Privacy Policy

Welcome! At EMX Digital, LLC (“EMX”), privacy is very important to the success of our organization and we take the protection of user information seriously.

This privacy policy (“Privacy Policy”) tells you about the range of digital advertising services we provide to our clients and the software platform we use to deliver them.  Broadly, these services help our advertiser clients buy advertising space and show video ads to the right audience. They also help our online publisher clients generate revenue by selling advertising space on their websites and apps.  This policy describes the data we collect; describes how we use and share that data; and covers the information we collect or receive through our digital advertising software technologies, including BiddRº360 and BiddR Connect (together our "Publisher Solutions") and our advertiser and agency platform and services ("Advertiser Solutions").

If you want to understand what data we collect with respect to visitors to our corporate website(s), please see http://enginegroup.com/us/privacy/.

We aim to be transparent about how we deal with data so that online users can understand what we do and can exercise control over how we deal with data about them.  If you have questions, you can contact our Data Protection Officer at dpo_US@emxdigital.com, and we’ll be happy to help.

CONTENTS
  1. Summary of Data Collection and Use.
  2. What Does EMX Do and How Do We Use Data on Online Users?
  3. What Do We Mean by Platform Data?
  4. Scope of Privacy Policy.
  5. Privacy Shield Participation.
  6. Privacy by Design.
  7. What is a "Cookie" or "Pixel Tag"?
  8. Disclosure of Information.
  9. Data Retention.
  10. Your Choices.
  11. Mobile Device Choices.
  12. Lawful Basis for Processing Personal Data of European online users.
  13. Safeguarding Information We Collect and Use.
  14. Privacy of Children.
  15. Changes to This Privacy Policy and How to Contact Us.
 
  1. Summary of Data Collection and Use.
While we encourage you to read the entire privacy policy, the following summary provides some key information relating to our privacy disclosures and practices.

Data collected Our Publisher Solutions facilitate the collection of online users’ data to help publishers maximize revenue from available ad space. These solutions help advertisers and their intermediaries find online users they want to advertise to.

One of our Publisher Solutions, BiddRº360, collects no PII or personal data. It is aware that a user is on a publisher page, but no information on that user is collected.

Another of our Publisher Solutions, BiddR Connect, typically collects and passes to advertisers and their intermediaries the following information: browser type, IP address, domain names, operating systems, language preference, platform type, device location, access dates and times, referring website addresses, browsing and search activity, online transactions, randomly-generated unique cookie ID numbers relating to a specific user, and, in some cases, estimated age range and gender.

Our Advertiser Solutions also collect data, such as segment data as well as the data types listed above, through intermediary platforms. Segments are categories of consumers that advertisers use to plan and execute their digital advertising campaigns.  An example would be female, 18-24, soccer fan, living in New York.

Is that PII/ personal data? We do not collect PII as defined by the Network Advertising Alliance and Digital Advertising Alliance. Some of the data we collect would be considered pseudonymized data in the European Union—for example, where we collect IP addresses and unique cookie IDs. These IP addresses and cookie IDs, and the data we store against those identifiers, will often be pseudonymized data (a kind of personal data regulated by European data protection law).  We and our partners in the digital advertising ecosystem use this data to understand the interests and characteristics of users without knowing who the users are—we never obtain users’ names and are never able to find out users’ "real world identity".

Information Collection: Appended Information We may receive pseudonymized information about online users from other sources, including publicly available databases or third parties from whom we have purchased data.

Examples of the types of personal information that may be obtained from public sources or third parties include: information about online activity, information about interests, and demographic information. This information is collected by data management platforms such as Lotame and LiveRamp. We use data we purchase from data management platforms to enhance and improve our understanding of a user’s characteristics and interests. We combine the information obtained from public sources and third parties (such as data management platforms) together with information we already have in order to assist our advertiser clients with advertisement targeting.

How Information is Put to Use We use Platform Data (as defined below) in our Publisher Solutions to help our publisher clients monetize their available ad space. We do this by helping publishers find advertisers and intermediaries who want to show advertisements to users. Advertisers use the Publisher Solutions to help them decide whether to pay to show an ad to a user, and, if they want to pay, how much they should pay.  That decision takes place through an automated, software-based process called "real-time bidding" where multiple advertisers bid to show their ad.  The Publisher Solutions support real-time bidding as well as other ways to buy online advertising space.

We also use Platform Data in our Advertiser Solutions to help advertisers and the agencies who represent them understand the behavior of online users, create online advertising or engagement strategies, and execute ad campaigns. As part of our Advertiser Solutions, we may buy advertising inventory on behalf of advertisers or agencies, or may allow advertisers or agencies to use our technology to buy and show online ads to the right users. The Advertiser Solutions can monitor and report to the advertiser on how at an aggregate level users reacted to the ads.

Sharing Platform Data In connection with the provision of our digital advertising services, we may share Platform Data with our advertiser clients, demand-side platforms (DSPs), ad exchanges (who will make the information available to advertisers and their agencies to facilitate decisions about whether to show an online ad to a user), third party service providers (including data centers, hosting providers, anti-fraud vendors, and technology and security providers with whom we have contracted), EMX subsidiaries and affiliates, and our publisher clients (who may operate either websites or apps).

User Choices You can control the collection and use of Platform Data in your browser by adjusting your device settings, or opting out with the Network Advertising Initiative or Digital Advertising Alliance at either https://www.networkadvertising.org/choices/ or https://www.aboutads.info/choices/.

Security We use reasonable and appropriate security measures to protect data and require our service providers, clients and intermediaries with whom we share data to do the same.

Retention We retain Platform Data for no longer than is reasonably necessary for advertising purposes and to deliver our services to our clients.  In the case of our Publisher Solutions, we generally do not keep information about users for longer than 60 days. For our Advertiser Solutions, we don’t keep Platform Data longer than 24 months.

Changes From time to time we may change this Privacy Policy by posting a revised Privacy Policy on this site along with the date this Privacy Policy was last updated.

Contact Us If you have any questions about this Privacy Policy please email us at dpo_US@emxdigital.com, or contact us via mail at the following address: Data Protection Officer, EMX Digital, 229 West 43rd Street, 8th Floor, New York, NY 10036.

 
  1. What Does EMX Do and How Do We Use Data on Online Users?
We work with online publishers, advertisers and other intermediaries in the digital advertising sector.  We help publishers generate advertising revenue from their websites and apps, and help advertisers find the right audiences online who are most likely to be interested in their products and services. A description of some of the products and services we offer is provided below.

Publisher Solutions

BiddR Connect: If a user visits the website of a publisher within our network, our tag on the publisher page calls the EMX platform, allowing EMX to access the user's browser, obtain data on that end user, and store it against a unique ID.  The information gathered typically includes the kind of device and browser the user has, the zip code, country and city the user is in, and the internet protocol or IP address of the user’s device (a unique number assigned to a browser by the user's ISP or mobile phone provider).  Our software does not collect the user's name or email address, and we take care to ensure that we do not collect anything that tells us or anyone we work with who you are "in the real world".

BiddRº360: BiddRº360 does not collect any information about the user or their device. BiddRº360 lets other software platforms know that advertising space is available and that a user has landed on a page. Those other software platforms (known as DSPs and ad exchanges) are software services which advertisers and their representatives use to find online users they want to advertise to. After BiddRº360 calls them with page information, the DSPs and ad exchanges then access information relating to an online user and that user’s device by communicating with the user's browser.  What information the DSPs and ad exchanges collect can vary, depending on choices made by the DSPs, ad exchanges and consents given by the user.

Summary of how other parties in the ecosystem use this data: The process of matching a publisher that wants to sell advertising space with an advertiser that wants to show an ad involves several other companies and platforms which can be referred to as intermediaries.

Other than BiddRº360, our Publisher Solutions take user data and pass it to DSPs and ad exchanges, whose job it is to find advertisers who want to show an online ad to the user.  Those platforms, and often the intermediaries and service providers they work with, hold other data relating to the user in order to have an understanding of the user's interests, characteristics (sometimes including age range and gender), and location.  This other data held by DSPs and ad exchanges—which we do not hold in our Publisher Solutions—helps DSPs and ad exchanges form a picture of the user without knowing the user’s “real world” identity. This helps advertisers or their intermediaries work out whether they want to show an ad to that user and, if so, how much they are prepared to pay to do that.

Advertiser Solutions

Our Advertiser Solutions are specific services we offer to advertisers and their intermediaries (usually DSPs) to help increase the value they get from showing ads online, including video ads. Our Advertiser Solutions help ensure that real human users, rather than bots (software programs which mimic human behavior), see the ads, and assist in showing ads to the people most likely to be interested in the advertised products.

Segment Data: User segment data is information about a user's interests, preferences or demographic categories.  Interest-based advertising involves placing a user into a segment based on information about their online behavior, interests, or characteristics.

For instance, a segment might be women, between ages 25 and 54, interested in fashion, or—for another example—18- to 24-year-old auto-intenders (people assumed to be interested in buying a car).  Knowing a user is in one or more of these segments helps advertisers plan and direct their online advertising campaigns.

Sometimes the segment data provided by a Publisher is not enough for the advertiser to make a good decision.  Consequently, our Advertiser Solutions combine data provided by a Publisher with data about the user from other sources. The principal source of additional data for our Advertiser Solutions are data management platforms (or DMPs). DMPs we may use are Lotame (www.lotame.com) or LiveRamp (www.liveramp.com).  These DMPs provide us with demographic data about the user, as well as data about the user’s interests, age group, and location.

EMX uses this information to assess, based on criteria provided by our advertiser clients, whether it should purchase ad space for an advertiser.  If the opportunity to show an ad matches the advertiser’s criteria (this assessment is, in part, carried out using information about the user, the duration of the ad, and the publisher's webpage or app), then EMX will try to win the opportunity to serve the ad.  After winning an opportunity, EMX will check the ad space to make sure its characteristics match the characteristics sought. After checking the space, EMX will decide whether to purchase the ad inventory and serve an ad.

EMX will analyze how the user interacts with the ad, how long they view it for, where the ad is on the page, and whether the user clicks on the ad.  EMX  will report this information back to the advertiser or their DSP on an aggregated basis.

  1. What Do We Mean by Platform Data?
Our Publisher Solutions and Advertiser Solutions are designed to use certain types of data that we call Platform Data. The term Platform Data includes data collected by us from users' browsers, data generated through the Publisher Solutions and Advertiser Solutions, as well as data we or our advertiser clients may receive from DMPs. Platform Data – Publisher Solutions: One of our Publisher Solutions, BiddRº360, does not collect PII or personal data (as understood in Europe). Another of our Publisher Solutions, BiddR Connect, typically collects and passes the following information to advertisers and their intermediaries (please note that in the EU this information is only collected and used after receiving user consent):

  • browser type;
  • IP address;
  • App Store ID (iTunes or Google Play);
  • device ID;
  • URL of the page the user is on;
  • operating system and version number used on the user's device;
  • device type;
  • device location (country, city and zip or postal code);
  • referring website addresses;
  • randomly-generated unique cookie ID numbers relating to a specific user;

  • In some cases, age range and gender information is collected and passed. EMX does not collect or maintain PII for marketing purposes as PII is defined by the Network Advertising Initiative (NAI).

    Platform Data – Advertiser Solutions: Our Advertiser Solutions collect information on online users passed to us by our supply-side platform partners (SSPs). An SSP generally works with several Publishers. SSPs share certain data about publishers and their available ad spaces with us so that we, on our advertiser client's behalf, are able to evaluate whether to bid on an opportunity to show an ad to a user.

    EMX uses BidSwitch, a third party, to receive requests to bid from SSPs. When an SSP sends a request to bid to EMX via BidSwitch, the SSP may share certain data with EMX in order to allow EMX to evaluate whether it wants to bid. The following data is often provided by SSPs:

  • SSP Cookie ID;
  • publisher name;
  • EMX Cookie ID;
  • type of device;
  • browser’s default language;
  • geographic location, including country, city, latitude/longitude, zip code, and region;
  • IP address with final octet removed;
  • user agent;
  • browser version;
  • operating system version;
  • playback method;
  • duration of ad;
  • referrer URL;
  • cookie age;
  • player type; and
  • user segment data.


  • For Publisher Solutions and Advertiser Solutions, the information collected about users through a cookie, UID, or pixel tag is not linked to PII, so we cannot determine the "real world" identity of the user. No PII is transferred in the EMX cookie, UID or pixel tag. EMX only knows a user by a pseudonymous ID. This means that while we may know some information about the user’s preferences or characteristics, we don't know who the user is.

    We use Platform Data to help clients buy and sell advertising space online, as explained above, and for related uses, such as looking for and measuring possible fraud (where publishers create fake online user activity to generate ad revenue), analytics, or measuring the viewability of advertisements for ad serving and billing purposes.  We also collect this data to display different content depending on user input, environmental conditions (such as the time of day), or other variables. We may use Platform Data in connection with work we do to check that ads we deliver are displaying correctly.

    For EEA Internet Users, the meaning of "Personal Data" under the General Data Protection Regulation ("GDPR"), and how this impacts on Platform Data: "Personal Data" has been defined in the United States as any data relating to a living individual who can be identified directly from that data, or indirectly in conjunction with other information. It can take the form of a name or address.  In the EU under the GDPR, this definition extends to unique identifiers, IP addresses and other identifiers which cannot tell us who an Internet user is in the "real world".

    EMX does not collect "real world" data and cannot see an Internet user's name or email. We take care to ensure that we do not collect anything that tells us or anyone we work with who the internet user is in the real world. We cannot use the information we have about a user to identify that user by name, but we can use it to get a picture of the characteristics of that user (for example the kinds of products and services they are interested in, and their age range and gender).

    When EMX first sees a user, we assign a random unique identifier to that user which allows us to automatically recognize that user when our technology sees the same unique identifier again. We store Platform Data against this ID. In Europe, this type of pseudonymous data is defined as "Personal Data" under the GDPR. We ensure that this data is held to the minimum extent needed and used in ways which comply with EU data protection requirements.

    1. Scope of Privacy Policy.
    This Privacy Policy applies only to EMX. It does not apply to the privacy practices of any of our advertisers, publishers, service providers, or other platforms involved in digital advertising. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

    1. Privacy Shield Participation.
    EMX participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.  We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles.  To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov.

    EMX is responsible for the processing of personal data it receives under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf.  EMX complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

    With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, EMX is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.  In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

    Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

    1. Privacy by Design.
    At EMX, we follow a Privacy by Design approach. Privacy considerations are taken into account in the way our systems are set up, and we integrate privacy into our strategy and product development. Our internal procedures protect privacy by proactively keeping PII (information from which individuals can directly be identified) out of our systems, and we maintain infrastructure that is effective without the use of PII.  We do this in order to protect consumer privacy and provide relevant advertising. Ensuring the protection of privacy throughout the entire lifecycle of the data is of the utmost importance and EMX is careful to protect user’s privacy as data is collected, used, and destroyed or aggregated responsibly.

    1. What is a "Cookie" or "Pixel Tag"?
    A cookie is an industry-standard, small data file placed on a consumer's computer. Cookies allow marketers to "remember you" when you return to their websites and platforms. A pixel tag is a small piece of code on a webpage which allows servers to place and read cookies.  No PII relating to a user's "real world" identity is transferred in an EMX cookie.

    1. Disclosure of Information.
    We disclose information to the following parties:
  • Clients (including publishers, supply-side platforms, demand-side platforms, advertisers and ad exchanges);
  • we may disclose Platform Data to our advertisers for reporting purposes, and
  • we may share aggregated information with other third parties for advertising, marketing and analytical purposes;

  • Service Providers (including data centers, hosting providers, and anti-fraud, technology and security providers); and
  • EMX Affiliates;
  • we share information with other companies in the EMX group of companies to use for any of the purposes described in this Privacy Policy.

  • Legal Rights, and Compliance with Law
    EMX may also need to disclose information:
  • If we believe that there has been a violation of the law, of your rights, or of our rights;
  • to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements, or in connection with an investigation on matters related to public safety, as permitted by law, or otherwise as required by law, and
  • if our company or substantially all of its assets are acquired.
  •  
    1. Data Retention.
    We do not store Platform Data for any longer than we need it.
    In the case of our Publisher Solutions, we generally do not keep information about users for longer than sixty (60) days. For our Advertiser Solutions, we keep Platform Data about users for up to two years after we collect it.

    If you wish to have your information deleted or request that we no longer use your information to provide you services, please email us at dpo_US@emxdigital.com.

    1. Your Choices.
    We hope that after reading through this Privacy Policy you will agree that EMX is collecting and using data responsibly. You may decide that you want to opt-out of Interest Based Advertising (“IBA”). You may also wish to use browser settings to modify your preferences.  (Please note that while most browsers accept our cookies by default, in certain cases, like Safari, our cookies are blocked by default by the browser settings.)

    EMX is a member of the Network Advertising Initiative (“NAI”) and adheres to its Codes of Conduct. You can learn more about the NAI by visiting www.networkadvertising.org. NAI offers an online opt-out platform to allow customers to express their choices and provides general information related to Interest Based Advertising.  If you wish to opt out of interest-based advertising in general, click here, or if located in the European Union click here. Please note you will continue to receive generic ads.

    EMX may place ads on websites that are part of the Google Display Network. Based on your visits to these websites, Google uses an advertising cookie (from DoubleClick) to associate your browser with interest and demographic categories. Google then uses these categories for IBA on these websites. To learn more about this and your choices from Google, please click here.

    Some web browsers may also give you the ability to enable a “do not track” setting. This setting sends a special signal to the websites you encounter while web browsing. This “do not track” signal is different from disabling certain forms of tracking by declining cookies in your browser settings, as browsers with the “do not track” setting enabled still have the ability to accept cookies. EMX and most advertising exchanges and networks do not respond to web browser “do not track” signals at this time. If we do so in the future, we will describe how we do so in this Privacy Statement. For more information about “do not track,” visit www.allaboutdnt.org.  You may control the collection and use of Platform Data in your browser by uninstalling or electing not to install an app, or through the Digital Advertising Alliance and Network Advertising Initiative choice pages.

    1. Mobile Device Choices.
    For mobile websites, you can delete our cookie via the browser settings. For mobile apps, you can typically limit ad tracking within the settings function. On most Android devices, in the “Ads” menu, you can opt out of receiving IBA, or reset your advertising ID. On most Apple iOS devices, you can use the Ad Tracking settings to limit receipt of IBA or reset your device’s Advertising Identifier. Please note that your experience may be different depending on your individual device and service. In addition to using the options above, you may also uninstall the relevant application from your device.  If you download a mobile application, it may use advertising to fund its development and maintenance of its software in iOS and Android.  In situations involving applications, if you do not want to receive IBA you may need to remove the applications from your device.

    1. Lawful Basis for Processing Personal Data of European online users
    Data protection law in Europe contains a number of "lawful bases" for processing of data. We have been careful to ensure we have a lawful basis for all of the data we process.  Our lawful bases include:
  • the user’s consent, previously given to the publisher of the app or website we work with, and passed through to us; and
  • a legitimate interest to collect Platform Data which constitutes "personal data" under European law, except where such interests are overridden by a user's privacy rights. Our legitimate interests are the operation of our platform and business and the provision of online advertising services to our clients as required of by our agreements with them.

  • European users have the right to lodge a complaint about our processing of personal data with a European Data Protection Authority—in particular, the Member State of your habitual residence, place of work or the location of the alleged infringement of GDPR.  For contact details of your relevant local Data Protection Authority, please look here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.

    1. Safeguarding Information We Collect and Use.
    The security of your information is important to us. We have implemented appropriate security measures to protect the information in our care, both during transmission and once we receive it. We take appropriate physical and technical security measures to protect our data from unauthorized access, as well as unauthorized disclosure.

    1. Privacy of Children.
    We are committed to protecting the privacy of children. Neither EMX’s website nor EMX online activities with its advertisers are intended or designed to knowingly attract children under the age of 13.

    1. Changes to This Privacy Policy and How to Contact Us.
    We may change this Privacy Policy from time to time. When we do, we will post the change(s) on our website.  If we made a material change, we will provide prominent notice on this site in the future. We encourage you to periodically review this page for the latest information on our privacy practices. If you have questions or concerns regarding this statement, please contact us at dpo_US@emxdigital.com.

    THE EFFECTIVE DATE OF THIS PRIVACY POLICY IS AUGUST 1, 2018.