Effective Date: December 19, 2022
Who we are
illumin (“illumin” “we” “our”) is a leading advertising company that provides a technology platform (the “Platform”) for marketers, offering a powerful and holistic solution for digital advertising across all ad formats and devices to amplify reach and Share of Attention™ throughout the customer journey. illumin has developed a proprietary technology platform that enables marketers and agencies to effectively target consumers with digital advertising. Most of the internet is offered to users free of charge. Web publishers are able to offer valuable content for free because they are supported by advertising. illumin aims to create a better digital experience for web users by allowing advertisers to present relevant advertising content, rather than advertising that is unrelated to users’ interests. Advertisers also benefit because targeted advertising is more effective and better received.
We offer this privacy policy (the “Policy”) because we take your privacy seriously. This Policy outlines our privacy practices with respect to our corporate website at https://www.illumin.com/ (the “Website”) as well as the types of information we collect from our current and prospective advertising clients (our “Clients”). If you want to understand illumin’s privacy practices with respect to our Advertising Platform, please visit our Technology Privacy Policy.
We are members of the Network Advertising Initiative (NAI) and adhere to its Codes of Conduct, as well as the Digital Advertising Alliance (DAA) and the Digital Advertising Alliance of Canada’s (DAAC) Self-Regulatory Principles for Online Behavioral Advertising.
Overview of the types of data collected by illumin
Personal data
The definitions of personal data vary depending on the laws where you are located. For example, in the European Union (EU), Canada and in certain U.S. states such as California, personal data is defined more broadly than in other places and would include both identifiable personal data (“PII”) (e.g., email addresses and phone numbers) and Pseudonymous Identifiers (defined below). Some places use the term “personal data” while other places use the term “personal information.” illumin will explain the different types of personal data and personal information below, and will try to be clear when we’re describing our use of each throughout this Policy.
Personally identifiable information
illumin collects personal identifiable information (“PII”) when you choose to provide it to us. PII is any information that specifically identifies or locates a particular person or entity. We receive and store any PII you provide to us. The types of PII collected may include your name, postal address, telephone number, and email address. For example, you may choose to send PII about yourself in an email, by completing an online form on our Website, or by signing up for our service or e-newsletter. You may also provide us with PII as a Client in order to setup an account with us, to login to access reports or to facilitate billing. illumin uses this information for our reasonable business purposes, including to contact you to respond to your inquiry, to provide the service requested or to maintain your account with us.
Pseudonymous identifiers
illumin also collects pseudonymous identifiers on the Website. Pseudonymous Identifiers help our Website recognize a particular browser or device, but it doesn’t enable us to know your identity as a natural person. This information helps us collect and make use of other personal data to help the Website function and to allow us to conduct analytics to better understand who is utilizing the Website without needed to know their real world identity.
Privacy practices for our website
illumin collects PII from our Website when you choose to provide it to us. For example, you may choose to send PII about yourself in an email, or by completing a form on the Website. illumin uses this information only to contact you to respond to your inquiry. Once collected, illumin will store your PII for a reasonable time for record keeping purposes.
illumin also collects Pseudonymous Identifiers from visitors to this Website such as a cookie ID and IP address. We also collect information about the pages viewed on the Website, your browser type, Internet Service Provider, domain name, the time/date of your visit to this Website, the referring URL and your computer’s operating system.
Moreover, we enable third-parties operating on our Websites to place pixels that collect Pseudonymous Identifiers and similar data from visitors to our Website and which may be deemed a sale of personal information in California and other places. This data includes pseudonymous IDs, IP addresses and similar information and is used for marketing and advertising purposes. We provide a notice of these practices when you first visit our Website and provide the appropriate choice mechanism as required by law. Some of these third-party partners collect data on this Website to target ads on other websites – a process sometimes called interest-based advertising. To understand more about interest based advertising and the choices available to you, please visit https://aboutads.info/.
illumin and our third-party partners also use cookies or similar technologies to analyze trends, administer the Website, and track users’ movements around the website. Users can control the use of cookies at the individual browser level. For more information about cookies, please visit http://www.allaboutcookies.org/cookies/.
Data retention
illumin retains the web log data collected via the Website for a maximum of 180 days, although we generally don’t retain this data for EU data subjects for more than a few days. After 180 days, we aggregate the log data so that it does not identify any individual device and retain the aggregate data for up to three years. Our cookies are set to expire before one year; this expiration date updates every time you encounter our server.
Security
illumin takes reasonable measures to help protect the information we collect from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. This includes but is not limited to the use of firewalls and encryption. No method of transmission over the Internet or method of electronic storage is 100% secure; therefore, while the company strives to use commercially acceptable means to protect your information, it cannot guarantee absolute security.
Choice mechanism: objecting to processing, opting out
Browser-based choice mechanisms
We may target ads on other websites when you visit this Website. If you prefer not to receive targeted advertising from illumin, you may opt-out via one of the links below.
- Network Advertising Initiative (“NAI”) – www.networkadvertising.org
- Digital Advertising Alliance (“DAA”) – www.aboutads.info
- Digital Advertising Alliance of Canada (“DAAC”) – www.youradchoices.ca
- European Digital Advertising Alliance (“EDAA”) – www.youronlinechoices.eu
Disclosure, onward transfer
We contract with a select group of third-party processors and service providers such as networking and storage providers to allow them to carry out their services for us. Other third-party service providers used by illumin include: a) outsourced computer programmers helping ensure our systems are operating properly; b) email marketing providers, c) website and b2b sales analytics providers, d) customer relationship management, contact database vendors, data hygiene vendors, survey vendors and project management software providers, e) customer billing systems partners, f) login authentication providers to ensure that the logins to our systems are working efficiently, g) social media platforms for advertising and marketing purposes, h) auditing, debugging and security vendors. Those processors and service providers are contractually obligated to process data only as instructed by illumin.
Please take note of the following exceptional situations: illumin may be required to disclose information to third parties when obligated to do so by law and in order to investigate, prevent, or take action regarding suspected, or actual prohibited activities, including transfer reasonably intended to meet national security or law enforcement requirements, or when we believe in good faith that disclosure is necessary to protect our rights, including but not limited to fraud and situations involving potential threats to the physical safety of any person. In the event that illumin sells, merges or transfers all or part of its business, we may transfer visitor information to a third party as part of that transaction.
Do not track
A number of industry groups are attempting to develop a Do Not Track (DNT) standard. Currently, the standards regarding the DNT signals and appropriate responses are not consistently defined. Where we can ascertain that a browser being used by data subject has enacted DNT, and that data subject is located in a place where adherence to DNT or similar signals is required, we treat that data subject’s browser or device as having opted out from illumin’s sale of their personal information.
Accessing, changing, removing information
If you believe we have PII about you (e.g. because you’re a current or former Client, or you provided PII to receive illumin’s e-newsletters) and you would like to change, suppress or otherwise limit our use of that PII, you may contact us by sending an email containing your request to privacy@illumin.com. For your protection, we will only implement such requests with respect to the PII associated with the particular email address that you use to send us your request, and we may need to verify your identity and/or obtain more information from you before implementing your request. If you’re located in the EU or California, scroll down to see any additional rights you may have.
U.S. data subjects
Certain U.S. states (e.g., California, Virginia, Colorado and Connecticut) provide additional privacy protections for their data subjects under applicable law, including: a) the right to see what data we have about you, (i.e., the right to know), b) the right to delete the data we have about you, (i.e., the right to delete), c) the right to correct the data we have about you, and; d) the right to opt-out of the sale of data about you (i.e., the right to opt-out from sales of your information). Most of these rights are also applicable to the Pseudonymous Identifiers and other personal data collected about your computer or device by the Platform. We do not discriminate against you if you exercise any of the above rights. Moreover, we may not be able to honor a right if doing so would violate applicable law.
You may access those rights with respect to illumin by sending us an email to privacy@illumin.com, by calling our California privacy help line at 1-866-6Acuity, or by visiting our data subject access page here. If you make a subject access request as set out in this policy, you are entitled to see and delete the personal information that we have about you. We will confirm your request within 10 days and make a good faith attempt to fulfill your request within 45 days unless applicable law provides that we do so more quickly.
European Union, Swiss and UK data subjects
The General Data Privacy Regulation (“GDPR”) affords additional rights to EU data subjects. Switzerland and the United Kingdom have similar data protection laws in place which grant similar rights. When this policy references EU data subjects, we also mean to include data subjects located in all of the EEA as well as Switzerland and the UK. Those rights include the right to complain to Supervisory Authorities and the right to access, correct, opt-out, and delete certain personal data processed by illumin.
As described above, with respect to EU data subjects, personal data includes Pseudonymous Identifiers such as an IP address, a mobile advertising ID or a cookie ID. Where illumin is processing data from our Clients, we are typically doing so in order to honor or facilitate the contractual relationship between illumin and that Client. Where we are collecting data via the Website, the legal basis will be both legitimate interest and consent in accordance with Article 6 of the GDPR and depending on the type of information subject to processing. Where we rely upon legitimate interest, we have assessed the processing is not high risk and will not violate fundamental human rights. We process personal data of clients and partners for the performance of our contracts with them in accordance with Article 6 of the GDPR.
Where illumin receives from an EU data subject a request to cease processing of data via one of the choice mechanisms listed above, illumin will stop all data processing with respect to the opted-out browser or device unless such processing is required by law.
If you believe illumin is processing one of your Pseudonymous Identifiers and wish to exercise your right to access, delete, port or remove such information, please click here to visit our EU data subject access request page.
For all requests concerning the security of your data, please contact our data protection officer at privacy@illumin.com.
If you have a particularly sensitive request, you may want to consider contacting our data protection officer by postal mail, as communication by e-mail can always be flawed by security vulnerabilities.
Revisions
illumin reserves the right to revise its policies and practices periodically. If you would like to keep up to date, please visit this page to find out about any changes. We will post any updates as well as their effective dates on this webpage.
Contacting us
If you have any questions about our privacy policy, please contact us:
Simon Cairns, CEO
illumin
https://www.illumin.com
70 University Ave, Suite 1200
Toronto, ON, Canada
M5J 2M4
(416) 218-9888
The illumin Data Protection Officer is Alan Chapell and he may be reached at dpo@illumin.com.
The illumin EU Representative is Josep Tribo and he may be reached at representative@illumin.com.