What is the ID5 Platform (or the "Platform")?

ID5 is not an ad network, media buyer or seller, or a data broker. ID5 is an identity platform for the digital advertising industry. We do not own digital properties on which we advertise and we partake in advertising only in a limited manner for our own recruiting purposes and to advertise to other businesses (not to consumers). By "Platform," we mean that we provide technology that websites, mobile apps and publishers of other internet-connected properties (such as internet-connected TV's), use to identify users on their websites, mobile apps and other digital media properties (which we collectively refer to as "Digital Properties") and that advertisers or companies on the advertiser's behalf, use to target their users in the most efficient way possible. Sellers want their ads to be relevant to their readers, which helps them to offer content for no cost or lower cost. Buyers want to use their advertising dollars efficiently by reaching the right audiences, and by measuring the effectiveness of their ads. To accomplish these goals, buyers and sellers and their partners use our Platform to more efficiently and effectively identify their users.

What do we mean by Platform Data?

The Platform is designed to use certain types of information, that all together we call Platform Data. This includes information sent to or uploaded to our Platform by our clients and partners which may include information about you, such as IP address, unique device identifiers, and the latitude and longitude of your device when you view a website that may want to show you an ad

See "What Information we collect and use" for more details on the type of information we include in Platform Data.

Some of this information (including, for example, IP addresses and certain unique device identifiers), may identify a particular computer or device, and may be considered "Personal Data" in some jurisdictions, including the European Union (see below on the meaning of "Personal Data"). This data allows us to recognize a particular computer or device over time.

We do not allow information that by itself identifies an individual in the "real world", such as name, address, phone number, email address, or government identifier, to be used on the Platform. We also do not allow information that directly identifies an individual to be collected or used in connection with use of our Platform.

For EEA Internet Users, the meaning of "Personal Data" under the General Data Protection Regulation ("GDPR"), and what this means for Platform Data

"Personal Data" is defined as any data relating to a living individual who can be identified directly from that data, or indirectly in conjunction with other information. It can take the form of a name or address, and can extend to unique identifiers, IP addresses and other identifiers which do not tell us who an Internet user is in the "real world" but may, when combined with other information, allow the identification of a living individual.

We do not collect personal data that identifies you as an individual in the "real world." When you (an Internet user) visit a Digital Property that has integrated our technology or that uses technology that integrates with our Platform, we do not know your name or email address or other information that directly identifies you. We take care to ensure that we do not collect any information that tells us who you are.

Instead, when you first visit a Digital Property that has integrated our technology, this triggers a request to our Platform. When this occurs, we assign a random unique identifier (a Digital Identifier) an "ID5 ID," to your browser or device, which allows the Platform to automatically recognize your browser or device the next time it visits another Digital Property that has integrated our technology. This type of "pseudonymous data" is defined as "Personal Data" under the GDPR.

This allows our clients and certain third party provider to sync their own Digital Identifiers against this ID5 ID (see ID Synching below) so that our clients and certain third party providers can use their own data on other platforms that they may have associated with their own Digital Identifiers.

We use Platform Data both as an independent controller and as a data processor.

Glossary of basic terms

Browser: A browser or web browser is the user interface or application through which you view Digital Properties. Examples of prominent browsers are Microsoft's Internet Explorer, Google's Chrome, Apple's Safari, and Mozilla's Firefox.

Cookie: A cookie is a small text file that is stored in a web browser by a website or Ad Server. By saving information in a cookie, websites and servers can remember preferences or recognize web browsers from one visit to another or from one website to another.

Cross-Device Mapping: Cross-device mapping is the process of making inferences that certain devices are related to each other, i.e. they belong to the same user or household. This is done using either "statistical" or "deterministic" methods (or a combination). "Statistical" refers to using mathematical techniques to make intelligent guesses that certain devices are related. "Deterministic" means using known relationships, for example logins that use the same email address or other personal information, to link multiple devices to a single user. When this method is used companies typically mask the actual email address.

Device Identifiers: Cookies, Mobile Advertising Identifiers or other identifiers that do not identify an individual but identify a specific device.

ID Synching: ID synching (sometimes also referred to as cookie syncing) is a common and long-standing process in the digital advertising industry. It enables advertisers to link up data from multiple advertising platforms. (In other words, it helps advertisers buy ads in more than one place.)

Here's an example of how it works. Let's say you sell a product on your website. A customer visits your site. Your website stores a cookie to identify that customer's browser, and the cookie contains an ID of 12345. You then associate that ID with information about what the customer shopped for on your site.

If you want to then use that information to advertise to that user, you might go to an online advertising marketplace to buy ad space. In order to buy the right ad space to show your ads to the right user, you'll need to match your ID, which is 12345 to the ID that the marketplace has assigned to the same customer (which let's say for this example is ABCDE).

The result is a record that says ID 12345 = Marketplace ID ABCDE. That way, when the marketplace offers to sell you ad space to show you're ad to to ABCDE, your system will know that ABCDE is the same as 12345, and you can pick the right ad to show the customer.

Mobile Advertising Identifiers: Mobile advertising IDs (e.g., Apple's iOs Identifier for Advertising (IDFA) or Google's Android Advertising ID (AAID)) are unique IDs that are similar to cookies, but instead of being stored on your web browser, they are associated with individual mobile devices.Mobile Advertising Identifiers do not reveal a user's real world identity. They usually are user-resettable. Mobile Advertising Identifiers are used in connection with apps on your mobile device as opposed to websites that you access through a browser.

Non-Cookie Technology: Companies sometimes use alternative methods that perform functions similar to cookies in order to identify unique browsers or devices. For example, some platforms, such as Apple's iOS and Google's Play Services for Android, provide unique IDs to be used for advertising. Additionally, mathematical or statistical techniques are sometimes used to try to identify devices. These "Statistical Identifiers" are not 100% accurate.

Precise Geographic Location: Your device may be capable of sharing your precise geographic location with the apps or web pages you visit using that device. Devices use one or more methods to determine your location, including GPS coordinates and information about wifi networks in your vicinity. (Geographic location determined from IP address is typically not considered to be "precise.") Devices such as iPhone or Android phones typically ask for users' consent before installing or using an app that accesses the device's precise geographic location. The app, in turn, may make this information available to third-party advertising companies in order to make the ads you see more relevant.

Cookie use by the Platform

Although the specific cookies employed on the ID5 Platform may change from time to time, this describes how and why the ID5 Platform uses cookies. These cookies enable our clients to identify users and to see users' opt-out choices.

  • The Platform uses unique cookies to distinguish between unique web browsers.
  • The Platform uses cookies with non-unique values for server load-balancing and similar technical purposes.
  • The Platform uses non-unique cookies to store users' opt-out choices.
  • The Platform may also use some Non-Cookie Technologies for these purposes (as defined above and as detailed below).
  • Cookies play a role in Cross-Device linking in that cookies from different browsers or devices might be associated with each other.
  • Some browsers or other software may be configured to block 3rd party cookies by default.

THE ID5 PLATFORM PRIVACY STATEMENT

Last Modified: May 1, 2019

Overview
This privacy statement describes how ID5 collects, uses, shares or otherwise processes Platform Data. It may describe how ID5 enables or allows clients and third-party providers to use Platform Data, but otherwise does not apply to our clients' or other third parties' practices.

Companies using the Platform own their own data, and ID5 retains limited rights to use Platform Data to run the Platform and provide and improve our identity technology services. That's part of what makes it a Platform.

What information do we collect and use?

The Platform is designed to collect and use only Platform Data as described in this document. Details.

How do we collect information?

The Platform may use Cookies, Pixels, Tags, mobile SDKs, and some Non-Cookie technologies to collect and store Platform Data about web browsers and devices across web sites and apps and over time. Details.

For what purposes do we use the collected information?

ID5 uses the information collected on the Platform to provide, operate, manage, maintain, and enhance the Platform and allow our clients to use our Platform. This means faciliting user identification; using information for fraud detection and the prevention and detection of malicious behavior and maintaining and enhancing our services including using information for machine learning, optimization and statistical analysis. Details.

On what legal basis do we process Personal Data

Where you are located in the European Economic Area (the "EEA") and where ID56 is a controller of personal data, ID5's legal basis for collecting and using the personal data described below depends on the data concerned and the specific context in which we collect or use it. We normally rely on our legitimate interests to collect and use personal data, except where our interests are overridden by your data protection interests or fundamental rights and freedoms. Our legitimate interests are described in more detail below (see "How do we use the information we collect?") and include the operation of our Platform and business and the provision of our online advertising identity technology services to our clients as required by our agreements with them. In some cases, we may rely on your consent which is obtained for us by the operator of the Digital Properties that use our technology or use technology that interacts with our Platform. Additionally, we may have a legal obligation to collect personal data. Details.

What information do we share with third parties?

Where permitted, we provide clients and third-party providers access to their Platform Data that they collect, acquire, or use on the Platform, and typically they may remove it from the Platform for their own use. ID5 may also provide Platform Data to our partners and service providers for the purpose of operating, managing, maintaining, or enhancing our services, including for the safety and security of the Platform and the online industry, or as required by law. ID5 does not share the information collected on the Platform with other third parties, unless legally required. Details.

How is the information stored and how long is it kept?

Platform Data is stored using generally accepted security standards. It is usually aggregated or deleted within 30-90 days, but may be retained in the Platform for up to 18 months from the date of collection before aggregation or deletion. Details.

What are your choices?

For EEA users, we are registered as a vendor with, and support, the IAB Europe Transparency and Consent Framework (the "Industry Framework"). As a Platform, various clients and third party providers using our Platform may be accessing your device or collecting, using and sharing your personal data as independent controllers for different uses and based on different legal bases or as processors on behalf of other independent controllers. When you visit a Digital Property, the Industry Framework is designed to allow Digital Properties the means to choose which third parties they wish to allow to access your device and collect, use and share your personal data and provide dynamic transparency and choice to you about each of these third parties (an opportunity for you to consent or opt out) in connection with your visit to the Digital Property, depending on that third-party's use of your personal data and legal basis.

Web browser users may opt out of the use of the Platform for interest-based advertising in their web browser. Mobile app users have access to choices provided by certain apps or in their device system software. Details.

What happens if this privacy statement is changed?

Check this policy for changes. The date of the last update can be found at the top of this Policy. Material changes will not be applied to previously collected Platform Data. Details.

Questions?

Send a message to privacy@id5.io.

What Information Do We Collect and Use?

Platform Data

When you visit a Digital Property (i.e. a website) that uses our technology (or that uses technology that transacts with parties using our Platform) we collect or receive certain information about you and your device including:

  • Information about your browser including:
    • the type of browser
    • browser language
    • browser settings
    • cookie information
  • Information about your device including:
    • information about the device's operating system including its version and connection type
    • device make, device model
    • Device Identifiers such as your IDFA or AAID
    • Precise Geographic Location data when location services have been enabled for an app on your device that has integrated our technology or that sends that information to our Platform
    • the IP address from which the device accesses a client's Digital Property
  • Information about your activity on a Digital Property including web pages or apps visited or used and the time those web pages or apps were visited or used. Note this information is only collected and received by us in connection with requests to us initiated by Digital Properties using our technology to show ads to you or to track your activity in connection with the delivery of an ad or to place Digital Identifiers associated with your browser or device into interest-based segments. This means we do not passively track your activity but only receive information about your activity in connection with requests specifically made to our Platform to serve you an ad, measure your interaction with an ad or to place you into an interest-based category for future use by a client to help make the ads they show to you more relevant.
  • Information about your Internet service including information about which Internet Service Provider (ISP) is used by you.

Information Our Clients, our Vendors and our Clients' Third Party Providers Collect

Our clients, our vendors, and our clients' third party providers, who use our technology, may use their own tags, pixels, cookies, or other similar technology (or those of their other affiliates) within their advertisements and on certain Digital Properties. We are not responsible for our clients, vendors and/or our clients' third party providers use of such tracking technologies or for their privacy practices.

How Do We Collect Information?

  • The Platform uses Cookies, Beacons, Pixels, Tags, mobile SDKs, and in some cases Non-Cookie technologies, to collect data associated with particular web browsers or devices
  • The Platforms also receives data from Clients and Third-Party Sources (as set out above)

How do we use the information we collect?

  • For our legitimate business interests to provide services to our clients, including:
    • Compiling statistics about the user syncs occurring through our Platform and conducting research and development for our own internal business purposes, such as conducting machine learning to better optimize user syncing efficiency
    • Investigating, protecting against and deterring malicious activity, fake traffic or fraudulent, unauthorized or illegal activity on the Platform and on the internet

Typically, companies using the ID5 Platform own the information that they provide to and get from the Platform. While we take care to obtain assurances from our clients and partners that their use of information collected through the use of our technology will comply with applicable laws, when clients remove their information from the Platform, their use of that information is governed by their own privacy policies and applicable laws, rules, or regulations.

If you are located in the EEA, where we are the controller of personal data, our legal basis for processing the personal data described above under "What Information do we Collect and Use" will depend on the data concerned and the specific context in which we collect or use it.

However, we normally operate as a processor under the direction of our controller, who may be another platform or publisher

In some cases, we may rely on our consent which Digital Properties using our technology obtain from you. We may also have a legal obligation to collect personal data from you. If we rely on consent to process your data, we will obtain such consent in compliance with applicable laws.

If you have questions about or need further information concerning the legal basis on which we process personal data, please contact us at privacy@id5.io.

How and why do we share the information we collect?

ID5 shares Platform Data with third parties in the following cases:

  • Clients and third party vendors
    • When you visit a Digital Property (i.e. a website) and that Digital Property wants to show you ads, in order to effectively show you relevant ads, the Digital Property must let certain third parties access your device or receive and use the information noted above under "What Information do we collect and use."
    • Depending on how those third parties collect and use that information, those parties may be:
      • independently making decisions about how your data is used in different ways, for different reasons based on different legal bases
      • using your data strictly at the instruction of another party solely on behalf of that party
    • As such, at the instruction of our clients, we share information with clients and third party vendors:
      • so that they can improve their products and services for use by us and others across the broader online advertising ecosystem (e.g. your Device Identifier may be used to improve fraud detection services)
    • When our clients integrate our technology in order to enable us to collect your data, other than for the reasons noted below, we do not decide which third parties may receive your information.
    • For users located within the EEA, we provide our clients with various controls to choose the third parties with whom we share your information that we collect through each client's use of our Platform including:
      • IAB Europe Transparency and Consent Framework:
        • We are registered as a vendor with, and support, the IAB Europe Transparency and Consent Framework (the "Industry Framework")
        • When you visit a Digital Property, the Industry Framework is designed to allow a Digital Property to choose which third parties (vendors) they wish to allow to access your device and use your personal data and provide dynamic transparency and choice to you about each of these vendors (either an opportunity for you to consent or opt out) in connection with your visit to the Digital Property, depending on that third-party's use of your data and legal basis.
      • Information about third parties operating through our Platform and Platform Controls:
        • Information about third parties operating through our Platform for disclosure purposes and whitelisting capabilities - essentially creating lists of approved companies - to control which third parties may receive and use your information
    • For users located outside of the EEA, we provide our clients with Platform Controls, including our whitelisting capabilities, to control which third parties may receive your information.
  • Service Providers (including data centers, hosting providers, anti-fraud, technology and security providers): We share with Service Providers (or enable their collection of) Platform Data so that they can perform functions and provide services to us including for purposes of protecting the safety and security of the online ecosystem, including to detect and prevent malicious activity or fake traffic. Our Service Providers are subject to obligations consistent with this Privacy Policy and appropriate confidentiality and security measures.
  • Legal Rights and Compliance with Law: We may also disclose Platform Data in the event that we reasonably suspect malicious activity or fake traffic or when we reasonably believe it is required by law, subpoena or other legal process, including to meet national security or law enforcement requirements.
  • ID5 Affiliates: We share Platform Data with other companies in the ID5 group of companies to use for any of the purposes described in this Privacy Policy.
  • Business Transfers: We may transfer Platform Data to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change.
  • Aggregated Data: We may also share aggregated data derived from the Platform, including, for example, statistics about Platform activity.

How is Platform Data Stored and How Long is it Kept?

Security

  • ID5 uses generally accepted industry security standards to protect information transmitted over or stored on the Platform.
  • We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
  • We restrict access to information to employees, contractors and agents who need the information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
  • Please note, however, that no transmission or storage of information can ever be guaranteed to be completely secure. Once we receive Platform Data, we will use strict procedures and security features to try to prevent unauthorized access. Please also be mindful that we are not responsible for the security measures of third parties.

Retention

  • We never store any information longer than we need it. Platform Data is usually aggregated or deleted within 30-90 days, but may be retained in the Platform for up to 18 months for specific clients and for use for security and the detection and prevention of fraud and invalid traffic from the date of collection before aggregation or deletion. When we no longer need the information we collect, it is deleted or aggregated.
  • Aggregated information is used for reporting and analysis, and may be stored in the Platform for up to 5 additional years.
  • When third party vendors receive information through us or clients remove their information from the Platform, their storage and retention of the removed information is governed by their own privacy policies and applicable laws, rules, or regulations.

What are your choices?

IAB Europe Transparency and Consent Framework: If you are located in the EEA and visiting a Digital Property, we are registered as a vendor with, support, and encourage our clients to use the IAB Europe Transparency and Consent Framework (the "Industry Framework") to provide you with dynamic transparency into and choice about the various third parties our clients use, including ourselves. When you visit a Digital Property, the Industry Framework is designed to allow a Digital Property the means to choose which vendors they wish to allow to access your device and process your personal data and provide dynamic transparency and choice to you about each of these vendors (either an opportunity for you to consent to the vendor or opt out of data processing by the vendor depending on that vendor's legal basis and use of your personal data).

ID5 Web Browser Opt Out: If you have not already chosen to do so, you can click the button below (or go directly to https://id5-sync.com/privacy/optout) to opt out of having the Platform used to enable our clients to more efficiently serve your relevant ads. When you opt out, an opt out cookie (from id5-sync.com) will be stored in your web browser. The Platform will know the choice you have made when it sees your opt out cookie, and will apply your choice to all companies using the Platform. If you block or delete the opt out cookie, you will not be opted out and will need to allow cookies from ID5 and renew your opt-out choice.

ID5 Web Browser Opt In: If you have previously chosen to opt out, but would now like to opt in, you can click the button below (or go directly to https://id5-sync.com/privacy/optin) to opt in to having the Platform used to enable our clients to more efficiently serve your relevant ads. This does not overwrite any consent settings you may select on a given Digital Property (i.e. website).

Important things to note about the opt out:

  • Blocked cookies: The opt out cookie may not work if your browser is configured to block third-party cookies.
  • Deleting or protecting opt outs: If you delete your cookies, you will need to opt out again. There are browser plugins to help you preserve your opt out cookies. For more information, please visit https://www.aboutads.info.
  • Only this browser: The opt out only applies to the browser profile in which you set it. For example, if you set the opt out while using Firefox, but then use Chrome, the opt out will not be active in Chrome. To opt out in Chrome, you will need to repeat the opt out process. This is because the cookies cannot be read between different browsers or browser profiles.
  • The opt out does not block or delete cookies: It also does not prevent the use of cookies or other technologies for purposes other than selecting ads based on your interests as inferred by your online behavior. If you opt out, data may still be collected about your web browsing activities and you will still see advertising. Ads may be selected, for example, based on the content of the web page in which they are shown. If you wish to block or delete cookies altogether, you can use web browser settings to do so.
  • Learn More: To learn more about interest-based advertising, and to access the opt outs of other online advertising companies, visit the Network Advertising Initiative opt out page.

ID5 Mobile App Opt Out: Mobile device system software such as Apple iOS or Google Play Services provide mechanisms that allow users to opt out of the use of information about their usage of mobile apps to deliver targeted ads to their mobile device. For more information, or to opt out using these mechanisms, consult your device settings ("Opt out of Interest-Based Ads" on Android devices and "Limit Ad Tracking" on iOS devices).

Location: Most mobile devices offer you the ability to stop the collection of location information at any time by changing the preferences on your device. You may also be able to stop the collection of location information by particular apps by adjusting the settings for individual apps or following the standard uninstall process to remove specific mobile apps from your device. Note when location services have not been enabled in any of your apps, we will still infer data about your location based on your IP address.

What are your personal data access rights?

We collect the minimum amount of personal data about you that is necessary to provide our Services. Because we do not collect and we prohibit clients and third party vendors from storing information that directly identifies an individual on the Platform, it is generally not feasible for us to provide individuals information that is tied to their identities.

European Data Subject Rights

If you are a resident of a country in the EEA, you have certain rights and protections under the law regarding the collection, processing, and use of information about you. As stated above, the information we collect about you when you visit Digital Properties that use our advertising technology may include certain identifiers that are considered "Personal Data" under European law. We process this data as necessary to further the legitimate interests of our customers, who rely on the ability to deliver, to you and other users, advertisements (including targeted advertisements) in order to fund the online content they deliver to you.

As a resident of a country in the EEA, you have the right: (i) to request access and obtain a copy of your personal data, (ii) to request rectification or, in certain circumstances, and subject to some specific legal reasons where we may need to retain data, erasure; (iii) to restrict the processing of your personal data; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal data.

If you are interested in exercising any of these rights, please see our Data Subject Rights Policy.

Finally, as a resident of the EEA, you have the right to lodge a complaint about our processing of personal data with a European Data Protection Authority in particular, the Member State of your residence, place of work or alleged infringement of the GDPR. For contact details of your relevant local Data Protection Authority, please see here.

Privacy Shield related rights

If you believe that ID5 holds information that would allow us to correct, amend, or delete inaccurate information about you or that information about you has been processed in violation of the EU-US Privacy Shield's Principles, please contact us at privacy@id5.io.

We will seek to provide access to such data, but will not be able to do so when the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated.

Industry Self-Regulation

ID5 supports industry self-regulation, and endorses best practices and self-regulatory requirements that apply to the Platform. ID5 is a member in good standing of the Network Advertising Initiative (NAI), and adheres to the NAI Code of Conduct for Web and Mobile.

Additionally, the following industry sites provide useful information about industry self-regulation of interest-based advertising:

Global Operations and Privacy Shield

ID5 is a global company headquartered in the United Kingdom with data centers located in Europe. If you access any of the Digital Properties that use our technology, please be aware that your information may be transferred to, stored and processed by us and our affiliates in our facilities in Europe and other countries and by those third parties with whom we may share your information.

These countries may not provide an adequate level of data protection for your information (as determined by the European Commission) or have data protection or other laws as comprehensive as those in your country. We will, however, ensure that where ID5 group companies or third-party service providers receive information outside of the EEA, appropriate protections are in place under European data protection legislation (which includes either Model Clauses or Privacy Shield compliance).

For example, in order to ensure that your information is adequately protected when transferred outside of the EEA, ID5 has entered into inter-company "model clause" agreements and other adequacy arrangements with other various entities located outside the EEA with whom we share your information. A copy of such agreements is available on request.

Additionally, if we transfer personal information from the European Union to the United States or Switzerland to the United States, we comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. ID5 has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

For any questions or complaints regarding our compliance with either the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework, please contact us at privacy@id5.io.

If ID5 does not resolve your complaint, you may submit your complaint free of charge to ICDR/AAA, ID5's designated independent dispute resolution provider. Under certain conditions specified by the principles of the EU-US and the Swiss-US Privacy Shield Frameworks, respectively, you may also be able to invoke binding arbitration to resolve your complaint. ID5 is subject to the investigatory and enforcement powers of the FTC. If ID5 shares the personal data of an individual located in the EU or Switzerland with a third-party service provider that processes the data solely on ID5's behalf, then ID5 will be liable for that third-party's processing of that data in violation of the Principles, unless ID5 can prove that it is not responsible for the event giving rise to the damage.

What Happens if this Privacy Statement is Changed?

Check this page for changes. We may change this privacy statement at any time.

If we make changes that, in our sole discretion, are material, those changes will not be applied to information collected prior to the date the changes went into effect.