Lotame’s Products and Services Privacy Policy

Lotame does not provide its Services directly to consumers. Instead, Lotame’s Services help businesses – marketers, advertising agencies, marketing technology platforms and publishers – engage in interest-based advertising and marketing. Interest-based advertising is the practice of delivering relevant content and advertising to people based on their interests, activities, and behaviors.

Lotame Services consist of the following:

• Data Products and Services. Some of our Services allow Lotame’s business clients to utilize personal information to reach the right online audiences for their products and services. To provide these Services, Lotame licenses data from third party providers (including website owners, app owners, data aggregators, data onboarders, and SmartTV manufacturers) and makes this data available to its clients. This data is called “Third Party Data.” Lotame’s business clients use Third Party Data to create audience segments associated with certain interests, behaviors, and attributes (for example, an interest in travel or an interest in sports). These audience segments are associated with Pseudonymous IDs so that clients can send relevant advertisements to consumers on their computers, phones, and other mobile devices.
• SaaS Services. Lotame offers Services that are offered through its software as a service platform, the Lotame Data Management Platform (“DMP”), that Lotame provides to its business clients. These Services provide tools for business clients to collect and organize information about their customers from their own sources – including client websites, mobile applications, advertising campaigns, CRM systems, and data partners – and use this information for marketing purposes. Lotame’s platform provides the tools that facilitate our clients’ collection and export of this data (called, “First Party Data”) and Lotame acts as a ‘data processor’ or ‘service provider’ in processing this data on behalf of and at the direction of our business clients.
• Marketing Technology Services. Lotame has additional Services that help our business clients use personal information to deliver personalized content and advertising to users both online, via computers, phones, and other mobile devices, and offline, via more traditional marketing methods. For example, Lotame helps our business clients identify relationships across computers, phones, and other mobile devices, so that a user can benefit from targeted advertising across multiple devices.

Categories & Sources

Lotame collects, uses, and discloses information that identifies or relates to a specific individual and other information described below in the course of operating its platform and providing the Services to its business clients. This information may or may not be linked to an identifiable individual, as described in this Policy.

Categories of Data Types

Lotame collects, uses, and discloses the following types of information. This information may or may not constitute “personal information” or “personal data” under various Data Protection and Privacy Laws, depending on the context in which the information is collected and any other information to which is linked or linkable.

• Pseudonymous IDs

Pseudonymous IDs include cookies, mobile advertising IDs or MAIDs, TV advertising identifiers, hashed email addresses, IP addresses, or other alpha-numeric identifiers that are provided by our business clients or partners from which we license data, that do not, by themselves, identify a specific individual. To protect privacy, we segregate Direct Identifiers from Pseudonymous IDs, and we use technical and organizational measures to maintain that separation and prevent unauthorized identification of individuals.

• Direct Identifiers

Direct Identifiers include information that relates specifically to an individual such as the individual’s name, government identification number or code, telephone number, or e-mail address. 

Currently, Lotame only collects, uses, and discloses e-mail addresses when provided by our business clients or data licensees. When Lotame does receive e-mail addresses, to protect privacy, we tokenize e-mail addresses, segregate e-mail addresses from Pseudonymous IDs, and use technical and organizational measures and controls to maintain that separation and prevent unauthorized identification of individuals using e-mail addresses. 

• Attribute Information

Attribute Information includes attributes, behaviors, preferences, interests, and other characteristics of an individual or inferred about an individual based on that individual’s location, intent data, socio-demographic data, purchase data, browsing, survey data, and other data that corresponds to a particular use of or visit to a website or application by that individual.

• Non-Precision Geolocation Data

Non-precise Geolocation Data means data that approximates location, such as postal code/zip code.  

• Log Data, including Internet Log Data, and Event Data

Internet Log Data includes data that is automatically sent by an individual’s browser or device in order to communicate with servers, such as the URL of the page requested, IP Address, browser or device type, language, operating system information, mobile service provider, date, and time stamps.

Event Data includes data about ads an individual sees (advertiser ID, campaign ID), where and when the individual sees the ad (date/time stamp, URL), and how the individual reacts to the ads (click, hover, convert, etc.).

Categories of Data Sources

Lotame collects the categories of data types identified above from:

• Our business clients, who provide the personal information of their customers or users of their websites and apps to Lotame for our use in connection with their use of our Services
• Our data licensors and other reputable providers of licensed aggregated data, which may be derived from public and non-public sources and from individuals, such as survey respondents who affirmatively agree to the data uses.

How We Collect Data

Lotame collects First Party Data and Third Party Data via many methods, including cookies, JavaScript, pixel tags, SDKs (software development kits), secure file transfers, and server to server connections. Lotame pixel tags generally appear as “third party tags.” These methods allow Lotame to collect information from websites that are owned or operated by our business clients and data licensors.

Lotame analyzes the information it collects and receives, and organizes it into user groups and audiences, based on factors such as age, gender, geography, interests, and online actions. Our business clients and partners then use the Lotame-created user groups and audiences, along with information about the possible relationships among different browsers and devices, to design and deliver customized advertising campaigns or other relevant content to users on their computers, phones, and other mobile devices. Clients can combine Third Party Data with their own First Party Data when using Lotame’s SaaS and Marketing Technology Services. Our business clients and partners may also analyze and organize the underlying data to create custom user groups and audiences.

Lotame uses the information it collects and receives to:

• Identify relationships between different browsers and devices
• Analyze the effectiveness of online advertising campaigns
• Provide aggregated information about user interests
• Attribute user interests to browsers and devices
• Test the accuracy of certain products, including cross-device matching
• Determine the overlap in First Party and Third Party data sets
• Create pre-packaged audience segments
• Create modeled audience segments and products

Lotame’s clients generally use First Party Data, along with Third Party Data provided by Lotame, to:

• Deliver targeted advertising campaigns to users across devices
• Serve targeted content to users across devices
• Analyze and improve the effectiveness of online advertising campaigns
• Create data-driven marketing products, including models

In addition to sharing certain data as directed by clients, we may share information that is non-personal or pseudonymized with other clients and third party companies such as advertisers, agencies, ad networks, or exchanges, to provide Services to our clients and to enable our clients and those third parties to analyze user behaviors or to customize the ads that consumers see online. In addition, we may provide access to information we collect to other service providers. To the extent we have any personal information, we share such information with service providers or third party marketing partners who will only utilize the information to provide their services to us or for our clients.

If our company is sold, assigned, transferred, merged, files for bankruptcy protection, sells all or a portion of its assets or undergoes some other change to its corporate form, information may be transferred as part of that transaction or change, including in connection with a due diligence process. We may also release information in order to comply with requests from law enforcement, government agencies, and similar entities, or to otherwise protect Lotame, our clients, and users.

Political Data

Lotame creates and shares audience segments consisting of political data for jurisdictions outside of the European Economic Area. For a list of the political segments we offer through our Online Advertising Data Products and Services, click here.

Sensitive Data

Lotame does not knowingly collect information or create or share general audience segments that are classified by the Network Advertising Initiative (“NAI”) as Sensitive Information (as defined in the NAI Code of Conduct).

For a list of the non-sensitive health-related segments we offer through our Data Products and Services, click here.

Lotame does not create or share EEA audience segments that are classified by the General Data Protection Regulation as Sensitive Personal Data.

Children

Lotame does not generate pre-packaged audience segments that are targeted to children under the age of 16.

Lotame provides individuals with the ability to opt-out of the collection and use of their information for interest-based advertising for all of Lotame’s Services. 

For California residents, Part 8 contains information related to their right to opt-out of sale of personal information.

Opt-Out of Interest-Based Advertising

The following information provides instructions on how individuals can opt-out of Interest-Based Advertising from cookies, in mobile applications, and across devices. Please note that opting out of Lotame’s processing of your data does not mean you will block online advertising altogether or see fewer ads. It simply means that the ads that you see will not be personalized for you. Ads may be served because they relate to the website you are visiting or to your current search, or they may just be randomly placed. Also, your choice to use any of our opt-out tools will not affect ads placed by any other organization.

Also, after choosing to opt-out via any of the methods below, if you use a different device or a different browser, or if you delete browser cookies, you may need to repeat the opt-out steps for that particular device or browser. In addition, if you block cookies on your browser or if third-party cookies are blocked by default, some of the opt-out tools above may not function.

Browser Opt-Out

For Lotame Only. To opt-out of the collection and use of data by Lotame for online Interest-Based Advertising on your browser (including a mobile browser if third-party cookies are enabled for that browser), you can click here and follow the instructions provided. Your opt-out choice is applied only to the browser from which you make the choice. Lotame’s browser opt-out is cookie-based so if cookies are blocked by your browser or you have deleted cookies from your browser, you will no longer be opted-out and you may need to opt-out again. Please note that even after you opt-out of the use of your information by Lotame for Interest-Based Advertising, Lotame may continue to collect and use such information for clients, because our clients use their own cookie, which is not affected by the Lotame browser opt-out, or for other purposes, including analytics and research. Additionally, should you elect to opt-out, you will still receive ads, but these ads may be less relevant to your interests.

Interest-Based Advertising, Generally. You can opt-out of the collection of data across unaffiliated sites over time for Interest-Based Advertising and other purposes from companies participating in the Digital Advertising Alliance Consumer Choice Page at www.aboutads.info/choices and from members of the Network Advertising Initiative via www.networkadvertising.org/choices.

Mobile Applications Opt-Out

To opt-out of the collection and use of data for interest-based advertising on your mobile device, you can modify the settings on your mobile device. Please note that the specific opt-out instructions for each device may differ depending on which version of the operating system software you are running.

For Apple Devices: Go to Settings, Select Privacy, Select Advertising, and enable the “Limit Ad Tracking” setting.

For Android Devices: Open the Google Settings App, Select Ads, and enable the “Opt out of interest-based advertising” setting.

Alternatively, you may wish to download the TrustE mobile application and/or the Digital Advertising Alliance “App Choices” mobile application and follow the instructions provided. You may opt-out of the collection and use of data by Lotame specifically, or by all companies that offer a mobile application opt-out via the TrustE or AppChoices app. Your opt-out choice is applied only to the collection of data from applications on the device from which you opt-out.

Television Opt-Out

Lotame licenses television viewership data from third parties that offer smart TVs and video streaming devices. Instructions on how to opt-out from many popular smart TVs and video streaming devices are available here.

European Opt-Out

In Europe, you can opt-out via the IAB Europe’s industry opt-out at www.youronlinechoices.eu.

Do Not Track

When you browse the web, your browser can send a request to websites to not collect or track your browsing data (“Do Not Track”). In some browsers, that standing request may even be turned on by default. Standards regarding how to interpret and implement a “Do Not Track” signal are not currently defined, which means different websites, publishers, data providers, or ad technology companies that work with Lotame or use its technology may request that we interpret the signal differently. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Lotame transfers the data it collects in the European Union, European Economic Area, United Kingdom, and Switzerland to the United States for processing. Lotame processes the data as described in this Policy, in accordance with the EU’s General Data Protection Regulation (GDPR) and the agreements with our business clients. 

Lotame has certain responsibilities as both a data controller and a data processor under the European Union’s General Data Protection Regulation (“GDPR”). We have worked cooperatively with clients and partners to address these responsibilities and have updated our policies and procedures to address GDPR. We have made certain enhancements to our products and services to address GDPR and will continue to operate according to the principles of “privacy by design”. 

Legal Basis for Processing

Lotame’s legal basis for processing an individual’s personal information is consent, which is given by individuals to our business clients and data licensors and provided to Lotame via the IAB Europe Transparency & Consent Framework or directly to Lotame using Lotame’s Consent API. 

IAB Europe Transparency & Consent Framework

Lotame participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. Lotame’s identification number within the framework is 95. For additional information about the IAB Europe Transparency & Consent Framework, and the obligations of participating vendors, please click here.

Privacy Shield

While Lotame no longer relies on EU-U.S. and Swiss-U.S. Privacy Shield as a lawful basis for international transfers of personal information from EU/EEA and Switzerland to the U.S., Lotame remains certified under both EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the EU/EEA, the UK and Switzerland to the United States, (each a “Privacy Shield Framework”). To learn more about the Privacy Shield program please visit https://www.privacyshield.gov/. Lotame’s certification can be viewed here.

In compliance with the Privacy Shield Principles, Lotame commits to resolving complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Lotame at:

Lotame Privacy Team

8850 Stanford Blvd, Suite 4000

Columbia, MD 21045

Email: privacy@lotame.com

If you do not receive a timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please visit ANA’s Privacy Shield Dispute Resolution. The services of ANA are provided at no cost to you.

Lotame is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). Under certain conditions, more fully described on the Privacy Shield website here, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Subject Access Requests

EEA residents have the right to request certain information from Lotame, including without limitation, the right to ask what personal information Lotame has collected, and the right to ask that Lotame correct this personal information if it is believed to be inaccurate.

EEA residents should first visit the Lotame Privacy Manager, which provides information to consumers about how Lotame uses personal information in connection with its Data Products and Services and displays Third Party Data associated with the device viewing the Lotame Privacy Manager, as well as any devices that are connected to this device through Lotame’s cross-device technology. Specifically, the Lotame Privacy Manager displays audience segments that show Attribute Data associated with the particular device, as well as any connected devices. A visitor to the Privacy Manager may see different segments displayed when viewing the Privacy Manager from a different browser, computer, or device. EEA residents may also opt-out of our use of cookies for online advertising at: www.youronlinechoices.eu

Brazil residents have the right to request certain information from Lotame, including without limitation, the right to ask what personal information Lotame has collected on you, and the right to ask that Lotame correct this personal information if you believe it to be inaccurate.

Brazil residents should first visit the Lotame Privacy Manager, which provides information to consumers about how Lotame uses personal information in connection with its Data Products and Services and displays Third Party Data associated with the device viewing the Lotame Privacy Manager, as well as any devices that are connected to this device through Lotame’s cross-device technology. Specifically, the Lotame Privacy Manager displays audience segments that show interests, behaviors, and attributes associated with this particular device, as well as any connected devices. You will see different segments displayed when viewing the Privacy Manager from a different browser, computer, or device.

If you are a California resident, California law, including the California Consumer Privacy Act of 2018 (“CCPA”) and California Civil Code section 1798.83, provides you with additional rights regarding our collection, disclosure and, if applicable, sale of your personal information.

Collection of Personal Information

Categories of Personal Information Collected (corresponds to categories listed in CCPA §1798.140(o)(1))

Personal Information Sources

See Part 2: What Information We Collect & How We Collect It, listing the sources of Personal Information.

Purposes for Which Personal Information is Collected

See Part 3: How we Use Your Information, setting forth the purposes for which Lotame uses Personal Information.

Categories of Third Parties with whom Personal Information is Shared

See Part 4: How We Share Your Information, setting forth the categories of third parties with whom Lotame may share Personal Information. For Lotame’s SaaS clients, Lotame will only share Personal Information collected on behalf of that client with third parties requested by the client.

Disclosure or Sale of Personal Information

Categories of Personal Information Disclosed or Sold (corresponds to categories listed in CCPA §1798.140(o)(1))

In the preceding 12 months, Lotame has disclosed the following categories of Personal Information for performing services on behalf of a client as their service provider and sold the following categories of Personal Information for conducting analytics or use in interest-based advertising or other marketing purposes for:

Category A: Identifiers

Category F: Internet or other electronic network activity information

Category G: Geolocation data

Category K: Inferences

Sale of Personal Information of Minors Under 16 Years of Age

Lotame does not knowingly sell Personal Information of minors under 16 years of age (“Minors”). Lotame contractually prohibits businesses that license data to us from transmitting to Lotame Personal Information of Minors and have procedures in place to ensure compliance with this requirement.

Your Consumer Rights Under the CCPA

Under CCPA, you may have the following consumer rights. Please note that these rights are not absolute and in certain cases are subject to conditions or limitations as specified in the CCPA:

Right to Know

You have the right to request, at no charge, that we disclose to you the categories and specific pieces of Personal Information Lotame has collected about you in the prior 12 months, including:

• categories of Personal Information collected about you;
• categories of sources from which we collected your Personal Information;
• business and/or commercial purposes for collecting and disclosing your Personal Information; 
• categories of third parties to/with whom your Personal Information has been disclosed/shared, including for a business purpose; and
• the specific pieces of Personal Information collected about you.

You have the right to obtain the above information, in a portable and (if technically feasible) readily usable format.

Right of Deletion

You have the right to request the deletion of your Personal Information we have collected about you. This right may be subject to certain conditions and limitations under CCPA.

Right to Opt-Out of Sale

You have the right to opt-out of sale of your Personal Information we have collected about you.

Right to be Free from Discrimination

You may exercise all of the above rights at any time and Lotame will not unlawfully discriminate against you for exercising your rights under CCPA.

Submitting a Request to Exercise Your Rights

You may exercise any of your rights as set out above, by submitting a request as set forth below. You may be required to provide additional information to verify your identity and request before further action is taken. Please note that when submitting the following requests, Lotame is only able to apply your request to Personal Information that we use in our Data Products and Services, where we act as a business. For our clients where Lotame acts as a service provider, Lotame will inform our client of your request.

Exercising Your Right to Know, to Delete, and to Opt-Out of Sale

You may exercise any of your rights as set out above by:

• calling 1-833-269-2618 and following the instructions provided
• by submitting a request using our Privacy Manager,; or

You may also exercise your right to opt-out of sale by clicking the following link: DO NOT SELL MY PERSONAL INFORMATION

Lotame verifies your request based upon the browser you are using to access the Privacy Manager or, if providing an IDFA/GAID of your device, by requesting an attestation.

Appointing an Authorized Agent to Submit a Request on Your Behalf

You may use an authorized agent to submit a request to know or delete on your behalf. If you authorize an agent to make a request for you, the agent will be required to provide Lotame with written proof of your authorization and verification of your identity.

Security and Confidentiality

Lotame has implemented (and requires its subprocessors or subcontractors to maintain) appropriate physical, administrative, and technical measures that are designed to help protect the data that Lotame collects or receives in connection with its Services from unauthorized access, disclosure, or modification. However, no security procedures or protocols can be guaranteed to be completely secure and we therefore cannot ensure or warrant the security of any information we collect or store. In accordance with internal policies, Lotame promptly evaluates and responds to all security incidents.

Data Retention

Lotame generally retains the non-personal user data we collect for all of our products and services for purposes of interest-based advertising for up to thirteen months from the date of its collection. In limited cases, where a client has a legitimate business purpose for requesting a longer retention timeline, Lotame will retain non-personal user data for the client’s use for up to eighteen months.

Lotame will review and update this Policy periodically in response to changing legal, technical, and business developments. If we change this Policy, we will provide notice by posting the new policy here, changing the date at the top, and indicating on our homepage that this Policy has been updated.

To contact us with any questions, comments, or suggestions, please email us at privacy@lotame.com or write to us at Lotame Solutions, Inc., 8890 McGaw Road Suite 250
Columbia, MD 21045 Attention: Legal Department.

Cookie: A cookie is a small file of information that is stored on your hard drive when you visit a website using a particular browser. Cookies are used to store and receive information about a user’s activities on a particular website.

Data Protection and Privacy Laws: Any laws and regulations relating to (1) data privacy, data protection, or data retention, (2) regulatory statements, regulatory guidance, or enforcement action decisions that have the effect of laws or regulations, and (3) governmental frameworks adopted for extra-territorial transfers of personal data or personal information.

Pixel Tags: A pixel tag is an invisible image or block of code that allows a website owner or third party to “drop” cookies and collect certain information about a user’s activities on a particular website.

IP Address: An IP address is a series of numbers that can be used to identify a particular device on a computer network. An IP address provides a general location of a device, but not a specific street address.

Advertising Identifiers: Advertising identifiers are unique identification numbers assigned to your mobile device by the hardware manufacturer. IDFA is the advertising identifier for Apple devices and AAID is the advertising identifier for Android devices. Advertising identifiers are used to identify devices and collect certain information about a user’s activities on a mobile device.

Hashed Email Address: A hashed email address is an email address that has been transformed into a string of numbers and letters. There are several hashing formats. But, for example, john@lotame.com, when hashed might look like this: b5b2fc6f4cef.