Technology Policy

Effective date: April 2, 2020

This privacy policy outlines what information we collect, how we secure it, and how we use it in relation to the service AcuityAds provides to its customers via our advertising technology platform.

Who we are

AcuityAds (“AcuityAds” “we” “our”) is a leading advertising company that provides a technology platform (the “Platform”) for marketers, offering a powerful and holistic solution for digital advertising across all ad formats and devices to amplify reach and Share of Attention™ throughout the customer journey. AcuityAds has developed a proprietary technology platform that enables marketers and agencies to effectively target consumers with digital advertising. Most of the internet is offered to users free of charge. Web publishers are able to offer valuable content for free because they are supported by advertising. AcuityAds aims to create a better digital experience for web users by allowing advertisers to present relevant advertising content, rather than advertising that is unrelated to users’ interests. Advertisers also benefit because targeted advertising is more effective and better received.

We offer this privacy policy (the “Policy”) because we take your privacy seriously. This Policy outlines our privacy practices with respect to the Acuity Platform. If you want to understand AcuityAds’ privacy practices with respect to our corporate website and information we collect from our customers, please visit our Corporate Privacy Policy here.

We are members of the Network Advertising Initiative (NAI) and adhere to its Codes of Conduct, as well as the Digital Advertising Alliance (DAA) and the Digital Advertising Alliance of Canada’s (DAAC) Self-Regulatory Principles for Online Behavioral Advertising. We continuously improve our privacy safeguards in order to help protect information about your browsing activities.

Overview of the types of data collected by AcuityAds’ platform

Personal Data

The definitions of personal data vary depending on the laws where you are located. For example, in the European Union (EU), Canada and the U.S. State of California, personal data is defined more broadly than in other places and would include both PII (e.g., email addresses and phone numbers) and Pseudonymous Identifiers (defined below). In California, it is sometimes referred to as personal information. AcuityAds will explain the different types of personal data and personal information below, and will try to be clear when we’re describing our use of each throughout this Policy. Acuity does not knowingly place PII on our advertising Platform, but we do process Pseudonymous Information via the Platform.

Pseudonymous identifiers

AcuityAds also collects pseudonymous identifiers. Pseudonymous Identifiers help our Platform recognize a particular browser or device, but it doesn’t enable us to know your identity as a natural person. This information helps us collect and make use of other personal data to better understand your interests and preferences. The pseudonymous identifiers include Google Advertising ID, Apple Identifier for Advertisers, Acuity ID and IP address.

Privacy practices for our technology platform

The Acuity Platform processes data collected across non-affiliated websites and mobile applications pursuant to serving advertisements on behalf of our Clients who are generally businesses seeking to market a product or service. We obtain this information from website and mobile application publishers, connected television devices, advertising exchanges, supply side platforms and other companies which help AcuityAds place bids on ad slots on behalf of our advertisers. We obtain information using one or more of the following tracking techniques or technologies, which are all widely used across the Internet:

Cookies

A cookie is a small data file stored on your device. In the context of our Platform the AcuityAds cookie often contains a Pseudonymous Identifier that is assigned to your browser the first time it is seen by our Platform. On subsequent interactions with our Platform, we use this Pseudonymous Identifier to, among other things, recognize what advertisements your browser has interacted with previously. Our cookies are not used to identify you personally, cannot be used to install malware, viruses or any other harmful software and they cannot access any confidential data on your computer. For more information about cookies in general, please visit http://www.allaboutcookies.org/.

Pixels

Pixels (also known as web beacons) are tiny images embedded in a web page that allow our Platform to infer that you’ve seen on that web page. They also allow us to create, update and read our own cookies.

Advertising IDs

An Advertising ID (device identification) is another Pseudonymous Identifier associated with a smartphone or similar handheld device. Advertising IDs are accessible by mobile application publishers and can be passed to AcuityAds with an ad request. These Advertising IDs do not enable AcuityAds to identify individuals, but rather can be used to help us run advertising campaigns. They can be used to limit the number of times a specific advertisement is presented to the same device, and to track a device to show that the device interacted with an ad (i.e. “clicked” on it, watched a video ad, or downloaded an application as a result of an advertisement).

The information we collect via the platform

Using the technologies described above, we collect and use Pseudonymous Identifiers. Pseudonymous Identifiers are considered personal data in some places like the EU and Canada but they do not allow us to identify you personally. Their primary use for AcuityAds is to help us serve users more relevant ads, count the number of ads served and to understand how you and other Internet users interact with ads. This information is collected when you visit the website or mobile application where one of our ads are served. The Platform collects information about your browser type, operating system, device, and the unique identifier assigned to your device. Demographic data such as age range, income level or gender may be collected. In addition, we collect information about your web browsing and app usage, such as the date and time you visited one of our partner’s websites or apps, pages of such websites or apps that you visit, the names or types of mobile apps that you visit, and other data such as page visits, ads shown, ads clicked and conversions over multiple non-affiliated websites and mobile apps for the purpose of creating interest segments to tailor advertising and content is sometimes referred to as “Interest Based Advertising” or “IBA.” We engage in IBA via the Platform. Where we are able to infer within a reasonable probability that a particular computer or device belongs to the same user or household as another computer or device, we may link those computers and/or devices with each other. Where we are able to make such inferences, we may use this information to deliver targeted ads across multiple computers or devices. This is sometimes referred to as cross-device advertising, and we generally don’t conduct cross-device advertising on computers or devices located in the EU. We also use other targeting techniques such as leveraging data received by Clients once it is rendered pseudonymous via a privacy-safe third-party service provider. Some of the transfers of Pseudonymous Identifiers and other pseudonymous information from The Platform over the past 12 months may be considered a sale under California law.

We do not use the Platform to collect PII such as your name, postal address, phone number, or email address. And we don’t collect sensitive information such as social security number or credit card number via the Platform. The data we collect is primarily used to understand your online activity and consequentially provide you with relevant advertisements based on the websites you’ve visited, mobile applications you’ve used and similar data provided by our Clients and third-party data partners.

The information we collect is used to deliver personalized advertisements and to measure the effectiveness of the ads.

AcuityAds may also collect data that can be used by our Clients and partners and receive certain data from Clients and partners. This data may include whether or not you have visited our Client’s website and/or mobile app, or if you have used a website and/or app that our Client advertises on. The data collected is used to build a consumer profile. We use the data in our algorithm to better understand your interactions online and to pair the right advertisements with the right consumers. With this information we can deliver you more personalized advertisements.

Potentially sensitive information pertaining to children & health conditions

AcuityAds does not intentionally or knowingly collect information from children under 16 years of age, and does not tailor any segments to children under 16 years of age.

We do not collect any information regarding specific health conditions that we consider sensitive. For a full list of AcuityAds’ proprietary health-related segments, click here. AcuityAds may also utilize health-related targeting data segments provided by third party data companies, but don’t consider any of those segments to be sensitive. We don’t currently use such third party data when serving ads to EU data subjects.

Data rentention

AcuityAds retains the web log data for a maximum of 180 days, although we generally don’t retain this data for EU data subjects for more than a few days. After 180 days, we aggregate the log data so that it does not identify any individual device and retain the aggregate data for up to three years. Our cookies are set to expire before one year; this expiration date updates every time you encounter our server.

Security

AcuityAds takes reasonable measures to help protect the information we collect from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. This includes but is not limited to the use of firewalls and encryption. No method of transmission over the Internet or method of electronic storage is 100% secure; therefore, while the company strives to use commercially acceptable means to protect your information, it cannot guarantee absolute security.

Choice mechanism: objecting to processing, opting out

Many Internet users enjoy receiving relevant advertisements. Our algorithm reads your online data and aims to deliver you the most relevant advertising content available. This results in you only seeing ads that match your inferred interests. Without targeted advertising, marketers do not know your consumer preferences and will likely deliver you ads that you are uninterested in.

It is also important to consider that the websites you use receive substantial payments from marketers to present interest based ads. These increased revenues can improve website content and pass on a reciprocal benefit to you, as the user. Without these revenue websites are more likely to deliver lesser value content. AcuityAds has evaluated the benefits of the targeted ads served by our platform against the potential risks to data protection rights and concluded that it is in our legitimate interest to process data via the Platform.

Browser-based choice mechanisms

If you prefer not to receive targeted advertising from AcuityAds, you can object to our processing of browser data by the Platform by clicking here, by visiting the NAI website here, by going to the DAA website here, the DAAC website here, or the EDAA website here. California data subjects may opt-out of the “sale” of their personal information by clicking the above links. Also, where we receive a request to opt-out of your sale of personal information from a publisher, or SSP we will apply that opt-out request as well. If you opt-out from that processing, AcuityAds will set a cookie on your browser that tells AcuityAds not to tailor ads to your interests – including IBA and cross-device ads. Opting out does not mean you will not be served an ad by AcuityAds, but the ads we serve will be less relevant to your interests. Please note that the opt-out cookie only applies to the computer and browser where it is set. Also, if you delete the opt-out cookie (such as by clearing all cookies on your browser), you will need to renew your opt-out choice. EU data subjects receive additional rights as described below.

To better understand the process of behavioral advertising, please visit:
Network Advertising Initiative (“NAI”) – www.networkadvertising.org
Digital Advertising Alliance (“DAA”) – www.aboutads.info
Digital Advertising Alliance of Canada (“DAAC”) – www.youradchoices.ca
European Digital Advertising Alliance (“EDAA”) – https://www.youronlinechoices.eu/

Mobile choice mechanism

Opting out on a mobile device:
If you are using a mobile device and would like to opt-out of interest-based advertising then please follow this link for instructions on how to opt out across multiple mobile operating systems such as iOS and Android. Please note that the opt-out process is different for each mobile operating system.

If you reject processing via one of these methods, one of the mobile operating systems will set a cookie on your browser that tells AcuityAds not to tailor ads to your interests – including IBA ads and cross-device ads. Opting out does not mean you will not be served an ad by AcuityAds, but the ads we serve will be less relevant to your interests. EU data subjects receive additional rights as described below.

Disclosure, onward transfer

We contract with a select group of third-party processors and service providers such as networking and storage providers to allow them to carry out their services for us. Other third-party service providers used by Acuity include: a) outsourced computer programmers helping ensure our systems are operating properly; b) email marketing providers, c) website and b2b sales analytics providers, d) customer relationship management, contact database vendors, data hygiene vendors, survey vendors and project management software providers, e) customer billing systems partners, f) login authentication providers to ensure that the logins to our systems are working efficiently, g) social media platforms for advertising and marketing purposes, h) auditing, debugging and security vendors. Those processors and service providers are contractually obligated to process data only as instructed by AcuityAds.

Please take note of the following exceptional situations: AcuityAds may be required to disclose information to third parties when obligated to do so by law and in order to investigate, prevent, or take action regarding suspected, or actual prohibited activities, including transfer reasonably intended to meet national security or law enforcement requirements, or when we believe in good faith that disclosure is necessary to protect our rights, including but not limited to fraud and situations involving potential threats to the physical safety of any person. In the event that AcuityAds sells, merges or transfers all or part of its business, we may transfer visitor information to a third party as part of that transaction.

Do Not Track

A number of industry groups are attempting to develop a Do Not Track (DNT) standard. Currently, the standards regarding the DNT signals and appropriate responses are not consistently defined. Where we can ascertain that a browser being used by a California data subject has enacted DNT, we treat that user as having opted out from AcuityAds’ sale of their personal information.

Accessing, changing, removing information

If you’re located in the EU or California, scroll down to see any the data subject access rights which are available to you with respect to the Acuity Platform.

California data subjects

Effective January 1, 2020, the California Consumer Privacy Act (CCPA) provides additional privacy protections for California data subjects and users, including: a) the right to see what data we have about you, your computer or device (i.e., the right to know), b) the right to delete the data we have about you, your computer or device (i.e., the right to delete) and c) the right to opt-out of the sale of data about you, your computer or device to certain third parties (i.e., the right to opt-out from sales of your information). We do not discriminate against you if you exercise any of the above rights. Moreover, we may not be able to honor a right if doing so would violate applicable law.

The CCPA defines personal information broadly and as such, it includes pseudonymous identifiers such as cookie IDs and mobile advertising IDs. You may access those rights with respect to AcuityAds by sending us an email to privacy@acuityads.com, by calling our California privacy help line at 1-866-6Acuity, or by visiting our data subject access page here. As a California data subject, if you make a subject access request as set out in this policy, you are entitled to see and delete the personal information that we have about you. We will confirm your request within 10 days and make a good faith attempt to fulfill your request within 45 days.

European Union data subjects

The General Data Privacy Regulation (“GDPR”) affords additional rights to EU data subjects. Those rights include the right to complain to EU Supervisory Authorities and the right to access, correct and delete certain personal data processed by AcuityAds.

As described above, with respect to EU data subjects, personal data includes Pseudonymous Identifiers such as an IP address, a mobile advertising ID or a cookie ID. Where AcuityAds is a controller of data (e.g. via our Platform), the legal basis will be both legitimate interest and consent in accordance with Article 6 of the GDPR and depending on the type of information subject to processing and the information we receive from upstream partners. Where we rely upon legitimate interest, we have assessed the processing is not high risk and will not violate fundamental human rights. We process personal data of clients and partners for the performance of our contracts with them in accordance with Article 6 of the GDPR.

Where AcuityAds receives from an EU data subject a request to cease processing of data via one of the choice mechanisms listed above, AcuityAds will stop all data processing with respect to the opted out browser or device unless such processing is required by law.

If you believe AcuityAds is processing one of your Pseudonymous Identifiers and wish to exercise your right to access, delete, port or remove such information, please click here to visit our EU data subject access request page.

For all requests concerning the security of your data, please contact our data protection officer at privacy@acuityads.com.

If you have a particularly sensitive request, please contact our data protection officer by postal mail, as communication by e-mail can always be flawed by security vulnerabilities.

Revisions

AcuityAds reserves the right to revise its policies and practices periodically. If you would like to keep up to date, please visit this page to find out about any changes. We will post any updates as well as their effective dates on this webpage.

Contacting us

If you have any questions about our privacy policy, please contact us:

Tal Hayek, CEO

AcuityAds INC.
www.illumin.com
70 University Ave, Suite 1200
Toronto, ON, Canada
M5J 2M4
(416) 218-9888
privacy@acuityads.com