise by IAS. Also, both IAS and the Third-Party may have access to certain information about visitors and/or clients and their use of the Service and other Third-Party Services.
IAS may engage and work with Sub Processors and other Third Parties to serve advertisements on Third-Party Services. Some of these ads may be tailored to visitor’s and/or client’s interests based on their browsing of the Website and elsewhere on the Internet, which may include use of precise location and/or Cross-device Data, sometimes referred to as “interest-based advertising” and “online behavioral advertising” (“Interest-based Advertising”), which may include sending visitors and/or clients an ad on a Third-Party service after they have left the Website (i.e., “retargeting”).
IAS may use Google Analytics or other Sub Processors for analytics services. These analytics services may use cookies and other tracking technologies to help IAS analyze Website users and how they use the Website. Information generated by these services (e.g., their IP address and other Usage Information) may be transmitted to and stored by these Sub Processors on servers in the U.S. (or elsewhere) and these Sub Processors may use this information for purposes such as evaluating visitor’s and/or clients’ use of the Website, compiling statistic reports on the Website’s activity, and providing other services relating to Website activity and other Internet usage.
Information collected, stored, and shared by third parties remains subject to their privac y policies and practices, including whether they continue to share information with IAS, the types of information shared, and their choices on what is visible to others on Third-Party Services. IAS is not responsible for, and makes no representations regarding, the policies or business practices of any third parties, including, without limitation, analytics Sub-Processors and Third-Party Services associated with the Website. IAS encourages visitors and/or clients to familiarize themselves with and consult their privacy policies and terms of use.
3.2.5 Visitor and client rights
3.2.5.1 Opt-Out for Direct Marketing; Email Management
Visitors and/or clients may opt out at any time from the use of their Personal Data for direct marketing purposes, and/or the transfer of their Personal Data to third parties for direct marketing purposes here. Visitors and/or clients should allow IAS a reasonable time to process their request.
Visitors and/or clients may also manage their receipt of marketing and non-transactional communications by visiting IAS’ Online Subscription Management Center or clicking on the “unsubscribe here” link located on the bottom of any IAS marketing email communications and following the instructions found on the page to which the link takes them. Visitors and/or clients cannot opt out of receiving transactional emails related to their account or purchase orders.
3.2.5.2 Data subject rights
The law in some jurisdictions provides individuals in those jurisdictions with certain rights regarding their Personal Data. Subject to certain exceptions, they have the right to ask IAS to:
• Provide visitors and/or clients with information about IAS processing of their Personal Data and give them access to their Personal Data.
• Update or correct inaccuracies in their Personal Data.
• Delete their Personal Data.
• Transfer a machine-readable copy of their Personal Data to visitors and/or clients or a third party of their choice.
• Restrict the processing of their Personal Data.
• Object to IAS processing of their Personal Data for direct marketing purposes.
• Obtain information about and object to IAS reliance on IAS legitimate interests as the basis for processing of visitors and/or clients Personal Data.
Visitors and/or clients can submit these requests via IAS Privacy Request Portal here or IAS postal address provided below. IAS may request specific information from visitors and/or clients to help IAS confirm their identity prior to processing their request. Applicable law may require or permit IAS to decline visitor’s and/or client’s request. If IAS decline their request, IAS will tell them why, subject to legal restrictions. If vsitors and/or clients have questions regarding their Personal Data processing or if they would like to submit a complaint, they may contact IAS at privacy@integralads.com. They may also contact IAS Data Protection Officer at the contact information below. IAS will do its best to resolve any questions or concerns that visitors and/or clients may have. Visitors and/or clients may also submit a complaint to the data protection regulator in their jurisdiction.
3.2.6 Legal bases for processing
IAS’ processing of visitor’s and/or client’s Personal Data is carried out pursuant to the following legal bases:
• The processing is necessary for IAS to provide visitors and/or clients with the products and services they request, or to respond to their inquiries.
• IAS has a legal obligation to process visitor’s and/or client’s Personal Data, such as compliance with applicable tax and other government regulations or compliance with a court order or binding law enforcement request.
• IAS has a legitimate interest in carrying out the processing activity. In particular, IAS has a legitimate interest in the following cases:
o To analyze and improve the safety and security of the Website. This includes implementing and enhancing security measures and safeguards and protecting against fraud, spam, and abuse.
o To maintain and improve the Website.
o To operate the Website and provide visitors and/or clients with certain information and communications tailored to, and in accordance with, their preferences.
• Visitors and/or clients have consented to the processing of their Personal Data. When they consent, they may change their mind at any time.
3.2.7 International transfers
IAS servers are located in the U.S. If visitors and/or clients are located outside of the U.S., they should be aware that any information provided to IAS or collected by IAS, including Personal Data, will be transferred from their country of origin to the U.S., as IAS servers are located in the U.S. For Personal Data transferred from IAS subsidiaries located within the EU, U.K., or Switzerland to IAS, note that IAS has executed European commission’s Standard Contractual Clauses to legally transfer such data.
Visitors and/or clients should be aware that the U.S. may not offer the same level of data protection as their country of residence, although IAS collection, storage, and use of their personal data will continue to be governed by this Privacy Policy.
3.2.8 Personal data security
IAS takes the security and privacy of the Personal Data that it collects pursuant to this Privacy Policy very seriously. Accordingly, IAS will implement reasonable and appropriate security measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in processing and the nature of the data, and comply with applicable laws and regulations.
3.2.9 General
3.2.9.1 Retention of Personal Data
IAS will retain Personal Data for as long as it is needed to fulfill the purpose for which it was collected or as required by the law. To determine the appropriate retention period, IAS will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which IAS processes the data and whether IAS can achieve those purposes through other means; and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period IAS will remove personal data from their systems and records or take appropriate steps to properly anonymize it.
3.2.9.2 Children
IAS does not knowingly collect any Personal Data from children under the age of thirteen through its Website. Visitors and/or clients under 16 are instructed to not give IAS any Personal Data. IAS encourages parents and legal guardians to monitor their children’s Internet usage and to help enforce IAS; Privacy Policy by instructing their children never to provide Personal Data to IAS without their permission. If a person has reason to believe that a child under the age of 16 has provided Personal Data to IAS, they should contact IAS at privacy@integralads.com, and IAS will endeavor to delete that Personal Data from its databases.
3.2.9.3. California Privacy Rights
If a visitor and/or client is a California resident, they should review IAS’s California Consumer Privacy Act (“CCPA”) Privacy Notice here, which describes their rights under the CCPA and provides information regarding IAS’s collection, use, and disclosure of “personal information” (as that term is defined in the CCPA).
3.2.9.4 Changes to this Privacy Policy
This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. IAS may change this Privacy Policy from time to time,and will post any changes on its Website as soon as they go into effect. By accessing IAS Website after IAS makes any changes to this Privacy Policy, the visitor and/or client is deemed to have accepted such changes. Visitors and/or clients should refer back to this Privacy Policy on a regular basis.
3.2.9.5 How to Contact Us
If anyone has questions about this Privacy Policy, please contact IAS in one of the following ways:
E-mail IAS at privacy@integralads.com
Or write to IAS at: Integral Ad Science,
Inc. 95 Morton Street,
8th Floor New York, NY 10014
Attn: Global Compliance Officer
If a visitor and/or client is EU resident and wish to escalate their inquiry after contacting IAS’s privacy team, they are welcome to contact IAS Data Protection Officer, Lucid Privacy Group.
E-mail the DPO at dpo@integralads.com
Or write to them at: Lucid Privacy
1556 Shrader Street
San Francisco CA 94117
Attn: Integral Ad Science
4.0. Policy Maintenance
4.1 Authority and Delegation
The IAS Audit Committee (AC) has approved this Policy. The IAS AC hereby delegates to the General Counsel (“Policy Owner”) responsibility for this Policy and its maintenance, including authority to review and approve procedures established in accordance with this Policy.
Any authority granted by the IAS AC and any responsibility they assign to the Policy Owner under this Policy may be delegated at his/her discretion, except as otherwise provided in this Policy.
4.2 Policy Review, Renewal and Approval
Approval: The IAS AC shall review and approve all material revisions to this Policy. The IAS AC approval shall be documented in the meeting minutes of this governing body.
Periodic Renewal: The IAS AC shall renew this Policy periodically, but no less frequently than annually.
Periodic Review: The Global Compliance Officer shall review this Policy on an annual basis to evaluate its effectiveness and accuracy. Any resulting revisions shall be submitted for review and approval as outlined in the Approval section above and documented in the Revision History section of the Appendix. If no revisions are needed, the Global Compliance Officer or assigned delegate shall communicate the outcome of the review to the General Counsel.
Additional Triggers: Certain events, including but not limited to audit findings or changes in business activities, shall trigger unscheduled additional review and revision to this Policy.
4.3 Procedure Review, Renewal and Approval
All related procedures are expected to be in compliance with the spirit and letter of this Policy. The General Counsel has delegated to the Global Compliance Officer to review and approve all material revisions to related procedures. The Global Compliance Officer must review and renew all related procedures no less frequently than annually.
In addition, any related procedures created by functions outside of Information Technology requires approval from the function leader most closely aligned with the procedure subject matter. Only those procedures that reflect material deviations from this Policy must be raised to the attention of the Global Compliance Officer or his/her delegate for review.
5.0 Cross References
5.1 Related Policies
Technical Solutions and Platform Privacy Policy
5.2 Related Standards
None
5.3 Related Procedures
None
5.5 Related Notices
California Consumer Privacy Act (CCPA) Privacy Notice
6.0 Revision History Required
Version | Approval Date | Effective Date | Description of Revisions: |
---|---|---|---|
1.1 | 02/10/2022 | 02/10/2022 | Changes made to reflect compliance with the California Consumer Privacy Act (CCPA), including but not limited to, adding a description and link to the IAS CCPA Consumer Privacy Notice. Removal of references to collection of mobile device identifiers as IAS does not collect such information through its Technology Solutions. |
1.2 | 02/10/2022 | 02/10/2022 | Retired privacy policy and created two separate polices for website and technical platform. Reformatted into IAS policy template format |
7.0 Appendix
None