Mediaocean Logo
Log in to Mediaocean
Prisma
Prisma for Sellers
Innovid
Home
Company
Company
Mediaocean powers the future of the advertising ecosystem with AI.
Diversity, equity, and inclusion
Diversity of thought and experience makes us stronger.
Careers
Check out job openings and discover how we bring our passion to work every day.
Newsroom
Read official press releases and announcements.
Contact
We want to hear from you!
Products
Products
The Mediaocean suite delivers seamless advertising orchestration across channels, formats, and devices.
Prisma
End-to-end workflow automation for media buying and finance
Innovid
Omnichannel ad serving, creative personalization, measurement, and optimization
Protected
Verification solutions including brand safety, SIVT, viewability, and attention
Resources
Resources
Thought leadership, industry insights, reports and more covering all things omnichannel advertising
Events
Upcoming webinars and events as well as past recordings
Articles
Industry publications featuring bylines from Mediaocean leaders
Insights
Updates, blog posts, and other tidbits from our team
Reports
White papers and industry reports covering the latest trends
Creative Showcase
Impactful results from clients leveraging Innovid
Press coverage
Industry publications featuring Mediaocean and our leaders
Support
Support
Task-level eLearning and quick learning articles, on-demand webinars, and technical content
Education
Learn about self-certification courses and live training programs from Mediaocean.
Contact us

Privacy policy

 

 

Effective as of 12/15/2025

Mediaocean LLC, together with its affiliates and subsidiaries from time to time (“Mediaocean”, “we”, “our” or “us”) takes privacy seriously. This Privacy Policy explains how we collect and process data from: 

  1. Visitors to this website and its subdomains (the “Website”);
  2. Customers and prospective customers (including their employees and authorized users) of our advertising infrastructure and hosted systems, products and services known as Prisma Media, Prisma Finance and Prisma Production (collectively, “Prisma” or “Hosted Systems”); and
  3. Suppliers and other business partners who provide products, services or data to help us in providing this Website and/or Hosted Systems. 

Our Website and Hosted Systems may contain links to third party websites. We do not control these websites, and this Privacy Policy does not apply to any information that you provide to those websites or that is collected by those websites. We encourage you to read the privacy policy of any third-party website that you visit before providing any information to the owner of that website. 

Please note that this Privacy Policy does not cover our suite of advertising technology products and services known as Innovid. Such advertising technology products and services include advertisement serving, creative personalization, advertising analytics, advertising measurement, and advertising-related activation and facilitation across various thirty-party owned and operated digital, social, and CTV media (including the products and services currently known as Innovid, InnovidXP, Flashtalking, AudienceHQ, AudienceHub and Social Ads Manager (collectively, “AdTech Services”)). The Privacy Policy of our AdTech Services can be found at https://www.innovid.com/privacy-policy.

Please note that this Privacy Policy also does not cover our brand safety and IVT detection platform known as Protected Media. The Privacy Policy of Protected Media can be found at https://www.protected.media/privacy-policy-dashboard/.

Please also note that this Privacy Policy does not cover our collection, use or disclosure of information relating to employees or candidates for employment with Mediaocean or its affiliated entities (collectively, “HR Data”), as Mediaocean provides a separate privacy policy to such individuals governing HR Data.

 

Table of Contents

1. Information We Collect About You 

2. Hosted Systems 

3. How We Use Your Information 

4. How We Store And Disclose Your Information 

4.1 Data storage and access 

4.2 Disclosure of PI to third parties 

5. Your Rights Under This Privacy Policy 

6. Cookies And Other Tracking Technologies 

7. How We Keep Your Information Secure 

8. Retention 

9. Minors Under The Age Of 18 

10. Additional Information for Residents of the European Union, UK and Switzerland

11. Additional Privacy Information for Residents of California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Virginia, and Other U.S. States in Which an Applicable State Privacy Law is in Effect 

11.1 Introduction 

11.2 Key concepts 

11.3 Categories of personal information that we collect and disclose to others for a business purpose 

11.4 Rights of residents of California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Virginia, and other U.S. states in which an applicable State Privacy Law is in effect 

11.5 Submitting Requests 

11.6 CCPA Metrics for 2024  

12. Complaints 

13. Changes To This Privacy Policy 

14. Contact Us

 

1. Information We Collect About You 

We may collect and process the following information about you during your visits to the Website or business interactions with us. Such information may include information defined under applicable law as “personal data” or “personal information” (collectively, “PI”). 

  • Your name, your email address, company name, business address, business contact details, and your business title and role;
  • Your training profile, including details of courses you’ve attended and courses that you’re due to complete; Information that you provide by filling in forms on the Website or on Mediaocean Support;
  • Information you provide when you contact us, for example when you request information about our products or services, subscribe to our blog, book a demo, or request customer or technical support. If you contact us in writing, we may keep a record of that correspondence, and if you call our support team, we may retain a recording of the phone call for a limited period for training purposes;
  • Details associated with your use of our products and services, including the specific services you have ordered from us, company name, billing information and account usage information;
  • Surveys, Beta-testing, and Other Information-Gathering Activities. We may contact you to participate in these activities. If you decide to participate, you may be asked to provide certain information with your consent.
  • Conferences, Trade Shows, Webinars, and Other Events. We may collect PI from individuals when we attend conferences, trade shows, and other events.
  • Business Development and Strategic Partnerships. We may collect PI from individuals and companies to assess and pursue potential business opportunities. 

In addition, our Website may automatically place cookies essential to site operations, and with explicit consent the Website may also use non-essential tracking cookies, tags, or pixels to collect and share information about your visit with third parties. Please see our Cookies Policy for more information. The automatically collected information includes: 

  • Records of pages and features you’ve used within our Website.
  • Details of your visits to our Website, including but not limited to, traffic data, weblogs and other communication data and the resources that you access. This may include information about your computer or device, including your browser information, operating system information, device identifier, IP address, general geographic location, date, and time of visit, whether you are a new or a return visitor, device type, connection type and identifiers assigned to your browser or device, such as the advertising identifiers assigned by platform providers, and other such information as may be delivered or shared by the applicable browser or access software or device. You may opt out non-essential tracking technologies as described under the section entitled “Cookies and Other Tracking Technologies”. 

Our Website does not knowingly collect information defined by law as “sensitive personal information” or “special categories of data” (e.g., precise geolocation, data revealing racial or ethnic origin, religious beliefs, physical or mental health diagnosis, sexual orientation, or citizen or immigrant status, genetic or biometric data) (collectively, “Sensitive Information”).

 

2. Hosted Systems 

The categories of PI processed by our Hosted Systems may include the following types of information, to the extent relevant to the applicable client company:

  • User credentials, including user names and passwords;
  • Logs of actions taken within the systems, such as application logs, usage analysis, and audit trails;
  • Business contact details of client employees, and (if relevant to the manner in which the client company chooses to use our Hosted Systems), their vendors’ or clients’ employees’ business contact details, for example to facilitate order or payment processes or to ensure delivery of output to the correct individual;
  • if relevant to the manner in which the client company chooses to use our Hosted Systems, information related to staff expense payments, timesheets, and similar matters. 

Where PI is collected, stored or used by our client companies using our Hosted Systems, please note that we act only as a data processor. The client company is the data controller and is responsible for data protection obligations pertaining to its obtaining necessary consents, providing notifications, accuracy, and timely disposal. The client company is also responsible for arrangements to enable individuals to access their PI, subject to confirmation of identification, for authorizing disclosure to third parties (other than authorized subprocessors or as required by law), and for breach notifications to relevant government agencies and to users, in case of a security incident. 

As a data processor, Mediaocean’s responsibilities for this data are to:

  • Process the PI only on documented instructions from our client company.
  • Ensure that all persons we authorize to process the PI understand and respect the confidential nature of this information
  • Make provisions for the security, availability and integrity of data on our systems, including where we have appointed subprocessors to help us deliver our services to our client companies.
  • In the event that there is a security incident, provide our client company with the information needed to make statutory breach notifications.

 

3. How We Use Your Information 

We use your information in the following ways:

  • To conduct processing which is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
  • To carry out obligations arising from contracts entered into between you and us;
  • For authentication purposes in order to ensure we are communicating with, or allowing access by, the correct individual;
  • To respond promptly and effectively to your support requests and other queries;
  • To help us keep the information that we hold about you up-to-date;
  • To administer your account with us, and to carry out and verify financial transactions in relation to payments you make in connection with our products and services;
  • To provide you with information, products, or services that you request from us and notify you of any changes to these;
  • To request feedback regarding products you have purchased or licensed from us;
  • For compliance and audit purposes, such as meeting our reporting obligations in our various jurisdictions;
  • To collect debts, prevent fraud, infringement, identity theft and any other service misuse, comply with our legal obligations and take action in any legal dispute and proceeding;
  • To monitor, improve and optimize the Website, services and products, including understanding your needs and interests. and to personalize your experience with the Website, our products and services and our communications;
  • For other purposes as requested by you, or for other purposes that are clearly disclosed to you at the time you provide the information or with your consent;
  • For marketing and advertising our products and services:
    • We may use personal information to provide you or enable third parties to provide you with content and advertisements related to our own products and services, and to target such content and advertisements to be more relevant to you. We may also use, and permit third parties to use, cookies and other tracking technologies (such as web beacons and pixels) with the aim of collecting certain information to analyze behavior and customize the content and advertising displayed to you related to our own products and services. If you have any questions about our marketing practices or if you would like to opt out of the use of your PI for marketing purposes, please review the section entitled “Cookies and Other Tracking Technologies” below to exercise your choices.
  • We also use your information for other purposes as requested by you.
  • We may use PI for other purposes that are clearly disclosed to you at the time you provide PI or with your consent.
  • De-identified and Aggregated Information. We may use de-identified and/or aggregated information, such as de-identified demographic information, de-identified approximate location information, and deidentified information about the devices from which you access our Website and Hosted Systems for the purposes stated in this Privacy Policy.

 

4. How We Store and Disclose Your Information 

4.1 Data storage and access. 

Mediaocean uses cloud-based software solutions for customer relationship management, support and incident management, and marketing communications. Mediaocean shares your name and business contact details with these USA–based providers for the purpose of operating the Website and Hosted Systems, and the information is used strictly for the purposes described above. Mediaocean uses additional hosted or cloud-based software solutions in the USA to facilitate internal processes. 

PI that is collected from users in the UK, EU, Australia, Canada and other territories will be transferred from time to time to the USA and the UK, and may be transferred to any other countries where Mediaocean group companies have offices (Australia, Canada, France, Germany, Netherlands, India, Malaysia, Singapore, UK, USA). Data transfer agreements (including the EU standard contractual clauses) have been put in place with other Mediaocean entities within the group to ensure protection of such PI in line with data protection requirements. 

Staff involved in support, engineering and technical operations may be based in any location where Mediaocean group companies have offices. Our staff may access data from any of those locations. However, staff are only given access to the data if they need it in order to be able to do their jobs, and only if they have completed mandatory training on security procedures. 

Mediaocean uses cloud-based software solutions to manage customer relationships, support and incident services, and marketing communications. These solutions are run in US-based data centers that comply with Tier III, SOC1, SOC2, or ISO 27001 standards. Further details are available upon request. 

 

4.2 Disclosure of PI to third parties. 

As a matter of routine business, we don’t disclose PI that we collect to third parties except to:

  • our contracted sub-processors as described above;
  • to affiliated and subsidiary companies that we control, or that are under common control with us;
  • third parties approved or requested by you, your agent, or the company client as appropriate;
  • third parties if we’re under a duty to disclose or share such PI in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements, or to protect our rights, property, or safety, or those of our clients or others with whom we are under a contractual obligation. If we have to disclose PI on this basis, we take appropriate steps to ensure that the third party is obliged by law or contract to provide at least the same level of privacy protection as is required by our Privacy Policy and by applicable laws (unless the disclosure is legally required, such as tax reporting or responding to a judicial subpoena).
  • We may disclose information we have collected to third parties if we sell or buy any business or assets, in which case we may disclose your information to the prospective seller or buyer of such business or assets, or if we or substantially all of our assets are acquired by a third party, in which case information held by us will be one of the transferred assets. Such transfers will be subject to contractual data protection provisions. 

We will obtain your consent before disclosing PI to a third party other than as described above.

 

5. Your Rights Under This Privacy Policy 

You may have the right, depending on the jurisdiction in which you reside, to:

We commit to you that we will not discriminate against you as a result of your choosing to exercise any of your rights under law. In addition to the above mechanisms, you can also exercise your rights by emailing us at datasecurity@mediaocean.com.

 

6. Cookies and Other Tracking Technologies 

Like many companies, we use cookies, pixels, web beacons, and other tracking technologies to collect information about your browsing activities and your interactions with our Website, and to serve targeted ads for our products and services. There are a number of ways to opt out of having your online activity and device data collected through these methods, which we summarize below:

  • Opting out of cookie use in our Cookies widget in the bottom left hand corner of the Website (pictured below) to allow or disable non-essential cookies.

cookie widget

 

 

  • Blocking Cookies In Your Browser. Most browsers let you remove or reject cookies, including cookies used for targeted advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
  • Using Privacy Plug-ins Or Browsers. You can block our websites from setting cookies used for targeted advertising by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery or uBlock Origin, and configuring them to block third-party cookies/trackers.
  • Advertising Industry Opt-Out Tools. Where available, you can use advertising industry opt-out options to limit use of your information for targeted advertising online or in apps by visiting http://optout.aboutads.info.
  • With Each of Our Vendors Individually. Please visit the privacy policies of our vendors/partners to understand their privacy practices and what choices are available for you to opt-out of use of your information for targeted advertising:
  • Google Analytics. We use Google Analytics, a service provided by Google, to help analyze how users use the Website. Google Analytics uses “cookies”, which are text files placed on a user’s computer or device, to track the user’s activity (including information such as the user’s flow, location by country, language, browser and OS, ISP, and devices) on the Website. We use this service with a view to analyze usage across devices and offer improvements for all users. To learn more about Google Analytics, please click here. To opt out of this feature by installing the Google Analytics Opt-out Browser Add-on, please click here

Please note that because some of these vendors’/partners’ opt-out mechanisms may be specific to the device, app or browser on which they are exercised, you may need to opt out separately on every device, app or browser that you use. 

To learn more about our use of cookies and other tracking technologies, visit our Cookie Policy.

 

7. How We Keep Your Information Secure

All information you provide to us is either stored on our secure servers at our data center, or else in secure cloud solutions as described above. Where we have given you (or where you have chosen) login credentials which enable you to access certain parts of our Website or to use our Hosted Systems, you’re responsible for keeping these login credentials confidential. We ask you not to share your login credentials with anyone. 

Unfortunately, the transmission of information via the internet is not completely secure. Although we use generally accepted security measures to protect your PI, we can’t guarantee the security of your PI transmitted to our Website; any transmission is at your own risk. Once we have received your information, we’ll use strict procedures and security features to try to prevent unauthorised access. 

Logical access tools have been put in place to ensure that access to PI is appropriately restricted. Administrative access to the information is restricted to authorized personnel. Physical and network security measures are in place to restrict access to the computing equipment. The security measures that we have in place to protect PI are certified annually. We also obtain security reports from our cloud service providers to ensure that they are adhering to the required standards.

 

8. Retention

We will retain your PI for as long as is necessary for the purposes set out in this Privacy Policy, in accordance with Mediaocean’s Data and Document Retention Policies. These policies define retention rules based on the nature of the information and the purpose for which it is required. We destroy or dispose of all PI securely when it is no longer needed. 

If you send us an opt-out request, we will retain indefinitely only the information we need to respect your request (for example, in the case of an email “unsubscribe” request, we will retain your email address and the fact you are not to be contacted). We will retain and use your PI to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data or the information you provided to us to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

 

9. Minors Under the Age of 18

Our Websites and services are not intended for minors under 18 years of age. We do not knowingly collect PI from minors under 18. If you are under 18, please do not use or provide any information on this Website or through any of its features. If we learn we have collected or received PI from a minor under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a minor under 18, please contact us at datasecurity@mediaocean.com.

 

 

10. Additional Information for Residents of the European Union, UK and Switzerland

When information relating to an identified or identifiable natural person ("personal data") is collected, stored or used by our client companies (each, a "Customer") using the Hosted Systems, Mediaocean is a processor and the Customer is the controller. The Customer is thus responsible for data protection obligations pertaining to securing the lawful basis for such processing, and for notification, collection, accuracy, and timely disposal of the personal data. The Customer is also responsible for arrangements to enable individuals to access their personal data, for authorizing disclosure to third parties, and for breach notifications to relevant state or provincial agencies and to data subjects, in case of a security incident. As a processor, Mediaocean’s responsibilities for such personal data are to:

(a) process the personal data only on documented instructions from our Customer.

(b) ensure that all persons we authorize to process the personal data understand and respect the confidential nature of this information.

(c) make provisions for the security, availability and integrity of the personal data on our systems, including where we have appointed sub-processors to help us deliver our services to our Customers.

(d) in the event that there is a security incident, provide our client with the information needed to make statutory breach notification. 

When administering the Mediaocean Website and/or our Customer’s account with us, Mediaocean acts as a controller for personal data collected from such activities.

The following lawful bases may be used by Mediaocean to collect and process personal data:

  • Performance of contract. We collect and use personal data where needed to fulfill a contract with our Customer, who has engaged us to provide them with access to the Hosted Systems.
  • Legitimate business interests. We may use personal data for our legitimate business interests to improve our Website and content, and to optimize the user experience. Consistent with our legitimate business interests and any choices that we offer or consents that may be required under applicable laws and regulations, we may use personal data and technical information for direct marketing.
  • User Consent. Where required under applicable laws and regulations, we may collect and use personal data described in this Privacy Policy subject to your consent. Notably and where required by applicable laws and regulations, we will rely on your consent for electronic marketing and personalization of message content, which may include collecting information from your device or browser. You may withdraw your consent at any time using the opt-out and preference management mechanisms provided within the message or by contacting us as described in this Privacy Policy. Withdrawing consent will not affect the lawfulness of consent-based processing before consent was withdrawn.

If you are an individual with respect to whose personal data the General Data Protection Regulation (“GDPR”) applies, and where we are a controller of your personal data under GDPR, you have the following rights under GDPR and local laws, including, as applicable:

  • The right to be informed about processing activities and applicable rights
  • The right to access personal data being processed
  • The right to rectify personal data when outdated or incorrect
  • The right to erasure (and to be publicly forgotten)
  • The right to object to processing with respect to processing activities based on consent
  • The right to restrict processing when processing is deemed to be unlawful
  • The right to data portability between proprietary systems in a common format
  • The rights related to automated decision making, including decisions based on profiling activities.

To exercise your rights, please contact Mediaocean and its Data Protection Officer at datasecurity@mediaocean.com. Data subjects also have the right to lodge a complaint with a supervisory or data protection authority in their jurisdiction in the place of their habitual residence. If the supervisory authority fails to deal with a complaint, the data subject may have the right to an effective judicial remedy. 

Please note that we may have to undertake a process to identify a data subject exercising their rights. There may be exemptions to the rights for specific legal reasons which, if applicable, we will set out for you in our response to your request. We may keep details of data subject requests exercised for our own compliance and audit requirements. 

Where personal data is provided by a data subject acting in their capacity of an employee or personnel of a customer of Mediaocean, such data subject’s rights will have to be effected through that customer in its capacity as the data subject’s employer. 

Our EU representative may be contacted as follows: info@myedpo.com 

Or by mail: 

MyEDPO 
Attn: Mediaocean EU Representative 
Unit 3d North Point House, North Point Business Park 
New Mallow Road 
Cork, Ireland T23 AT2P 

Our Data Protection Officer may be contacted as follows: info@myedpo.com 

Or by mail: 

MyEDPO Israel Ltd. 
Unit 3, 12 Hamaapilim 
Jerusalem, Israel 9358801

 

11. Additional Information for Residents of California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Virginia, and Other U.S. States in Which an Applicable State Privacy Law is in Effect

11.1 Introduction

In this section, we provide information for residents of California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Virginia and other states in which an applicable State Privacy Law is in effect as may be required under applicable privacy laws of such states from time to time (“State Privacy Laws”). For instance, the California Consumer Privacy Act (“CCPA”), as amended by the California Consumer Privacy Rights Act (“CPRA”), and the Virginia Consumer Data Protection Act (“VCDPA”), require that we provide their respective residents certain specific information about how we handle their personal information. 

Under State Privacy Laws, subject to certain exceptions, “personal information” is generally any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular resident or household in the applicable state. Because certain State Privacy Laws require that we disclose specific information about how we handle certain personal information collected about residents of their states, the scope of this section may be different than the scope of our Privacy Policy. 

Please note that for Mediaocean employee information-related requests, the Mediaocean employee privacy policy (which is separately provided to Mediaocean employees) applies. 

 

11.2 Key concepts

(a) What is a “sale of personal information” under State Privacy Laws such as CCPA and VCDPA? What is a “share of personal information” under the CPRA?

A “sale” of personal information under State Privacy Laws may occur any time a business sells or makes available any personal information to a third party for monetary or other valuable consideration. Under the CPRA, “sharing” generally means disclosing, making available or communicating personal information by a business to a third party for cross-context behavioral advertising (also known as targeted advertising), whether or not for monetary or other valuable consideration, including transactions between a business and a third party for targeted advertising for the benefit of a business in which no money is exchanged. Targeted advertising to a consumer is based on the consumer’s personal information obtained from the consumer’s activity across businesses, distinctly-branded websites, applications, or services, other than the business, distinctly-branded website, application, or service with which the consumer intentionally interacts. 

Mediaocean acts as a service provider and/or a processor under State Privacy Laws to its client companies in the context of their use of our products and services, and does not engage in selling or sharing of personal information with third parties, except to the limited extent that Mediaocean’s use of non-essential third-party tracking technologies utilized on this Website could be deemed a “sale” or a “share” under State Privacy Laws. For example, we may share information from the Website with our social media and other advertising partners, such as LinkedIn, in order to serve targeted ads for our own products and services and assess the effectiveness of such campaigns. You may opt out of such cookies as detailed in the section entitled “Cookies and Other Tracking Technologies” above. 

(b) What is “sensitive information” under State Privacy Laws? 

"Sensitive information” is generally defined as personal information that reveals sensitive information about a consumer, such as social security, driver’s license, state identification card or passport numbers, account log-in, financial account, debit card or credit card numbers in combination with any required security or access code, password or credentials allowing access to an account, precise geolocation, data revealing racial or ethnic origin, religious beliefs, physical or mental health diagnosis, sexual orientation, or citizen or immigrant status, as well as processing of genetic or biometric data for identification, and personal data collected from a known child. Mediaocean does not collect sensitive information as defined under applicable law.

 

11.3 Categories of personal information that we collect and disclose to others for a business purpose 

The items below set out generally the categories of personal information that we collect and disclose to others for a business purpose. 

We collect these categories of personal information from the sources described in our Privacy Policy above, and for the purposes described in our Privacy Policy above. Our collection, use and disclosure of personal information will vary depending upon the circumstances and nature of our interactions or relationship with the relevant individual. 

(a) Name, Contact Information, and other Identifiers: Identifiers such as a real name, alias, address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

  • Do we collect? – YES
  • Do we disclose for a business purpose? – YES
  • Do we sell? – NO
  • Do we share with third parties for targeted advertising? – YES (to the limited extent that use of non-essential third-party tracking technologies on this Website could be deemed a “share” under State Privacy Laws). 

(b) Customer Records: Paper and electronic customer records containing personal information, such as name, signature, physical characteristics or description, address, telephone number, education, current employment, employment history, social security number, passport number, driver’s license or state identification card number, insurance policy number, bank account number, credit card number, debit card number, or any other financial or payment information, medical information, or health insurance information.

  • Do we collect? – YES
  • Do we disclose for a business purpose? – YES
  • Do we sell? – NO
  • Do we share with third parties for targeted advertising? – NO 

(c) Protected Classifications: Characteristics of protected classifications under California or federal law such as race, color, sex, age, religion, national origin, disability, citizenship status, and genetic information.

  • Do we collect? – NO
  • Do we disclose for a business purpose? – NO
  • Do we sell? – NO
  • Do we share with third parties for targeted advertising? – NO (

(d) Purchase History and Tendencies: Commercial information including records of personal property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.

  • Do we collect? – YES
  • Do we disclose for a business purpose? – YES
  • Do we sell? – NO
  • Do we share with third parties for targeted advertising? – NO 

(e) Biometric Information: Physiological, biological, or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including DNA, imagery of the iris, retina, fingerprint, faceprint, hand, palm, vein patterns, and voice recordings, keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.

  • Do we collect? – NO
  • Do we disclose for a business purpose? – NO
  • Do we sell? – NO
  • Do we share with third parties for targeted advertising? – NO 

(f) Usage Data: Internet or other electronic network activity information, including, but not limited to, browsing history, clickstream data, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement, including access logs and other activity information related to your use of our Websites, applications or other online services.

  • Do we collect? – YES
  • Do we disclose for a business purpose? – YES
  • Do we sell? – NO (except to the limited extent that use of non-essential third-party tracking technologies on this Website could be deemed a “sale” under State Privacy Laws).
  • Do we share with third parties for targeted advertising? – YES (to the limited extent that use of non-essential third-party tracking technologies on this Website could be deemed a “share” under State Privacy Laws).

(g) Geolocation Data: Precise geographic location information about a particular individual or device.

  • Do we collect? – NO
  • Do we disclose for a business purpose? – NO
  • Do we sell? – NO
  • Do we share with third parties for targeted advertising? – NO 

(h) Audio, Video and other Electronic Data: Audio, electronic, visual, thermal, olfactory, or similar information, such as CCTV footage, photographs, and call recordings and other audio recording (e.g., recorded meetings and webinars).

  • Do we collect? – YES (for internal training purposes)
  • Do we disclose for a business purpose? – YES
  • Do we sell? – NO
  • Do we share with third parties for targeted advertising? – NO 

(i) Professional or employment-related information: Employment history, qualifications, licensing, disciplinary record.

  • Do we collect? – NO
  • Do we disclose for a business purpose? – NO
  • Do we sell? – NO
  • Do we share with third parties for targeted advertising? – NO 

(j) Education Information: Information about education history or background that is not publicly available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).

  • Do we collect? – NO
  • Do we disclose for a business purpose? – NO
  • Do we sell? – NO
  • Do we share with third parties for targeted advertising? – NO 

(k) Profiles and Inferences: Inferences drawn from any of the information identified above to create a profile reflecting a resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.

  • Do we collect? – YES
  • Do we disclose for a business purpose? – YES
  • Do we sell? – NO

  • Do we share with third parties for targeted advertising? – NO 

     

11.4 Rights of residents of California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Virginia, and other U.S. states in which an applicable State Privacy Law is in effect 

State Privacy Laws grant residents of their states certain rights and imposes restrictions on particular business practices as set forth below. 

(a) Right to Opt-out of Sale and/or Sharing of Personal Information. We do not ‘sell’ or ‘share’ your personal information for monetary benefit. However, the use of some third party cookies placed on our Website may be considered a “sharing” of personal information under State Privacy Laws. For example, we may share information with our social media and other advertising partners, such as LinkedIn, in order to serve targeted ads for our products and services and assess the effectiveness of our outreach campaigns. You may opt out of such cookies as detailed in the section entitled “Cookies and Other Tracking Technologies” above. 

(b) Opt out of targeted advertising or cross-context behavioral advertising. Some third party cookies on our website are used for targeted advertising purposes with respect to our own products and services. You may opt out of such cookies as detailed in the section entitled “Cookies and Other Tracking Technologies” above. 

(c) Sensitive personal information. Residents of certain states have the right to limit the use of their sensitive personal information or the right to opt in to the use of their sensitive personal information. We do not collect or require you to provide sensitive personal information. 

(d) Right to Revoke Consent. Under certain State Privacy Laws, residents of certain states have the right to revoke consent they previously provided to the processing of their personal information, subject to exceptions provided by applicable law. 

(e) Notice at Collection. At or before the point of collection, notice must be provided to the individual of the categories of personal information collected and the purposes for which such information is used. 

(f) Verifiable Requests to Delete and Requests to Know/Confirm. Subject to certain exceptions, residents of certain states have the right to make the following requests, at no charge:

  • Request to Delete: Residents of certain states have the right to request deletion of their personal information that we have collected about them and to have such personal information deleted, except where an exemption applies.
  • Request to Know/Confirm: Residents of certain states have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of personal information that we have collected about them in the past and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance. Residents of certain states also have the right to request that we provide them certain information about how we have handled their personal information in the past, including the:
    • categories of personal information collected;
    • categories of sources of personal information;
    • business and/or commercial purposes for collecting and selling their personal information;
    • categories of third parties/with whom we have disclosed or shared their personal information;
    • categories of personal information that we have disclosed or shared with a third party for a business purpose;
    • categories of personal information collected; and
    • categories of third parties to whom the residents’ personal information has been sold and the specific categories of personal information sold to each category of third party. 

(g) Right to Appeal. You may appeal our decision with respect to a request you have submitted by emailing us at InfoSec&Compliance@mediaocean.com

Some U.S. states provide you with the right to further appeal our determination to a consumer protection agency located in that state. For example: 

  • Colorado – The Colorado Attorney General’s Office
  • Maryland – Maryland Attorney General Consumer Protection Division
  • Minnesota – Minnesota Attorney General's Office
  • Nebraska – Nebraska Attorney General’s Office
  • New Hampshire – Data Privacy Unit of the Consumer Protection and Antitrust Bureau of the New Hampshire Attorney General’s Office
  • New Jersey - Division of Consumer Affairs in the Department of Law and Public Safety of New Jersey
  • Texas - For denied appeals, visit the Texas Attorney General’s Office, Consumer Protection Division
  • Virginia – For denied appeals, visit the Virginia Attorney General’s Office, Consumer Protection Division 

(h) Right to Non-Discrimination. Certain State Privacy Laws prohibit discrimination against their residents for exercising their rights under applicable state laws. Discrimination may exist where a business denies or provides a different level or quality of goods or services, or charges (or suggests that it will charge) different prices, rates or penalties on residents who exercise their privacy rights, unless doing so is reasonably related to the value provided to the business by the residents’ data. We do not engage in said discrimination practices. 

(i) Authorized Agents. Where permitted by law, you may also authorize an agent (an "Authorized Agent") to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf. Please note that we may ask you or your Authorized Agent for additional information to verify your identity and state of residency before executing your privacy request. 

(j) Financial Incentives. A business may offer financial incentives for the collection, sale, or deletion of certain state residents’ personal information, provided the incentive is not unjust, unreasonable, coercive, or usurious, and is made available in compliance with applicable transparency, informed consent, and opt-out requirements. Residents of certain states have the right to be notified of any financial incentive offers and their material terms, the right to opt-out of such incentives at any time and may not be included in such incentives without their prior informed opt-in consent. We do not offer any financial incentives at this time. 

(k) Exceptions to These Rights. The law provides for certain exceptions to the rights described above. We reserve the right to avail ourselves of these exceptions where applicable. 

 

11.5 Submitting Requests.

Requests to Know, Requests to Delete and Requests to Opt-Out of Sales/Sharing may be submitted by visiting our Privacy Requests Page, or by emailing us at: InfoSec&Compliance@mediaocean.com. We will respond to verifiable requests received from residents of the applicable states as required by law. 

 

11.6 CCPA Metrics for 2024

Pursuant to CCPA Regulation 999.317(g), Mediaocean informs you of the following metrics with respect to the year 2024.  Note: The foregoing numbers are based upon requests received from all individuals and not only from “consumers” as defined under the CCPA. 

a. In 2024, the number of requests to know that Mediaocean received, complied with in whole or in part, or denied: 2, 2, 0. 

b. In 2024, the number of requests to delete that Mediaocean received, complied with in whole or in part, or denied: 46, 46, 0. 

c. In 2024, the number of requests not to sell or share personal information that Mediaocean received, complied with in whole or in part, or denied: 2436, 53, 2383*. 

d. In 2024, the number of requests to limit use of sensitive personal information that Mediaocean received, complied with in whole or in part, or denied: 301, 0, 301*. 

e. The median number of days within which Mediaocean substantively responded to requests to know, requests to delete, requests not to sell or share personal information, and requests to opt-out: 3 

*Mediaocean received a large number of bulk requests from two organizations representing consumers. Mediaocean explained that it is not consumer-facing, and the organization agreed that the requests were inapplicable and that it would not send further requests.

 

12. Complaints 

We will cooperate with the US Department of Commerce, the US Federal Trade Commission, the Office of the Privacy Commissioner of Canada, and other relevant state or provincial agencies and law enforcement and judicial authorities in investigating any privacy complaints or suspected violations of privacy laws or Mediaocean’s privacy commitments, as well as in rectifying any noncompliant practices. Employees or contractors who violate the terms of these principles may be subject to disciplinary consequences up to and including termination of employment or termination or non-renewal of contract, in addition to any other legal measures that may be taken by Mediaocean, its clients, or the affected individuals and their representatives. 

 

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated Privacy Policy on this page with an “effective as of” date. We encourage you to look for updates and changes to this Privacy Policy by checking this page when you access our Website or services. 

 

14. Contact Us

We commit to making appropriate efforts to resolve complaints about privacy and our collection or use of your information. If you have inquiries or complaints regarding this Privacy Policy or the handling of your information, or would like to exercise your privacy rights, please visit our Privacy Requests Page, or contact us at: datasecurity@mediaocean.com 

+1 844 935 0889 

Mediaocean LLC 
120 Broadway 
New York, NY 10271