Integral Ad Science
Effective as of January 1, 2020
IAS is acting as the data controller for the Personal Data collected through our Website, Client Portal, and Technology Solutions (as these terms are defined below).
If you are a California resident, we direct you to the California Privacy Rights section below, which includes important information concerning the California Consumer Privacy Act (“CCPA”) and IAS’s CCPA Consumer Privacy Notice.
I. OUR WEBSITE AND THE CLIENT PORTAL
A. Personal Data We Collect; Purpose of Collection and Use; Legal Basis and Data Retention
Personal Data we may collect from you through our Website, Client Portal, and Technology Solutions.
Contact Personal Data. We collect business contact information from visitors and clients who wish to obtain information or support, or to purchase our Technology Solutions. Contact information is provided via browser forms, online order forms, email, sweepstakes, and during events via submission of business cards or physical forms and include first name, last name, business email address, job title, name of the organization, country, business phone number, and organization type.
Use of Contact Personal Data. Personal Data submitted to our websites is used by our marketing, sales, support, and solutions teams to contact you so that we can provide the requested information, support, or Technology Solutions.
Legal Basis and Retention Period. We only collect data for this purpose that you consent to communicate to us. We keep your Personal Data as long as your user account is active and during three years after your last login to your account or after your last contact with us.
Billing Personal Data. We collect billing and payment information from our clients, which may include a purchase order number, and account number, or instructions for wire transfers and/or ACH transfers. When payment is made by credit card, we use third-party credit card processors. The billing and payment Personal Data is used to prepare and send invoices, make and receive payments, and manage client accounts.
Legal Basis and Retention Period. We only collect Billing Personal Data that you consent to communicate to us. We keep your Personal Data as long as your user account is active and during ten years after your last transaction with us for tax and accounting purposes.
B. Additional Uses of Personal Data and Other Information
Aggregate Data. In an ongoing effort to better understand our clients and visitors, and how they interoperate with our Website and the Client Portal, we may analyze your information in aggregate form to operate, maintain, manage, and improve our Website, Client Portal, and Technology Solutions. This aggregate information does not identify you personally. We may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe our Technology Solutions, Website, and Client Portal to current and prospective business partners and to other third parties for other lawful purposes.
II. TECHNOLOGY SOLUTIONS
A. Data We Collect; Purpose of Collection and Use; Legal Basis and Data Retention
Data We Collect. Our accredited Technology Solutions serves both advertisers and media sellers by providing independent, third-party verification measurement. By analyzing information about ad impression delivery and website traffic, IAS verifies whether the media has met or failed expectations based on characteristics that include the brand safety of a webpage, the viewability of the ad placement, the existence of ad fraud, as well as additional contextual variables.Measurement is available across both browser and app environments for mobile and desktop devices. IAS collects and surfaces this data to increase trust and transparency for its customers. The data collected can be used by customers to proactively prevent advertising on undesirable and/or low-quality inventory, monitor overall quality performance, and make future media planning decisions. We do not combine the collected data with any other data that would enable us to personally identify the user.
In order to provide Technology Solutions to our clients, we use pixels and other similar technologies (see “Our Tools” below) that places a small piece of HTML code on a webpage to collect information about advertising impression opportunities and displayed ads or website/mobile app traffic. The following categories of Personal Data are collected when these technologies are deployed when providing Technology Solutions to our clients:
- Browser and computer environmental information. This information is necessary to determine the viewability of an advertisement, which includes information such as the ad’s location in the browser viewport, size of the browser viewport, ad size, size of the display, application in focus, the browser tab in focus, and other data.
- Standard HTTP header information. This includes IP address, referring URL, user agent data (data transmitted by your browser about itself when submitting an HTTP request) and other data including browser configuration parameters, including browser type and language and session storage and local storage settings, and characteristics of your device such as the CPU class and time zone setting.
- Information contained within an advertisement. This is known as an “ad tag,” that includes information used to identify the advertiser displaying the ad and the media property that sold the impression.
- Mobile application and mobile device data. Examples include log-level data, Personal Data about users’ interactions with those applications (including IP address and time-stamp Personal Data), and Personal Data about users’ mobile devices (including device type, device make and model, operating system type and version).
For the purpose of identifying and preventing online ad impression fraud and invalid traffic and determining if advertisers and publishers are in compliance with their agreements, our Technology Solutions utilize the following additional technologies (in addition to the data described above):
- Device identification technology, which analyzes device parameters collected as described above, including IP address and browser header information, to probabilistically identify a particular device.
- Clickstream data including URLs and other data regarding the websites on which a particular browser has viewed advertising impressions we are analyzing.
- Clickstream data including mobile application identifier and other data regarding the mobile apps on which a particular user has viewed advertising impressions.
Mobile device tracking opt-out. Individual users that opt-out of mobile device tracking limit the Personal Data that is collected about them and/or how it is used. Individual users may opt-out of interest-based and demographic-based advertising using their mobile device settings. Individual users will need to follow the below instructions for Android and iOS applications.
Opt-out process for Android-based mobile devices:
- Open the Google Settings app on individual users’ device
- Select Ads
- Set the “Opt-out of interest-based ads” slider to individual users’ desired position
- Optionally, Individual users may reset the advertising identifier associated with their device
Opt-out process for iOS-based mobile devices:
- Open Settings
- Select Privacy
- Select Advertising
- Set the “Limit Ad Tracking” slider to Individual users’ desired position
- Optionally, Individual users may reset the advertising identifier associated with their device
Please note that opting out through a website (see, “Automatic Data Collection,” and “Other Third Party Services,” above) will not limit the collection of Personal Data on mobile devices, and opting out on Individual users’ mobile device will not limit the collection of Personal Data through Individual users’ computer’s browser. Opting out limits the collection of data but does not eliminate it completely. Some Personal Data will still be collected about Individual users’ use of websites or mobile applications after Individual users limit tracking on that platform.
Cookie-grade data. Our Technology Solutions use pixel tags, SDKs, and cookies to enable campaign performance analytics and optimization services on behalf of our clients. While we collect information about browsers, devices, and how users interact with web and mobile content, the cookies we attempt to set for our Activation services do not contain any directly identifiable Personal Data such as name or email address in the cookie itself. Rather, we use pseudonymous identifiers such as a unique cookie ID for measurements pertaining to ad viewability and user interactions with the ad.
Purpose of Collection and Use. We use the data we collect to deliver our Technology Solutions for any lawful purpose, including:
- Examining impression data of advertising opportunities, using IAS technology and client profile decisions, to determine if clients’ advertisements should or should not be displayed.
- Detailing contextual information about advertisements displayed in order to ensure its compliance with terms of our client or partner’s contracts, insertion orders that detail client campaigns, and/or profile decisions that clients make in our systems.
- Reporting viewability metrics of advertisements that indicate: qualified “Viewed Impressions” according to industry standards and/or clients’ criteria, time in which advertisements are displayed on consumers’ browsers, and properties of creative elements that are displayed on consumers’ browsers.
- Website and mobile apps visitation characteristics such as visitor quality, fraud identification, invalid traffic detection, and other quality characteristics necessary to determine agreement compliance.
- Providing enhanced measurement services and insight for our clients through our aggregation of audience demographics (often from partners who independently collect and delivery this data) and brand lift metrics from advertisement impression data.
Our Technology Solutions include the detection and elimination of general invalid and sophisticated invalid traffic, including ad impression fraud, which we define in this policy as the management of ad serving, ad display, or traffic activity such that ad impression measurements are shown inappropriately because the ads cannot be viewed by a user, are not served within operationally viewable parameters or were displayed as a result of fraudulent machine-generated traffic. Our fraud and invalid traffic services are intended to address fraud for advertising measurement purposes.
Additionally, IAS uses advertising impression information, mobile app information, and website traffic information including IP address and browser header information to:
- Identify traffic sources by their geographic location and determine if the location is correct and located within the advertiser’s campaign parameters or traffic settings
- Determine if traffic is being acquired is fraudulent, or if traffic acquisition practices that are out of compliance with an advertiser’s guidelines or contractual requirements.
- Determine if a middleware is attempting to misrepresent its operating characteristics to prevent the identification of fraud or other invalid traffic.
- Determine if traffic or ad impressions are originating from a server farm unlikely to be responsible for human-generated browsing activity.
IAS leverages AI and Machine Learning in order to automate the process of detecting invalid traffic and fraudulent activity.
Legal Basis and Data Retention
We process pseudonymous Personal Data (notably your IP address) along with non-personal technical information when necessary to do so for fraud and invalid traffic prevention purposes or providing services related to advertising viewability and brand safety as discussed in this policy, when these interests are not overridden by your data protection rights. Where we process your personal data for this purpose, our legitimate interest is to carry out our business in favor of the well-being of all our employees and members.
We minimize our use of Personal Data by, for example, truncating the IP address after 30 days. The resulting string of digits provides us with research value but may no longer represent a unique device or household. We retain our clients reporting data for up to 13 months.
B. Our Tools
Use of Pixel Tags. We may set cookies associated with pixel tags where authorized by clients within their email messages and on their own websites.
Pixels (also sometimes referred to as beacons or web beacons) and tags are elements included in web pages to enable companies to collect data, serve advertising, and provide related services, such as measuring ad effectiveness or preventing fake ad traffic. They do this by allowing communication between a web browser and a server. A beacon is a small transparent image that is placed on a web page. A tag is a small piece of website code that is run by the web browser. Pixel tags are small, invisible images on a web page or other document. Pixel tags allow the operator of the web page or other document, or a third party who serves the pixel tag, to set, read, and modify cookies and to directly collect Personal Data from browsers and devices. Our pixel tags allow cookies to be set, read, and modified when Individual users visit a website, and directly collect the Personal Data described under “Data We Collect.”
Use of SDKs. We also use, or partner with publishers or publisher-facing and application developer platforms that use mobile SDKs, to collect the types of Personal Data described under “Log-level data,” and “Cookies.” An SDK is a piece of computer code that developers include in their mobile applications. A mobile SDK is in effect the mobile app version of a pixel tag or beacon. The SDK is computer code that app developers can include in their apps to enable ads to be shown, data to be collected, and related services to be implemented. We may use this technology, for instance, to analyze or measure certain advertising through mobile applications and browsers based on Personal Data associated with a mobile device.
Use of Cross-Device and Cross-App Technology. We may work with third parties that provide cross-device and cross-app technology to establish connections among devices (such as mobile devices, tablets, and computers) used by an individual. We may share pseudonymous identifiers (such as cookies or Google Advertising IDs) with those third parties to assist in connecting devices. Using these connections, we may combine Personal Data about an individual’s use of websites or applications on his/her current device, with usage Personal Data from his/her other devices. We use this Personal Data to provide Technology Solutions to our clients to enable campaign performance analytics and optimization services on behalf of our clients.
III. PERSONAL DATA SHARED WITH THIRD PARTIES
Please allow us a reasonable time to process your request.
Onward Transfers Between Group Companies. Personal Data may be transferred from our subsidiaries located within the EU to IAS. We have executed European Commission’s data controller to data controller model clauses to legally transfer such data.
Disclosure to Public Authorities.We are required to disclose Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose Personal Data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
IV. TRANSFER OF PERSONAL DATA TO THE UNITED STATES (U.S.).
Our servers are located in the U.S. If you are located outside of the U.S., please be aware that any information provided to us or collected by us, including Personal Data, will be transferred from your country of origin to the U.S. As our servers are located in the U.S., we have a legitimate interest in transferring your Personal Data to the U.S. For Personal Data transferred from our subsidiaries located within the EU to IAS, note that we have executed European commission’s standard contractual clauses to legally transfer such data. Contact Information and billing information are transferred for central management purposes.
V. YOUR RIGHTS
You have the right to request from us the access to and rectification or erasure of the Personal Data we hold on you or restriction of processing or to object to processing as well as the right to data portability.
Opt-Out for Direct Marketing; Email Management. You may opt out at any time from the use of your Personal Data for direct marketing purposes, and/or the transfer of your Personal Data to third parties for direct marketing purposes, by emailing firstname.lastname@example.org. Please allow us a reasonable time to process your request.
You may also manage your receipt of marketing and non-transactional communications by visiting our Online Subscription Management Center or clicking on the “unsubscribe here” link located on the bottom of any IAS marketing email communications and following the instructions found on the page to which the link takes you. You cannot opt out of receiving transactional emails related to your account or purchase orders.
European residents have the right to lodge a complaint at any time about our processing of your Personal Data with their local data protection authority.
VI. YOUR SECURITY
California Privacy Rights. If you are a California resident, please review IAS’s California Consumer Privacy Act (“CCPA”) Privacy Notice here, which describes your rights under the CCPA and provides information regarding IAS’ collection, use and disclosure of “personal information” (as that term is defined in the CCPA). Under California’s Shine the Light law, pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to obtain certain information about the types of personal information that companies with whom they have an established business relationship (and that are not otherwise exempt) have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. If you wish to submit a request pursuant to Section 1798.83, please contact IAS via email at email@example.com. Any such request must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email address or mail address. We do not recognize browser “Do Not Track” signals.
E-mail us at firstname.lastname@example.org
Or write to us at: Integral Ad Science, Inc.
95 Morton Street, 8th Floor
New York, NY 10014
Attn: Global Compliance Officer
If you are an EU resident and wish to escalate your inquiry after contacting the privacy team, you are welcome to contact our Data Protection Officer, Lucid Privacy Group.
E-mail the DPO at email@example.com
Or write to them at: Lucid Privacy
1556 Shrader Street
San Francisco CA 94117
Attn: Integral Ad Science
Description of changes:
Changes made to reflect compliance with the California Consumer Privacy Act (CCPA), including but not limited to, adding a description and link to the IAS CCPA Consumer Privacy Notice.
Removal of references to collection of mobile device identifiers as IAS does not collect such information through its Technology Solutions.