Integral Ad Science

Privacy Policy

Effective as of May 25, 2018

Integral Ad Science, Inc. and its subsidiaries (“IAS,” “we,” “us,” or “our”) is a global measurement and analytics company that builds verification, optimization, and analytics solutions to empower the advertising industry to invest with confidence and activate consumers everywhere, on every device. This Privacy Policy is provided to you because we know that you care about how your information and personal data (Personal Data) is collected, used, shared, and retained.

IAS is acting as the data controller for the Personal Data collected through our Website, Client Portal, and Technology Solutions (as these terms are defined below).

This Privacy Policy applies to Personal Data collected when you visit our websites (such as www.integralads.com and any other website where this policy is displayed) (collectively, “Website”), or access our client portal at www.integralplatform.com (“Client Portal”).

This Privacy Policy also applies to Personal Data collected through the verification, optimization, and activation technology solutions (“Technology Solutions”) that we provide to our clients through various channels, including our Client Portal, which allow our clients to track marketing performance, to match users to their campaigns, and to understand how users engage with a client’s advertisements, websites, and mobile applications, as the case may be.

I. OUR WEBSITE AND THE CLIENT PORTAL
A. Personal Data We Collect; Purpose of Collection and Use; Legal Basis and Data Retention

Personal Data we may collect from you through our Website, Client Portal, and Technology Solutions.

Contact Personal Data. We collect business contact information from visitors and clients who wish to obtain information or support, or to purchase our Technology Solutions. Contact information is provided via browser forms, online order forms, email, and during events via submission of business cards or physical forms and include first name, last name, business email address, job title, name of the organization, country, business phone number, and organization type.

Use of Contact Personal Data. Personal Data submitted to our websites is used by our marketing, sales, support, and solutions teams to contact you so that we can provide the requested information, support, or Technology Solutions.

Legal Basis and Retention Period. We only collect data for this purpose that you consent to communicate to us. We keep your Personal Data as long as your user account is active and during three years after your last login to your account or after your last contact with us.

Billing Personal Data. We collect billing and payment information from our clients, which may include a purchase order number, and account number, or instructions for wire transfers and/or ACH transfers. When payment is made by credit card, we use third-party credit card processors. The billing and payment Personal Data is used to prepare and send invoices, make and receive payments, and manage client accounts.

Legal Basis and Retention Period. We only collect Billing Personal Data that you consent to communicate to us. We keep your Personal Data as long as your user account is active and during ten years after your last transaction with us for tax and accounting purposes.

B. Additional Uses of Personal Data and Other Information

Additional Uses. We also use Contact Personal Data and other Personal Data collected pursuant to this Privacy Policy to respond to general inquiries, solicit feedback regarding our Technology Solutions, the Client Portal and support, provide relevant content on our Website, and to communicate with you via email regarding our current and future Technology Solutions.

Cookies and other similar tracking tools. Our Website and Client Portal use cookies to collect information about you. To know more about the way we use cookies, please read our cookie policy, http://integralads.com/cookie-policy.

Aggregate Data. In an ongoing effort to better understand our clients and visitors, and how they interoperate with our Website and the Client Portal, we may analyze your information in aggregate form to operate, maintain, manage, and improve our Website, Client Portal, and Technology Solutions. This aggregate information does not identify you personally. We may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe our Technology Solutions, Website, and Client Portal to current and prospective business partners and to other third parties for other lawful purposes.

II. TECHNOLOGY SOLUTIONS
A. Data We Collect; Purpose of Collection and Use; Legal Basis and Data Retention

Data We Collect. Our accredited Technology Solutions serves both advertisers and media sellers by providing independent, third-party verification measurement. By analyzing information about ad impression delivery and website traffic, IAS verifies whether the media has met or failed expectations based on characteristics that include the brand safety of a webpage, the viewability of the ad placement, the existence of ad fraud, as well as additional contextual variables.Measurement is available across both browser and app environments for mobile and desktop devices. IAS collects and surfaces this data to increase trust and transparency for its customers. The data collected can be used by customers to proactively prevent advertising on undesirable and/or low-quality inventory, monitor overall quality performance, and make future media planning decisions. We do not combine the collected data with any other data that would enable us to personally identify the user.

In order to provide Technology Solutions to our clients, we use pixels and other similar technologies (see “Our Tools” below) that places a small piece of HTML code on a webpage to collect information about advertising impression opportunities and displayed ads or website/mobile app traffic. The following categories of Personal Data are collected when these technologies are deployed when providing Technology Solutions to our clients:

  • Browser and computer environmental information. This information is necessary to determine the viewability of an advertisement, which includes information such as the ad’s location in the browser viewport, size of the browser viewport, ad size, size of the display, application in focus, the browser tab in focus, and other data.
  • Standard HTTP header information. This includes IP address, referring URL, user agent data (data transmitted by your browser about itself when submitting an HTTP request) and other data including browser configuration parameters, including browser type and language and session storage and local storage settings, and characteristics of your device such as the CPU class and time zone setting.
  • Information contained within an advertisement. This is known as an “ad tag,” that includes information used to identify the advertiser displaying the ad and the media property that sold the impression.
  • Mobile application and mobile device data. Examples include log-level data, Personal Data about users’ interactions with those applications (including IP address and time-stamp Personal Data), and Personal Data about users’ mobile devices (including device type, device make and model, operating system type and version, mobile identifiers such as Apple IDFA and Android Advertising ID and App Identifier).

For the purpose of identifying and preventing online ad impression fraud and invalid traffic and determining if advertisers and publishers are in compliance with their agreements, our Technology Solutions utilize the following additional technologies (in addition to the data described above):

  • Device identification technology, which analyzes device parameters collected as described above, including IP address and browser header information, to probabilistically identify a particular device.
  • Clickstream data including URLs and other data regarding the websites on which a particular browser has viewed advertising impressions we are analyzing.
  • Clickstream data including mobile application identifier and other data regarding the mobile apps on which a particular user has viewed advertising impressions.
  • Webpage (HTML and Javascript) structure analysis.

Mobile device tracking opt-out. Individual users that opt-out of mobile device tracking limit the Personal Data that is collected about them and/or how it is used. Individual users may opt-out of interest-based and demographic-based advertising using their mobile device settings. Individual users will need to follow the below instructions for Android and iOS applications.

Opt-out process for Android-based mobile devices:

  • Open the Google Settings app on individual users’ device
  • Select Ads
  • Set the “Opt-out of interest-based ads” slider to individual users’ desired position
  • Optionally, Individual users may reset the advertising identifier associated with their device

Opt-out process for iOS-based mobile devices:

  • Open Settings
  • Select Privacy
  • Select Advertising
  • Set the “Limit Ad Tracking” slider to Individual users’ desired position
  • Optionally, Individual users may reset the advertising identifier associated with their device

Please note that opting out through a website (see, “Automatic Data Collection,” and “Other Third Party Services,” above) will not limit the collection of Personal Data on mobile devices, and opting out on Individual users’ mobile device will not limit the collection of Personal Data through Individual users’ computer’s browser. Opting out limits the collection of data but does not eliminate it completely. Some Personal Data will still be collected about Individual users’ use of websites or mobile applications after Individual users limit tracking on that platform.

Cookie-grade data. Our Technology Solutions use pixel tags, SDKs, and cookies to enable campaign performance analytics and optimization services on behalf of our clients. While we collect information about browsers, devices, and how users interact with web and mobile content, the cookies we attempt to set for our Activation services do not contain any directly identifiable Personal Data such as name or email address in the cookie itself. Rather, we use pseudonymous identifiers such as a unique cookie ID for measurements pertaining to ad viewability and user interactions with the ad.

Purpose of Collection and Use. We use the data we collect to deliver our Technology Solutions for any lawful purpose, including:

  • Examining impression data of advertising opportunities, using IAS technology and client profile decisions, to determine if clients’ advertisements should or should not be displayed.
  • Detailing contextual information about advertisements displayed in order to ensure its compliance with terms of our client or partner’s contracts, insertion orders that detail client campaigns, and/or profile decisions that clients make in our systems.
  • Reporting viewability metrics of advertisements that indicate: qualified “Viewed Impressions” according to industry standards and/or clients’ criteria, time in which advertisements are displayed on consumers’ browsers, and properties of creative elements that are displayed on consumers’ browsers.
  • Website and mobile apps visitation characteristics such as visitor quality, fraud identification, invalid traffic detection, and other quality characteristics necessary to determine agreement compliance.
  • Providing enhanced measurement services and insight for our clients through our aggregation of audience demographics (often from partners who independently collect and delivery this data) and brand lift metrics from advertisement impression data.

Our Technology Solutions include the detection and elimination of general invalid and sophisticated invalid traffic, including ad impression fraud, which we define in this policy as the management of ad serving, ad display, or traffic activity such that ad impression measurements are shown inappropriately because the ads cannot be viewed by a user, are not served within operationally viewable parameters or were displayed as a result of fraudulent machine-generated traffic. Our fraud and invalid traffic services are intended to address fraud for advertising measurement purposes.

Additionally, IAS uses advertising impression information, mobile app information, and website traffic information including IP address and browser header information to:

  • Identify traffic sources by their geographic location and determine if the location is correct and located within the advertiser’s campaign parameters or traffic settings
  • Determine if traffic is being acquired is fraudulent, or if traffic acquisition practices that are out of compliance with an advertiser’s guidelines or contractual requirements.
  • Determine if a middleware is attempting to misrepresent its operating characteristics to prevent the identification of fraud or other invalid traffic.
  • Determine if traffic or ad impressions are originating from a server farm unlikely to be responsible for human-generated browsing activity.

IAS leverages AI and Machine Learning in order to automate the process of detecting invalid traffic and fraudulent activity.

Legal Basis and Data Retention

We process pseudonymous Personal Data (notably your IP address) along with non-personal technical information when necessary to do so for fraud and invalid traffic prevention purposes or providing services related to advertising viewability and brand safety as discussed in this policy, when these interests are not overridden by your data protection rights. Where we process your personal data for this purpose, our legitimate interest is to carry out our business in favor of the well-being of all our employees and members.

We minimize our use of Personal Data by, for example, truncating the IP address after 30 days. The resulting string of digits provides us with research value but may no longer represent a unique device or household. We retain our clients reporting data for up to 13 months.

B. Our Tools

Use of Pixel Tags. We may set cookies associated with pixel tags where authorized by clients within their email messages and on their own websites.

Pixels (also sometimes referred to as beacons or web beacons) and tags are elements included in web pages to enable companies to collect data, serve advertising, and provide related services, such as measuring ad effectiveness or preventing fake ad traffic. They do this by allowing communication between a web browser and a server. A beacon is a small transparent image that is placed on a web page. A tag is a small piece of website code that is run by the web browser. Pixel tags are small, invisible images on a web page or other document. Pixel tags allow the operator of the web page or other document, or a third party who serves the pixel tag, to set, read, and modify cookies and to directly collect Personal Data from browsers and devices. Our pixel tags allow cookies to be set, read, and modified when Individual users visit a website, and directly collect the Personal Data described under “Data We Collect.”

Use of Cookies. Our Technology Solutions may set cookies (including with mobile browsers) to enable campaign performance analytics and optimization services on behalf of our clients. We collect and process information about browsers, devices, and how users interact with web and mobile content, through the use of pixel tags and SDKs that enable us to associate unique cookie IDs with a browser. We use cookie and similar tools for measuring ad viewability and user interactions with the ad, as well as other elements of the web page on which the ad is displayed, in many cases, across unaffiliated websites visited by the same user. We or other third party service providers may deploy and read these unique pseudonymous IDs, and thus passively “collect” them, when users go to a website or application where our pixel tags, SDKs, and/or cookies are deployed.

Use of Mobile Device Identifiers and SDKs. We also use, or partner with publishers or publisher-facing and application developer platforms that use mobile SDKs, to collect the types of Personal Data described under “Log-level data,” “Mobile device data,” and “Cookies.” An SDK is a piece of computer code that developers include in their mobile applications. A mobile SDK is in effect the mobile app version of a pixel tag or beacon. The SDK is computer code that app developers can include in their apps to enable ads to be shown, data to be collected, and related services to be implemented. We may use this technology, for instance, to analyze or measure certain advertising through mobile applications and browsers based on Personal Data associated with a mobile device.

Use of Cross-Device and Cross-App Technology. We may work with third parties that provide cross-device and cross-app technology to establish connections among devices (such as mobile devices, tablets, and computers) used by an individual. We may share pseudonymous identifiers (such as cookies, mobile device IDFAs, or Google Advertising IDs) with those third parties to assist in connecting devices. Using these connections, we may combine Personal Data about an individual’s use of websites or applications on his/her current device, with usage Personal Data from his/her other devices. We use this Personal Data to provide Technology Solutions to our clients to enable campaign performance analytics and optimization services on behalf of our clients.

III. PERSONAL DATA SHARED WITH THIRD PARTIES

Onward Transfer to Third Parties. Like many businesses, we hire other companies to perform certain business-related services. We may disclose Personal Data to certain types of third party companies but only to the extent needed to enable them to provide such services. The types of companies that may receive personal Data and their functions are: direct marketing assistance (including disclosure to our distributors for direct marketing of Technology Solutions), billing, client service, data storage, hosting services, disaster recovery services, and credit card processors. All such third parties function as our agents, performing services at our instruction and on our behalf pursuant to contracts which require they provide at least the same level of privacy protection as is required by this Privacy Policy and implemented by IAS. We may also disclose Personal l Data to our affiliates in order to support marketing, sale and delivery of Technology Solutions. You may opt out of having your Personal Data transferred to any or all of our categories of agents by contacting us at privacy@integralads.com.

Please allow us a reasonable time to process your request.

Onward Transfers Between Group Companies. Personal Data may be transferred from our subsidiaries located within the EU to IAS. We have executed European Commission’s data controller to data controller model clauses to legally transfer such data.

Business Transfers. In the event of a merger, dissolution, reorganization or similar corporate event, or the sale of all or substantially all of our assets, we expect that the Personal Data that we have collected, including Personal Data, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal Personal Data as set forth in this privacy policy. This policy shall be binding upon IAS and its legal successors in interest.

Disclosure to Public Authorities.We are required to disclose Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose Personal Data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

IV.TRANSFER OF PERSONAL DATA TO THE UNITED STATES (U.S.).

Our servers are located in the U.S. If you are located outside of the U.S., please be aware that any information provided to us or collected by us, including Personal Data, will be transferred from your country of origin to the U.S. As our servers are located in the U.S., we have a legitimate interest in transferring your Personal Data to the U.S. For Personal Data transferred from our subsidiaries located within the EU to IAS, note that we have executed European commission’s standard contractual clauses to legally transfer such data. Contact Information and billing information are transferred for central management purposes.

Please be aware that the US may not offer the same level of data protection as your country of residence, although our collection, storage and use of your personal data will continue to be governed by this Privacy Policy.

V. YOUR RIGHTS

You have the right to request from us the access to and rectification or erasure of the Personal Data we hold on you or restriction of processing or to object to processing as well as the right to data portability.

Opt-Out for Direct Marketing; Email Management. You may opt out at any time from the use of your Personal Data for direct marketing purposes, and/or the transfer of your Personal Data to third parties for direct marketing purposes, by following the instructions at this link: marketingops@integralads.com. Please allow us a reasonable time to process your request.

You may also manage your receipt of marketing and non-transactional communications by visiting our Online Subscription Management Center or clicking on the “unsubscribe here” link located on the bottom of any IAS marketing email communications and following the instructions found on the page to which the link takes you. You cannot opt out of receiving transactional emails related to your account or purchase orders.

Access to Personal Data. Upon request to privacy@integralads.com, we will provide you with confirmation as to whether we are processing your Personal Data, and have the data communicated to you within a reasonable time. You have the right to correct, amend or delete your Personal Data where it is inaccurate or has been processed in violation of this privacy policy. Please allow us 30 days to respond to your direct inquiries and requests, or those of our clients seeking our assistance.

European residents have the right to lodge a complaint at any time about our processing of your Personal Data with their local data protection authority.

VI. YOUR SECURITY

How We Protect Your Personal Data. IAS takes very seriously the security and privacy of the Personal Data that it collects pursuant to this Privacy Policy. Accordingly, we will implement reasonable and appropriate security measures to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data, and comply with applicable laws and regulations.

VII. GENERAL

Retention of Personal Data. We will retain your Personal Data in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized and in accordance with this privacy policy. We may continue processing your Personal Data for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research, and statistical analysis, and subject to the protection of this Privacy Policy. After such time periods have expired, we may either delete your personal Personal Data or retain it in an anonymous form.

Children. We do not knowingly collect any Personal Data from children under the age of thirteen through our Website, Client Portal, or Technology Solutions. If you are under 16, please do not give us any Personal Data. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data to us without their permission. If you have reason to believe that a child under the age of 16 has provided Personal Data to us, please contact us at privacy@integralads.com, and we will endeavor to delete that Personal Data from our databases.

Links to External Websites. Our Website may contain links to third party websites (“External Sites”). As such, we are not responsible for the privacy policies of those External Sites. You should check the applicable third-party privacy policy and terms of use when visiting any External Sites, and before providing any Personal Data to such External Sites.

IAS commits to resolve complaints about your privacy and our collection or use of your Personal Data. EU individuals with inquiries or complaints regarding this Privacy Policy should first contact Integral Ad Science at privacy@integralads.com.

California Privacy Rights. Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to obtain certain information about the types of personal information that companies with whom they have an established business relationship (and that are not otherwise exempt) have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. If you wish to submit a request pursuant to Section 1798.83, please contact IAS via email at privacy@integralads.com. We do not recognize browser “Do Not Track” signals.

Changes to this Privacy Policy. This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time, and will post any changes on our Website as soon as they go into effect. By accessing our Website after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please refer back to this Privacy Policy on a regular basis.

How to Contact Us. If you have questions about this Privacy Policy, please contact in one of the following ways:

E-mail us at privacy@integralads.com
Call us at +1-646-278-4860
Or write to us at: Integral Ad Science
95 Morton Street
New York, NY 10014
Attn: General Counsel

If you wish to escalate your inquiry after contacting the privacy team, you are welcome to contact our Data Protection Officer, Lucid Privacy Group.

E-mail the DPO at dpo@integralads.com
Or write to them at: Lucid Privacy
1556 Shrader Street
San Francisco CA 94117
Attn: Integral Ad Science