Technology Policy

This privacy policy outlines what information we collect, how we secure it, and how we use it in relation to the service illumin provides to its customers via our advertising technology platform.

Effective date: December 19, 2022

Who we are

illumin (“we” “our”) is a leading advertising company that provides a technology platform (the “Platform”) for marketers, offering a powerful and holistic solution for digital advertising across all ad formats and devices to amplify reach and Share of Attention™ throughout the customer journey. illumin has developed a proprietary technology platform that enables marketers and agencies to effectively target consumers with digital advertising. Most of the internet is offered to users free of charge. Web publishers are able to offer valuable content for free because they are supported by advertising. illumin aims to create a better digital experience for web users by allowing advertisers to present relevant advertising content, rather than advertising that is unrelated to users’ interests. Advertisers also benefit because targeted advertising is more effective and better received.

We offer this privacy policy (the “Policy”) because we take your privacy seriously. This Policy outlines our privacy practices with respect to the illumin Platform. If you want to understand illumin’s privacy practices with respect to our corporate website and information we collect from our customers, please visit our Corporate Privacy Policy here.

We are members of the Network Advertising Initiative (NAI) and adhere to its Codes of Conduct, as well as the Digital Advertising Alliance (DAA) and the Digital Advertising Alliance of Canada’s (DAAC) Self-Regulatory Principles for Online Behavioral Advertising. We continuously improve our privacy safeguards in order to help protect information about your browsing activities.

Overview of the types of data collected by illumin’s platform

Personal Data

The definitions of personal data vary depending on the laws where you are located. For example, in the European Union (EU), Canada and in certain U.S. states such as California, personal data is defined more broadly than in other places and would include both identifiable personal data (“PII”) (e.g., email addresses and phone numbers) and Pseudonymous Identifiers (defined below). Some places use the term “personal data” while other places use the term “personal information”. illumin will explain the different types of personal data and personal information below, and will try to be clear when we’re describing our use of each throughout this Policy. illumin does not knowingly place PII on our advertising Platform, but we do process Pseudonymous Identifiers via the Platform.

Pseudonymous identifiers

illumin collects or otherwise processes Pseudonymous Identifiers via the Platform. Pseudonymous Identifiers help our Platform recognize a particular browser or device, but do not enable us to know your identity as a natural person. This information helps us collect and make use of other personal data to better understand your interests and preferences. The pseudonymous identifiers processed via the Platform include Google Advertising ID, Apple Identifier for Advertisers, illumin ID and IP address.

Privacy practices for our technology platform

The illumin Platform processes data collected across non-affiliated websites and mobile applications pursuant to serving advertisements on behalf of our Clients who are generally businesses seeking to market a product or service. We obtain this information from website and mobile application publishers, connected television devices, advertising exchanges, supply side platforms and other companies which help illumin place bids on ad slots on behalf of our advertisers. We obtain information using one or more of the following tracking techniques or technologies, which are all widely used across the Internet:

Cookies

A cookie is a small data file stored on your device. In the context of our Platform the illumin cookie often contains a Pseudonymous Identifier that is assigned to your browser the first time it is seen by our Platform. On subsequent interactions with our Platform, we use this Pseudonymous Identifier to, among other things, recognize what advertisements your browser has interacted with previously. Our cookies are not used to identify you personally, cannot be used to install malware, viruses or any other harmful software and they cannot access any confidential data on your computer. For more information about cookies in general, please visit http://www.allaboutcookies.org/.

Pixels

Pixels (also known as web beacons) are tiny images embedded in a web page that allow our Platform to infer that you’ve seen on that web page. They also allow us to create, update and read our own cookies.

Advertising IDs

An Advertising ID (device identification) is another Pseudonymous Identifier associated with a smartphone or similar handheld device. Advertising IDs are accessible by mobile application publishers and can be passed to illumin with an ad request. These Advertising IDs do not enable illumin to identify individuals, but rather can be used to help us run advertising campaigns. They can be used to limit the number of times a specific advertisement is presented to the same device, and to track a device to show that the device interacted with an ad (i.e. “clicked” on it, watched a video ad, or downloaded an application as a result of an advertisement).

The information we collect via the platform

Using the technologies described above, we collect and use Pseudonymous Identifiers. Pseudonymous Identifiers do not allow us to identify you personally. Their primary use for illumin is to help us managing our Client’s advertising campaigns, serve users more relevant ads, count the number of ads served and to understand how you and other Internet users interact with ads. This information is collected when you visit the website or mobile application where one of our ads are served. The Platform collects information about your browser type, operating system, device, and the unique identifier assigned to your device. Demographic data such as age range, income level or gender may be collected. In addition, we collect information about your web browsing and app usage, such as the date and time you visited one of our partner’s websites or apps, pages of such websites or apps that you visit, the names or types of mobile apps that you visit, and other data such as page visits, ads shown, ads clicked and conversions over multiple non-affiliated websites and mobile apps for the purpose of creating interest segments to tailor advertising and content is sometimes referred to as “Interest Based Advertising” or “IBA.” We engage in IBA via the Platform. Where we are able to infer within a reasonable probability that a particular computer or device belongs to the same user or household as another computer or device, we may link those computers and/or devices with each other. Where we are able to make such inferences, we may use this information to deliver targeted ads across multiple computers or devices. This is sometimes referred to as cross-device advertising, and we generally don’t conduct cross-device advertising on computers or devices located in the EU. We also use other targeting techniques such as leveraging data received by Clients once it is rendered pseudonymous via a privacy-safe third-party service provider. Some of the transfers of Pseudonymous Identifiers and other pseudonymous information from The Platform over the past 12 months may be considered a sale under applicable law, and we provide a mechanism that enables you to opt-out from such sales, profiling or interest-based activities engaged in by our Platform and pursuant to our Client’s advertising campaigns.

We do not use the Platform to collect PII such as your name, postal address, phone number, or email address. And we don’t collect sensitive information such as social security number or credit card number via the Platform. The data we collect is primarily used to understand your online activity and consequentially provide you with relevant advertisements based on the websites you’ve visited, mobile applications you’ve used and similar data provided by our Clients and third-party data partners.

The information we collect is used to deliver personalized advertisements and to measure the effectiveness of the ads.

illumin may also collect data that can be used by our Clients and partners and receive certain data from Clients and partners. This data may include whether or not you have visited our Client’s website and/or mobile app, or if you have used a website and/or app that our Client advertises on. The data collected is used to build a consumer profile. We use the data in our algorithm to better understand your interactions online and to pair the right advertisements with the right consumers. With this information we can deliver you more personalized advertisements.

Potentially sensitive information pertaining to children & health conditions

illumin does not intentionally or knowingly collect information from children under 16 years of age, and does not tailor any segments to children under 16 years of age.

We do not collect any information regarding specific health conditions that we consider sensitive. For a full list of illumin’s proprietary health-related segments, click here. illumin may utilize health-related targeting data segments provided by third party data companies, but don’t consider any of those segments to be sensitive. We don’t currently use such third party data when serving ads to EU data subjects.

Data retention

illumin retains the web log data for a maximum of 180 days, although we generally don’t retain this data for EU data subjects for more than a few days. After 180 days, we aggregate the log data so that it does not identify any individual device and retain the aggregate data for up to three years. Our cookies are set to expire before one year; this expiration date updates every time you encounter our server.

Security

illumin takes reasonable measures to help protect the information we collect from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. This includes but is not limited to the use of firewalls and encryption. No method of transmission over the Internet or method of electronic storage is 100% secure; therefore, while the company strives to use commercially acceptable means to protect your information, it cannot guarantee absolute security.

Choice mechanism: objecting to processing, profiling, opting out, Do Not Sell My Information

Many internet users enjoy receiving relevant advertisements. Our algorithm reads your online data and aims to deliver you the most relevant advertising content available. This results in you only seeing ads that match your inferred interests. Without targeted advertising, marketers do not know your consumer preferences and will likely deliver you ads that you are uninterested in.

It is also important to consider that the websites you use receive substantial payments from marketers to present interest based ads. These increased revenues can improve website content and pass on a reciprocal benefit to you, as the user. Without these revenue websites are more likely to deliver lesser value content. illumin has evaluated the benefits of the targeted ads served by our platform against the potential risks to data protection rights and concluded that it is in our legitimate interest to process data via the Platform.

Browser-based choice mechanisms

If you prefer not to receive targeted advertising from illumin, you can object to our processing of browser data by the Platform by clicking here, by visiting the NAI website here, by going to the DAA website here or the DAAC website here. Data subjects may opt-out of profiling by the Platform as well as the sale or sharing of their personal information where required under applicable law by clicking the above links. If you opt-out, illumin will set a cookie on your browser that tells illumin not to tailor ads to your interests – including any profiling, sale, sharing, IBA and cross-device ads. Opting out does not mean you will not be served an ad by illumin, but the ads we serve will be less relevant to your interests. Please note that the opt-out cookie only applies to the computer and browser where it is set. Also, if you delete the opt-out cookie (such as by clearing all cookies on your browser), you will need to renew your opt-out choice. EU data subjects receive additional rights as described below. Also, where we receive a request to opt-out of profiling or sale/sharing of personal information from a publisher or SSP, we will treat that user has having opted-out of our systems.

To better understand the process of behavioural advertising, please visit:

Mobile choice mechanism

Opting out on a mobile device:

If you are using a mobile device and would like to opt-out of interest-based advertising then please follow this link for instructions on how to opt out across multiple mobile operating systems such as iOS and Android. Please note that the opt-out process is different for each mobile operating system.

If you reject processing via one of these methods, one of the mobile operating systems will set a cookie on your browser that tells illumin not to tailor ads to your interests – including IBA ads and cross-device ads. Opting out does not mean you will not be served an ad by illumin. Rather, if we do serve you an ad once you’ve opted-out, the ads we serve will be less relevant to your interests. EU data subjects receive additional rights as described below.

Internet connected TV choice mechanism

If you are using a connected TV and related devices please visit this link for information on how users can activate privacy features in many common TV and OTT environments.

Disclosure, onward transfer

We contract with a select group of third-party processors and service providers such as networking and storage providers to allow them to carry out their services for us. Other third-party service providers used by illumin include: a) outsourced computer programmers helping ensure our systems are operating properly; b) email marketing providers, c) website and b2b sales analytics providers, d) customer relationship management, contact database vendors, data hygiene vendors, survey vendors and project management software providers, e) customer billing systems partners, f) login authentication providers to ensure that the logins to our systems are working efficiently, g) social media platforms for advertising and marketing purposes, h) auditing, debugging and security vendors. Those processors and service providers are contractually obligated to process data only as instructed by illumin.

Please take note of the following exceptional situations: illumin may be required to disclose information to third parties when obligated to do so by law and in order to investigate, prevent, or take action regarding suspected, or actual prohibited activities, including transfer reasonably intended to meet national security or law enforcement requirements, or when we believe in good faith that disclosure is necessary to protect our rights, including but not limited to fraud and situations involving potential threats to the physical safety of any person. In the event that illumin sells, merges or transfers all or part of its business, we may transfer visitor information to a third party as part of that transaction.

Do Not Track

A number of industry groups are attempting to develop a Do Not Track (DNT) standard. Currently, the standards regarding the DNT signals and appropriate responses are not consistently defined. Where we can ascertain that a browser being used by data subject has enacted DNT, and that data subject is located in a place where adherence to DNT or similar signals is required, we treat that data subject’s browser or device as having opted out from illumin’s sale of their personal information.

Accessing, changing, removing information

We adhere to applicable laws when it comes to honoring data subject rights such as access, deletion and correction with respect to the Platform. If you’re located in the EU, UK, Switzerland or certain U.S. States, scroll down to see any the data subject access rights which are available to you with respect to the illumin Platform.

U.S. data subjects

Certain U.S. states (e.g., California, Virginia, Nevada, Colorado and Connecticut) provide additional privacy protections for their data subjects under applicable law, including: a) the right to see what data we have about you, (i.e., the right to know), b) the right to delete the data we have about you, (i.e., the right to delete), c) the right to correct the data we have about you, and; d) the right to opt-out of the sale of data about you (i.e., the right to opt-out from sales of your information). Most of these rights are also applicable to the Pseudonymous Identifiers and other personal data collected about your computer or device by the Platform. We do not discriminate against you if you exercise any of the above rights. Moreover, we may not be able to honor a right if doing so would violate applicable law.

You may access those rights with respect to illumin by sending us an email to privacy@illumin.com, by calling our California privacy help line at 1-866-6Acuity, or by visiting our data subject access page here. If you make a subject access request as set out in this policy, you are entitled to see and delete the personal information that we have about you. We will confirm your request within 10 days and make a good faith attempt to fulfill your request within 45 days unless applicable law provides that we do so more quickly.

European Union, Swiss and UK data subjects

The General Data Privacy Regulation (“GDPR”) affords additional rights to EU data subjects. Switzerland and the United Kingdom have similar data protection laws in place which grant similar rights. When this policy references EU data subjects, we also mean to include data subjects located in all of the EEA as well as Switzerland and the UK. Those rights include the right to complain to Supervisory Authorities and the right to access, correct, opt-out, and delete certain personal data processed by illumin. In certain circumstances, a consent is required (e.g., prior to the placement of a cookie by our Platform).

As described above, with respect to EU data subjects, personal data includes Pseudonymous Identifiers such as an IP address, a mobile advertising ID or a cookie ID. Where illumin is a controller of data (e.g. via our Platform), the legal basis will be both legitimate interest and consent in accordance with Article 6 of the GDPR and depending on the type of information subject to processing and the information we receive from upstream partners. Where we rely upon legitimate interest, we have assessed the processing is not high risk and will not violate fundamental human rights. We process personal data of Clients and partners for the performance of our contracts with them in accordance with Article 6 of the GDPR.

Where illumin receives from an EU data subject a request to cease processing of data via one of the choice mechanisms listed above, illumin will stop all data processing with respect to the opted out browser or device unless such processing is required by law.

If you believe illumin is processing one of your Pseudonymous Identifiers and wish to exercise your right to access, delete, port or remove such information, please click here to visit our EU data subject access request page.

For all requests concerning the security of your data, please contact our data protection officer at privacy@illumin.com.

If you have a particularly sensitive request, you may want to consider contacting our data protection officer by postal mail, as communication by e-mail can always be flawed by security vulnerabilities.

Revisions

illumin reserves the right to revise its policies and practices periodically. If you would like to keep up to date, please visit this page to find out about any changes. We will post any updates as well as their effective dates on this webpage.

Contacting us

If you have any questions about our privacy policy, please contact us:

Simon Cairns, CEO
illumin Inc.
www.illumin.com
70 University Ave, Suite 1200
Toronto, ON, Canada
M5J 2M4
(416) 218-9888

privacy@illumin.com

The illumin data protection officer is Alan Chapell and he may be reached at dpo@illumin.com.

The illumin EU Representative is Josep Tribo and he may be reached at representative@illumin.com.