If you want to understand what data we collect with respect to visitors to our corporate website(s), please see http://enginegroup.com/us/privacy/.
- Summary of Data Collection and Use.
- What Does EMX Do and How Do We Use Data on Online Users?
- What Do We Mean by Platform Data?
- Privacy Shield Participation.
- Privacy by Design.
- What is a "Cookie" or "Pixel Tag"?
- Disclosure of Information
- Data Retention
- Your Choices for Limiting the Use and Disclosure of Your Personal Data.
- Your Choices for Limiting the Use and Disclosure of Your Personal Data on Mobile Devices.
- Lawful Basis for Processing Personal Data of European Online Users.
- Safeguarding Information We Collect and Use
- Privacy of Children
- California Data Subjects
- EMX Website.
Summary of Data Collection and Use.
Our Publisher Solutions facilitate the collection of online users’ data to help publishers maximize revenue from available ad space. These solutions help advertisers and their intermediaries find online users they want to advertise to.
One of our Publisher Solutions, BiddRº360, collects no PII or personal data. It is aware that a user is on a publisher page, but no information on that user is collected.
Another of our Publisher Solutions, BiddR Connect, typically collects and passes to advertisers and their intermediaries the following information: browser type, IP address, domain names, operating systems, language preference, platform type, device location, access dates and times, referring website addresses, browsing and search activity, online transactions, randomly-generated unique cookie ID numbers relating to a specific user, and, in some cases, estimated age range and gender.
Our Advertiser Solutions also collect data, such as segment data as well as the data types listed above, through intermediary platforms. Segments are categories of consumers that advertisers use to plan and execute their digital advertising campaigns. An example would be female, 18-24, soccer fan, living in New York.
|Is that PII/ personal data?||We do not collect PII as defined by the Network Advertising Initiative and Digital Advertising Alliance. Some of the data we collect would be considered pseudonymized data in the European Union—for example, where we collect IP addresses and unique cookie IDs. These IP addresses and cookie IDs, and the data we store against those identifiers, will often be pseudonymized data (a kind of personal data regulated by European data protection law). We and our partners in the digital advertising ecosystem use this data to understand the interests and characteristics of users without knowing who the users are—our products don’t collect users’ names and don’t handle information that reveals a users’ "real world identity".|
|Information Collection: Appended Information||
We may receive pseudonymized information about online users from other sources, including publicly available databases or third parties from whom we have purchased data.
Examples of the types of personal information that may be obtained from public sources or third parties include: information about online activity, information about interests, and demographic information. This information is collected by data management platforms such as Lotame and LiveRamp. We use data we purchase from data management platforms to enhance and improve our understanding of a user’s characteristics and interests. We combine the information obtained from public sources and third parties (such as data management platforms) together with information we already have in order to assist our advertiser clients with advertisement targeting.
|How Information is Put to Use||
We use Platform Data (as defined below) in our Publisher Solutions to help our publisher clients monetize their available ad space. We do this by helping publishers find advertisers and intermediaries who want to show advertisements to users. Advertisers use the Publisher Solutions to help them decide whether to pay to show an ad to a user, and, if they want to pay, how much they should pay. That decision takes place through an automated, software-based process called "real-time bidding" where multiple advertisers bid to show their ad. The Publisher Solutions support real-time bidding as well as other ways to buy online advertising space.
We also use Platform Data in our Advertiser Solutions to help advertisers and the agencies who represent them understand the behavior of online users, create online advertising or engagement strategies, and execute ad campaigns. As part of our Advertiser Solutions, we may buy advertising inventory on behalf of advertisers or agencies, or may allow advertisers or agencies to use our technology to buy and show online ads to the right users. The Advertiser Solutions can monitor and report to the advertiser on how at an aggregate level users reacted to the ads.
|Sharing Platform Data||In connection with the provision of our digital advertising services, we may share Platform Data with our advertiser clients, demand-side platforms (DSPs), ad exchanges (who will make the information available to advertisers and their agencies to facilitate decisions about whether to show an online ad to a user), third party service providers (including data centers, hosting providers, anti-fraud vendors, and technology and security providers with whom we have contracted), EMX subsidiaries and affiliates, and our publisher clients (who may operate either websites or apps).|
|User Choices||You can control the collection and use of Platform Data in your browser by adjusting your device settings, or opting out with the Network Advertising Initiative or Digital Advertising Alliance at either https://www.networkadvertising.org/choices/ or https://www.aboutads.info/choices/.|
|Security||We use reasonable and appropriate security measures to protect data and require our service providers, clients and intermediaries with whom we share data to do the same.|
|Retention||We retain Platform Data for no longer than is reasonably necessary for advertising purposes and to deliver our services to our clients. In the case of our Publisher Solutions, we generally do not keep information about users for longer than 60 days. For our Advertiser Solutions, we don’t keep Platform Data longer than 24 months.|
What Does EMX Do and How Do We Use Data on Online Users?
We work with online publishers, advertisers and other intermediaries in the digital advertising sector. We help publishers generate advertising revenue from their websites and apps, and help advertisers find the right audiences online who are most likely to be interested in their products and services. In order to provide our services, EMX obtains data from websites, mobile applications, advertisers, advertising exchanges and other advertising platforms. We sometimes supplement that information with data collected from data brokers. A description of some of the products and services we offer is provided below.Publisher Solutions
BiddR Connect: If a user visits the website of a publisher within our network, our tag on the publisher page calls the EMX platform, allowing EMX to access the user's browser, obtain data on that end user, and store it against a unique ID. The information gathered typically includes the kind of device and browser the user has, the zip code, country and city the user is in, and the internet protocol or IP address of the user’s device (a unique number assigned to a browser by the user's ISP or mobile phone provider). Our software does not collect the user's name or email address, and we take care to ensure that our products do not collect anything that tells us or anyone we work with who you are "in the real world".
BiddRº360: BiddRº360 does not collect any information about the user or their device. BiddRº360 lets other advertising technology software platforms know that advertising space is available and that a user has landed on a page. Those other software platforms (known as DSPs and ad exchanges) are software services which advertisers and their representatives use to find online users they want to advertise to. After BiddRº360 calls them with page information, the DSPs and ad exchanges then access information relating to an online user and that user’s device by communicating with the user's browser. What information the DSPs and ad exchanges collect can vary, depending on choices made by the DSPs, ad exchanges and consents given by the user.
Summary of how other parties in the ecosystem use this data: The process of matching a publisher that wants to sell advertising space with an advertiser that wants to show an ad involves several other companies and platforms which can be referred to as intermediaries.
Other than BiddRº360, our Publisher Solutions take user data and pass it to DSPs and ad exchanges, whose job it is to find advertisers who want to show an online ad to the user. Those platforms, and often the intermediaries and service providers they work with, hold other data relating to the user in order to have an understanding of the user's interests, characteristics (sometimes including age range and gender), and location. This other data held by DSPs and ad exchanges—which we do not hold in our Publisher Solutions—helps DSPs and ad exchanges form a picture of the user without knowing the user’s “real world” identity. This helps advertisers or their intermediaries work out whether they want to show an ad to that user and, if so, how much they are prepared to pay to do that.
Our Advertiser Solutions are specific services we offer to advertisers and their intermediaries (usually DSPs) to help increase the value they get from showing ads online, including video ads. Our Advertiser Solutions help ensure that real human users, rather than bots (software programs which mimic human behavior and are often the cause of advertising fraud), see the ads, and assist in showing ads to the people most likely to be interested in the advertised products.
Segment Data: User segment data is information about a user's interests, preferences or demographic categories. Interest-based advertising involves placing a user into a segment based on information about their online behavior, interests, or characteristics.
For instance, a segment might be women, between ages 25 and 54, interested in fashion, or—for another example—18- to 24-year-old auto-intenders (people assumed to be interested in buying a car). Knowing a user is in one or more of these segments helps advertisers plan and direct their online advertising campaigns.
Sometimes the segment data provided by a Publisher is not enough for the advertiser to make a good decision. Consequently, our Advertiser Solutions combine data provided by a Publisher with data about the user from other sources. The principal source of additional data for our Advertiser Solutions are data management platforms (or DMPs). DMPs we may use are Lotame (www.lotame.com), LiveRamp (www.liveramp.com) or Factual (www.factual.com). These DMPs provide us with demographic data about the user, as well as data about the user’s interests, age group, and location.
EMX uses this information to assess, based on criteria provided by our advertiser clients, whether it should purchase ad space for an advertiser. If the opportunity to show an ad matches the advertiser’s criteria (this assessment is, in part, carried out using information about the user, the duration of the ad, and the publisher's webpage or app), then EMX will try to win the opportunity to serve the ad. After winning an opportunity, EMX will check the ad space to make sure its characteristics match the characteristics sought. After checking the space, EMX will decide whether to purchase the ad inventory and serve an ad.
EMX will analyze how the user interacts with the ad, how long they view it for, where the ad is on the page, and whether the user clicks on the ad. EMX will report this information back to the advertiser or their DSP on an aggregated basis.
EMX supports the NAI Code of Conduct’s obligations regarding the collection and use of health information for interest-based advertising. This health-related information, when collected and/or used for relevant advertising, is non-sensitive and consumers may exercise choice by opting out (please see Section 10 (Your Choices) for more information). For a list of health segments used by EMX, please visit http://emxdigital.com/privacy/health-segments/
What Do We Mean by Platform Data?
Our Publisher Solutions and Advertiser Solutions are designed to use certain types of data that we call Platform Data. The term Platform Data includes data collected by us from users' browsers, data generated through the Publisher Solutions and Advertiser Solutions, as well as data we or our advertiser clients may receive from DMPs.Platform Data – Publisher Solutions: One of our Publisher Solutions, BiddRº360, does not collect PII or personal data (as understood in Europe). Another of our Publisher Solutions, BiddR Connect, typically collects and passes the following information to advertisers and their intermediaries (please note that in the EU this information is only collected and used after receiving user consent):
- browser type;
- IP address;
- App Store ID (iTunes or Google Play);
- device ID;
- URL of the page the user is on;
- operating system and version number used on the user's device;
- device type;
- device location (country, city and zip or postal code);
- referring website addresses;
- randomly-generated unique cookie ID numbers relating to a specific user;
In some cases, age range and gender information is collected and passed. EMX does not collect or maintain PII for marketing purposes as PII is defined by the Network Advertising Initiative (NAI).
Platform Data – Advertiser Solutions: Our Advertiser Solutions collect information on online users passed to us by our supply-side platform partners (SSPs). An SSP generally works with several Publishers. SSPs share certain data about publishers and their available ad spaces with us so that we, on our advertiser client's behalf, are able to evaluate whether to bid on an opportunity to show an ad to a user.EMX uses BidSwitch, a third party, to receive requests to bid from SSPs. When an SSP sends a request to bid to EMX via BidSwitch, the SSP may share certain data with EMX in order to allow EMX to evaluate whether it wants to bid. The following data is often provided by SSPs:
- SSP Cookie ID;
- publisher name;
- EMX Cookie ID;
- type of device;
- browser’s default language;
- geographic location, including country, city, latitude/longitude, zip code, and region;
- IP address with final octet removed;
- user agent;
- browser version;
- operating system version;
- playback method;
- duration of ad;
- referrer URL;
- cookie age;
- player type; and
- user segment data.
For Publisher Solutions and Advertiser Solutions, the information collected about users through a cookie, UID, or pixel tag is not linked to PII, and does not reveal the "real world" identity of the user. No PII is transferred in the EMX cookie, UID or pixel tag. EMX only knows a user by a pseudonymous ID. This means that while we may know some information about the user’s preferences or characteristics, we don't know who the user is.
We use Platform Data to help clients buy and sell advertising space online, as explained above, and for related uses, such as looking for and measuring possible fraud (where publishers create fake online user activity to generate ad revenue), analytics, or measuring the viewability of advertisements for ad serving and billing purposes. We also collect this data to display different content depending on user input, environmental conditions (such as the time of day), or other variables. We may use Platform Data in connection with work we do to check that ads we deliver are displaying correctly.
For EEA Internet Users, the meaning of "Personal Data" under the General Data Protection Regulation ("GDPR"), and how this impacts on Platform Data: "Personal Data" has been defined in the United States as any data relating to a living individual who can be identified directly from that data, or indirectly in conjunction with other information. It can take the form of a name or address. In the EU under the GDPR, this definition extends to unique identifiers, IP addresses and other identifiers which do not, by themselves, tell us who an Internet user is in the "real world".
EMX does not collect "real world" data such as an Internet user's name or email. We take care to ensure that we do not collect anything that tells us or anyone we work with who the internet user is in the real world. The information we have about a user does not identify that user by name, but we can use it to get a picture of the characteristics of that user (for example the kinds of products and services they are interested in, and their age range and gender).
When EMX first sees a user, we assign a random unique identifier to that user which allows us to automatically recognize that user when our technology sees the same unique identifier again. We store Platform Data against this ID. In Europe, this type of pseudonymous data is defined as "Personal Data" under the GDPR. We ensure that this data is held to the minimum extent needed and used in ways which comply with EU data protection requirements.
Privacy Shield Participation.
EMX participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov.
EMX is responsible for the processing of personal data it receives under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. EMX complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, EMX is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Privacy by Design.
At EMX, we follow a Privacy by Design approach. Privacy considerations are taken into account in the way our systems are set up, and we integrate privacy into our strategy and product development. Our internal procedures protect privacy by proactively keeping PII (information from which individuals can directly be identified) out of our systems, and we maintain infrastructure that is effective without the use of PII. We do this in order to protect consumer privacy and provide relevant advertising. Ensuring the protection of privacy throughout the entire lifecycle of the data is of the utmost importance and EMX is careful to protect user’s privacy as data is collected, used, and destroyed or aggregated responsibly.
What is a "Cookie" or "Pixel Tag"?
A cookie is an industry-standard, small data file placed on a consumer's computer. Cookies allow marketers to "remember you" when you return to their websites and platforms. A pixel tag is a small piece of code on a webpage which allows servers to place and read cookies. No PII is transferred in an EMX cookie.
Disclosure of Information.
We disclose information to the following parties:
- Clients (including publishers, supply-side platforms, demand-side platforms, advertisers and ad exchanges);
- we may disclose Platform Data to our advertisers for reporting purposes, and
- we may share aggregated information with other third parties for advertising, marketing and analytical purposes;
- Service Providers (including data centers, hosting providers, and anti-fraud, technology and security providers);
Other third-party service providers used by EMX include: a) cloud computer, data storage and file storage providers, b) email marketing providers, c) website and b2b sales analytics providers, d) customer relationship management, contact database vendors, data hygiene vendors, survey vendors and project management software providers, e) customer billing systems partners, f) login authentication providers to ensure that the logins to our systems are working efficiently, g) social media platforms for advertising and marketing purposes, h) outsourced computer programmers helping ensure our systems are operating properly, i) auditing, debugging and security vendors. These agents work on our behalf and use data only as directed by us, provided that such third party agents provide at least the same level of privacy protection as we do. and
- EMX Affiliates;
Legal Rights, and Compliance with Law
EMX may also need to disclose information:
- If we believe that there has been a violation of the law, of your rights, or of our rights;
- to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements, or in connection with an investigation on matters related to public safety, as permitted by law, or otherwise as required by law, and
- if our company or substantially all of its assets are acquired.
We do not store Platform Data for any longer than we need it. In the case of our Publisher Solutions, we generally do not keep information about users for longer than sixty (60) days. For our Advertiser Solutions, we keep Platform Data about users for up to two years after we collect it.
If you wish to have your information deleted or request that we no longer use your information to provide you services, please email us at dpo_US@emxdigital.com.
Your Choices for Limiting the Use and Disclosure of Your Personal Data
You may decide that you want to opt-out of Interest Based Advertising (“IBA”). You may also wish to use browser settings to modify your preferences. (Please note that while most browsers accept our cookies by default, in certain cases, like Safari, cookies are blocked by default by the browser settings.)
EMX is a member of the Network Advertising Initiative (“NAI”) and adheres to its Codes of Conduct. NAI offers an online opt-out platform to allow customers to limit use of their data and provides general information related to IBA. If you wish to opt out of interest-based advertising in general, click here, or if located in the European Union click here. We also use these opt-out cookies to indicate that a California data subject has opted out from EMX’ sale of their data to third-parties. Please note that EMX does not treat opt-out users differently other than the fact that will continue to receive generic ads instead of ads targeted to their interests.
EMX may place ads on websites that are part of the Google Display Network. Based on your visits to these websites, Google uses an advertising cookie to associate your browser with interest and demographic categories. Google then uses these categories for IBA on these websites. To learn more about this and your choices from Google, please click here.
Your Choices for Limiting the Use and Disclosure of Your Personal Data on Mobile Devices
For mobile websites, you can delete our cookie via the browser settings. For mobile apps, you can typically limit ad tracking within the settings function. On most Android devices, in the “Ads” menu, you can opt out of receiving IBA, or reset your advertising ID. On most Apple iOS devices, you can use the Ad Tracking settings to limit receipt of IBA or reset your device’s Advertising Identifier. Please note that your experience may be different depending on your individual device and service. In addition to using the options above, you may also uninstall the relevant application from your device. If you download a mobile application, it may use advertising to fund its development and maintenance of its software in iOS and Android. In situations involving applications, if you do not want to receive IBA you may need to remove the applications from your device.
Lawful Basis for Processing Personal Data of European Online Users
Data protection law in Europe contains a number of "lawful bases" for processing of data. We have been careful to ensure we have a lawful basis for all of the data we process. Our lawful bases include:
- the user’s consent, previously given to the publisher of the app or website we work with, and passed through to us; and
- a legitimate interest to collect Platform Data which constitutes "personal data" under European law, except where such interests are overridden by a user's privacy rights. Our legitimate interests are the operation of our platform and business and the provision of online advertising services to our clients as required of by our agreements with them. European users have the right to lodge a complaint about our processing of personal data with a European Data Protection Authority—in particular, the Member State of your habitual residence, place of work or the location of the alleged infringement of GDPR. For contact details of your relevant local Data Protection Authority, please look here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
Safeguarding Information We Collect and Us
The security of your information is important to us. We have implemented appropriate security measures to protect the information in our care, both during transmission and once we receive it. We take appropriate physical and technical security measures to protect our data from unauthorized access, as well as unauthorized disclosure.
Privacy of Children.
We are committed to protecting the privacy of children. Neither EMX’s website nor EMX online activities with its advertisers are intended or designed to knowingly attract children under the age of 13.
We respect your control over your information and, upon request, we will confirm whether we hold or are processing information that we have collected from you. You also have the right to amend or update inaccurate or incomplete personal information, request deletion of your personal information, or request that we no longer use it. Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort, but in any event we will respond to your request within a reasonable timeframe and provide you an explanation. In order to make such a request of us, please email us at dpo_US@emxdigital.com, or contact us via mail at the following address: Data Protection Officer, EMX Digital, 261 Madison Avenue, 4th Floor, New York, NY 10016.
California Data Subjects
The California Consumer Privacy Act (CCPA) provides additional privacy protections for California data subjects and users, including: a) the right to see what data we have about you, your computer or device (i.e., the right to know), b) the right to delete the data we have about you, your computer or device (i.e., the right to delete) and c) the right to opt-out of the sale of data about you, your computer or device to certain third parties (i.e., the right to opt-out from sales of your information). As described above, EMX operates a technology platform that helps facilitate the delivery of targeted ads. As such, EMX has sold the categories of personal information described above under the CCPA over the previous 12 months.
You may access those rights with respect to EMX by sending us an email to dpo_US@emxdigital.com or calling us via our toll-free California data subject hotline at 833-457-0281. We will take steps to confirm your request within 10 days and make a good faith attempt to fulfill your request within 45 days. EMX does not discriminate against you if you exercise any of the above rights. Please note that we may not be able to honor one or more of these rights if doing so would violate applicable law.
The CCPA defines personal information broadly and as such, it includes pseudonymous identifiers such as cookie IDs and mobile advertising IDs. Under the CCPA, your request to see the personal information that we have about you may include: (1) specific pieces of personal information that we may have about you; (2) categories of personal information we have collected about you; (3) categories of sources from which the personal information is collected; (4) categories of personal information that we sold or disclosed for a business purpose about you; (5) categories of third parties to whom the personal information was sold or disclosed for a business purpose under the CCPA; and (6) the business or commercial purpose for collecting or selling personal information.
We may take reasonable steps to verify your request. We will fulfill requests we are able to verify so long as we are not prohibited from doing so by applicable law and/or the information is not essential for us for billing, fraud prevention or security purposes. We will share our reason(s) for denying your request in the event that we are unable to fulfill your request.
You may make an access or deletion request via an authorized agent by having such agent follow the process below. Please note that we will request any authorized agent demonstrate that they have been authorized by you to make a request on your behalf. We may require any authorized agents to provide us with contact details such as an email address and phone number so that we may ensure a timely response.
- Information We Collect
EMX may collect information from or about you when you visit the www.emxdigital.com website (the “Site”).
Information you give us: EMX collects information that you choose to provide to us when you complete the Contact us form which asks for your name, work email address, company name and the message that you choose to send us.
Information collected by the Site: When you visit the website www.emxdigital.com, we automatically collect information, where permitted by law, about how you browse through the Site using cookies and other data collection technology. Where we are required to get your consent before gathering this information, we do so.
- Usage Information: We collect information about your activity on the Site, such as date you viewed our page.
- Device Information: We may collect information from and about the computer, tablet or mobile telephone you use to access the Site, including hardware and software information such as IP address, device type, advertising IDs, browser type and language, operating system, time zones, and identifiers associated with cookies that may uniquely identify your browser.
- Third Party Vendors: Third party service providers that assist us with our business operations may collect and use information gained through browser activity on the Site and may share the collected information with us. For example, our service providers collect and share information with us to analyze the performance of the Site and to improve user experience.
- How We Use Information Collected Through Our Site
We use information collected through the Site as follows:
To offer services to you, where applicable
- Respond to your requests, such as when you contact us using our Contact us form
To market our products and services
- We may use information we obtain about your interests to help us ensure that marketing material that we send you is relevant to what you are interested in.
To improve the Site
- Analyze users’ behavior to improve the Site and its content.
- Develop new Site features.
To ensure legal compliance
- Comply with laws applicable to EMX
- How We Share Information Collected Through Our Site
We share information as follows:
- With our service providers
We use third parties to help us operate and improve the Site.
- With other Engine Group businesses
We may share information with an EMX affiliate to assist us in processing the information, data hosting and maintenance, marketing and targeted advertising, better understanding how the Site is used, or improving the Site.
- For corporate transactions
We may transfer information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.
- When required by law
Applicable law may require us or our service providers to disclose information if: (i) reasonably necessary to comply with a legal process, such as a court order, subpoena or search warrant, government investigation or other legal requirements; or (ii) doing so is necessary for the prevention or detection of crime (subject in each case to applicable law).
- To enforce legal rights
We may also share information: (i) if disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity or other wrongdoing.
- With your consent or at your request
We may ask for your consent to share your information with third parties. When we do, we will make it clear why we want to share the information.
- Website Information Generally