Effective as of 22 March 2021
Contact Information: Mediaocean Systems Ltd, Blue Fin Building, 110 Southwark Street, London SE1 0TA UK; InfoSec&Compliance@mediaocean.com
Below you will find more information about the Services we provide to our clients. In the situations described below our clients will be considered the data controller, since they determine the purposes and means of the processing of personal data. This means that our clients will inform you separately about the processing when your personal data is involved. Moreover, the information we process in connection with the Services described below does not enable us to directly or indirectly identify a natural person.
Our services (Closed ecosystems solution)
Our Services include developing proprietary and custom audiences based on proprietary and client provide data that our clients may use for to deliver advertising to you, identifying television programming that is more likely to be viewed by a client’s target audience, measuring the performance of advertising campaigns, and estimating the number of households that were exposed to a specific brand advertisement, among other Services. To provide these Services, we may combine data that we receive from third parties and correlate that data with information that we collect from social media companies and directly from other online sources. We may also correlate data that we receive from third party partners with hashed customer lists to provide Services to the client that provided us with the hashed customer list.
In addition, we provide services such as support and training to ensure that our users know how to use and get the best out of our closed ecosystems solution. In providing these ancillary services, we may collect the following types of information about our users:
- Your name, your email address and other business contact details;
- Your training profile, including details of courses you’ve attended and courses that you’re due to complete;
- Information that you provide by filling in forms on www.mediaocean.com (our website) or on Mediaocean Support; when you contact us, or when we contact you;
- If you contact us, we keep a record of that correspondence; if you call our Support team, we retain a recording of the phone call for a limited period for training purposes;
- Records of pages and features you’ve used within closed ecosystems (including the data you’ve entered into those applications)
- Results from surveys that we may ask you to complete for research purposes, although you don’t have to respond to them; and
- Details of your visits to our websites including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access. We may collect information about your computer, including your IP address, operating system and browser type, for system administration.
For more information about how we store, process, safeguard and share user personal information, please refer back to our main privacy notice.
Information provided by third-party partners
To provide Services to our clients, we rely on certain data provided to us by third parties. This data may include information about how individuals engage with social media, identifiers provided by social media companies, the television programs and advertising that individuals view on their televisions or devices, and other demographic information about individuals. This information is linked to hashed identifiers, which allow us to associate the data that we receive from various third party data providers without identifying the subject of the data. For a description of what it means to hash an identifier, please see the section below.
We may also receive unhashed IP addresses from certain third-party partners. We may associate these IP addresses with any other information that we receive from our third-party partners, which may allow us to identify possible relationships among different browsers and devices. We use this data to help our clients direct advertisements to their intended audiences on connected televisions.
Additionally, we may receive modeled audience segments that are developed by third parties using location information and information about the applications you use.
Information provided by our clients
Our clients may also provide us with hashed customer lists to provide certain Services to that client. If a client provides us with an unhashed customer list, we hash the list on our client’s behalf before using the list for the purpose that the client provided it to us. When we receive hashed customer lists from our clients, each customer’s name has been replaced by a string of numbers and letters that represent the hash of that person’s name. When a specific value is hashed, it provides the same randomized output each time it is hashed. Because the customer lists that we may receive from our clients are hashed, we are not able to identify the names of the customers on these lists. We may correlate the hashed customer lists with data we collect from third parties, as described above.
Information we collect for our services
We may collect information about your visits to our clients’ web properties over time through cookies, pixels, or other similar technologies. We collect information such as IP addresses, the website you visited, the date and time of your visit, and other identifiers that relate to advertising you may have seen from our client. We use this information in order to measure the effectiveness of advertising campaigns, and to help our clients improve their advertising activities through our Services. We also combine this information with other information we collect or receive as described in this policy. We also use this information, and the combined information, to deliver relevant advertising on behalf of our clients to browsers and mobile devices. To learn more about how to control that advertising activity see the Ad Choices section below.
We use the information we collect and receive as part of our services from various non-affiliated websites and mobile applications from web browsers and mobile devices you use, and that we associate together, to make inferences about what advertisements may be of interest to the users of those devices and deliver relevant advertisements to those browsers and devices based on those inferences. This activity is known as interest-based advertising.
If you would like to learn more about interest-based advertising, and to opt out of the collection, use and transfer of information for interest-based advertising by Mediaocean and by other companies that participate in the Digital Advertising Alliance’s (“DAA”) WebChoices tool, , please visit https://optout.aboutads.info/. If you would like to make those choices about interest-based advertising for your mobile device, you can do so for companies that participate in the DAA’s AppChoices tool by downloading the relevant app from www.youradchoices.com/appchoices. We adhere to the DAA’s Self-Regulatory Principles.
When you make your choices on your browser or device using these choice tools, we will stop collecting and using data from that browser or device for IBA. We will also stop using data collected from the opted-out browser or device on other browsers or devices associated with it and will stop using data collected from those associated browsers or devices for interest-based advertising on the opted-out browser or device. Please note that if you delete your browser’s cookies, reset your mobile device ID, or use multiple browsers and devices you will need to make your choices again. You will still receive advertisements following an opt-out, but that advertising may be less relevant to your interests. We and other companies may still collect information from your browser or device for non-interest based advertising purposes, such as analytics, after you opt-out.
How we store your information
Personal Information processed in our hosted systems is stored at our secure data centres in the US. Details of current locations and Sub-processors are published via our Support portal.
Staff involved in support, engineering and technical operations may be based in any location where Mediaocean group companies have offices (Australia, Canada, France, Germany, Netherlands, India, Malaysia, Singapore, UK, USA). So please be aware that our staff may access your data from any of those locations. However, staff are only given access to the data if they need it in order to be able to do their jobs, and only if they have completed mandatory training on security procedures. Data transfer agreements (including the EU standard contractual clauses) have been put in place with all Mediaocean entities within the group to ensure protection of Personal Information in line with European data protection requirements.
We retain Personal Information within our hosted systems in accordance with Mediaocean’s Data and Document Retention Policies. These policies define retention rules based on the nature of the information and the purpose for which it is required. We destroy or dispose of all Personal Information securely when it is no longer needed.
How we keep your information secure
Mediaocean has a documented Information Security policy and we have implemented technical and organizational security measures to ensure the confidentiality, availability and integrity of Personal Information within our hosted systems. These include:
- logical access controls
- network security configurations
- physical access controls
- system software support and change control procedures
- processing integrity measures including logging & monitoring systems
- data retention practices including data replication, virtual and physical back-ups
- resilience, recovery and continuity planning
- applications software development and change control procedures
- incident management
Your rights under this policy
The EU General Data Protection Regulation guarantees Data Subjects’ rights with respect to their Personal Information. This includes rights to information about the data being held about you, to correct inaccurate information, to ask for the data to be deleted or to object to its processing, and to withdraw consent that you have previously given. If you wish to exercise any of these rights in respect of the Personal Information within our hosted systems, please contact the client company as they are the Data Controller. Mediaocean will not be able to respond to Data Subject requests regarding Personal Information in our hosted systems without authorisation from our client.
Children under the age of 13
Our hosted services are not intended for children under 13 years of age. No one under age 13 may provide any Personal Information to or on the website. We do not knowingly collect Personal Information from children under 13. If you are under 13, do not use or provide any information on this website or on or through any of its features. If we learn we have collected or received Personal Information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at Infosec&Compliance@mediaocean.com.
We will cooperate with your local Supervisory Authority, for example the Information Commissioner’s Office and any other relevant government agencies, and law enforcement and judicial authorities in investigating any privacy complaints or suspected violations of privacy laws or Mediaocean’s privacy commitments, as well as in rectifying any noncompliant practices. Employees or contractors who violate the terms of these principles may be subject to disciplinary consequences up to and including termination of employment or termination or non-renewal of contract, in addition to any other legal measures that may be taken by Mediaocean, its clients, or the affected individuals and their representatives.
- Personal Information is any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier, regardless of the medium or format in which the information is stored.
- A Data Controller is a party or entity that determines the purposes and means of the processing of Personal Information. A company functions as a data controller when it decides how such information is to be used, and then uses that information accordingly.
- A Data Processor is a party or entity that processes Personal Information on behalf of a Data Controller. A company functions as a Data Processor when it acts as an agent of another company, following its instructions as to how that information should be handled and processed.
- Sensitive Information consists of Special Categories of Personal Data as defined by the EU General Data Protection Regulation, that is, information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric data, health information, or sex life/orientation.
- A Sub-processor is a Data Processor who has been engaged by the Data Processor to carry out specific processing activities on behalf of the controller.
- A Supervisory Authority is an independent public authority which is established by an EU Member State in order to monitor the application of EU Data Protection law.
- A Third Party is an entity or person other than you, Mediaocean or its clients.