Last updated and effective as of August 26, 2022.
This Policy applies only to information that we process on behalf of our business clients (where we act as a ‘data processor’ or ‘service provider’) or for our own purposes (for example, as a ‘data controller’ or a ‘business’) in connection with our Services. This Policy does not cover any information we collect or process from our corporate website, which is covered by our site privacy notices available here.
As part of its commitment to privacy, Lotame adheres to both the DAA Self-Regulatory Principles and the eDAA’s European Principles for Online Behavioral Advertising. Lotame is also a member of the NAI and adheres to the NAI Code of Conduct. Please visit our Memberships, Affiliations and Oversight page to learn more about Lotame’s participation in the EDAA, DAA, NAI, and other self-regulatory organizations.
If you have any questions or concerns regarding this Policy, you may write to us at firstname.lastname@example.org or by mail to: Chief Privacy Officer, Lotame Solutions, Inc., 8850 Stanford Blvd., Suite 4000, Columbia, MD, USA.
Lotame does not provide its Services directly to consumers. Instead, Lotame’s Services help businesses – marketers, advertising agencies, marketing technology platforms and publishers – engage in interest-based advertising and marketing. Interest-based advertising is the practice of delivering relevant content and advertising to people based on their interests, activities, and behaviors.
Lotame Services consist of the following:
Lotame collects, uses, and discloses information that identifies or relates to a specific individual and other information described below in the course of operating its platform and providing the Services to its business clients. This information may or may not be linked to an identifiable individual, as described in this Policy.
Lotame collects, uses, and discloses the following types of information. This information may or may not constitute “personal information” or “personal data” under various Data Protection and Privacy Laws, depending on the context in which the information is collected and any other information to which is linked or linkable.
Pseudonymous IDs include cookies, mobile advertising IDs or MAIDs, TV advertising identifiers, hashed email addresses, IP addresses, or other alpha-numeric identifiers that are provided by our business clients or partners from which we license data, that do not, by themselves, identify a specific individual. To protect privacy, we segregate Direct Identifiers from Pseudonymous IDs, and we use technical and organizational measures to maintain that separation and prevent unauthorized identification of individuals.
Direct Identifiers include information that relates specifically to an individual such as the individual’s name, government identification number or code, telephone number, or e-mail address.
Currently, Lotame only collects, uses, and discloses e-mail addresses when provided by our business clients or data licensees. When Lotame does receive e-mail addresses, to protect privacy, we tokenize e-mail addresses, segregate e-mail addresses from Pseudonymous IDs, and use technical and organizational measures and controls to maintain that separation and prevent unauthorized identification of individuals using e-mail addresses.
Attribute Information includes attributes, behaviors, preferences, interests, and other characteristics of an individual or inferred about an individual based on that individual’s location, intent data, socio-demographic data, purchase data, browsing, survey data, and other data that corresponds to a particular use of or visit to a website or application by that individual.
Non-precise Geolocation Data means data that approximates location, such as postal code/zip code.
Internet Log Data includes data that is automatically sent by an individual’s browser or device in order to communicate with servers, such as the URL of the page requested, IP Address, browser or device type, language, operating system information, mobile service provider, date, and time stamps.
Event Data includes data about ads an individual sees (advertiser ID, campaign ID), where and when the individual sees the ad (date/time stamp, URL), and how the individual reacts to the ads (click, hover, convert, etc.).
Lotame collects the categories of data types identified above from:
Lotame analyzes the information it collects and receives, and organizes it into user groups and audiences, based on factors such as age, gender, geography, interests, and online actions. Our business clients and partners then use the Lotame-created user groups and audiences, along with information about the possible relationships among different browsers and devices, to design and deliver customized advertising campaigns or other relevant content to users on their computers, phones, and other mobile devices. Clients can combine Third Party Data with their own First Party Data when using Lotame’s SaaS and Marketing Technology Services. Our business clients and partners may also analyze and organize the underlying data to create custom user groups and audiences.
Lotame uses the information it collects and receives to:
Lotame’s clients generally use First Party Data, along with Third Party Data provided by Lotame, to:
In addition to sharing certain data as directed by clients, we may share information that is non-personal or pseudonymized with other clients and third party companies such as advertisers, agencies, ad networks, or exchanges, to provide Services to our clients and to enable our clients and those third parties to analyze user behaviors or to customize the ads that consumers see online. In addition, we may provide access to information we collect to other service providers. To the extent we have any personal information, we share such information with service providers or third party marketing partners who will only utilize the information to provide their services to us or for our clients.
If our company is sold, assigned, transferred, merged, files for bankruptcy protection, sells all or a portion of its assets or undergoes some other change to its corporate form, information may be transferred as part of that transaction or change, including in connection with a due diligence process. We may also release information in order to comply with requests from law enforcement, government agencies, and similar entities, or to otherwise protect Lotame, our clients, and users.
Lotame creates and shares audience segments consisting of political data for jurisdictions outside of the European Economic Area. For a list of the political segments we offer through our Online Advertising Data Products and Services, click here.
Lotame does not knowingly collect information or create or share general audience segments that are classified by the Network Advertising Initiative (“NAI”) as Sensitive Information (as defined in the NAI Code of Conduct).
For a list of the non-sensitive health-related segments we offer through our Data Products and Services, click here.
Lotame does not create or share EEA audience segments that are classified by the General Data Protection Regulation as Sensitive Personal Data.
Lotame does not generate pre-packaged audience segments that are targeted to children under the age of 16.
Lotame provides individuals with the ability to opt-out of the collection and use of their information for interest-based advertising for all of Lotame’s Services.
For California residents, Part 8 contains information related to their right to opt-out of sale of personal information.
The following information provides instructions on how individuals can opt-out of Interest-Based Advertising from cookies, in mobile applications, and across devices. Please note that opting out of Lotame’s processing of your data does not mean you will block online advertising altogether or see fewer ads. It simply means that the ads that you see will not be personalized for you. Ads may be served because they relate to the website you are visiting or to your current search, or they may just be randomly placed. Also, your choice to use any of our opt-out tools will not affect ads placed by any other organization.
Also, after choosing to opt-out via any of the methods below, if you use a different device or a different browser, or if you delete browser cookies, you may need to repeat the opt-out steps for that particular device or browser. In addition, if you block cookies on your browser or if third-party cookies are blocked by default, some of the opt-out tools above may not function.
For Lotame Only. To opt-out of the collection and use of data by Lotame for online Interest-Based Advertising on your browser (including a mobile browser if third-party cookies are enabled for that browser), you can click here and follow the instructions provided. Your opt-out choice is applied only to the browser from which you make the choice. Lotame’s browser opt-out is cookie-based so if cookies are blocked by your browser or you have deleted cookies from your browser, you will no longer be opted-out and you may need to opt-out again. Please note that even after you opt-out of the use of your information by Lotame for Interest-Based Advertising, Lotame may continue to collect and use such information for clients, because our clients use their own cookie, which is not affected by the Lotame browser opt-out, or for other purposes, including analytics and research. Additionally, should you elect to opt-out, you will still receive ads, but these ads may be less relevant to your interests.
Interest-Based Advertising, Generally. You can opt-out of the collection of data across unaffiliated sites over time for Interest-Based Advertising and other purposes from companies participating in the Digital Advertising Alliance Consumer Choice Page at www.aboutads.info/choices and from members of the Network Advertising Initiative via www.networkadvertising.org/choices.
To opt-out of the collection and use of data for interest-based advertising on your mobile device, you can modify the settings on your mobile device. Please note that the specific opt-out instructions for each device may differ depending on which version of the operating system software you are running.
For Apple Devices: Go to Settings, Select Privacy, Select Advertising, and enable the “Limit Ad Tracking” setting.
For Android Devices: Open the Google Settings App, Select Ads, and enable the “Opt out of interest-based advertising” setting.
Alternatively, you may wish to download the TrustE mobile application and/or the Digital Advertising Alliance “App Choices” mobile application and follow the instructions provided. You may opt-out of the collection and use of data by Lotame specifically, or by all companies that offer a mobile application opt-out via the TrustE or AppChoices app. Your opt-out choice is applied only to the collection of data from applications on the device from which you opt-out.
Lotame licenses television viewership data from third parties that offer smart TVs and video streaming devices. Instructions on how to opt-out from many popular smart TVs and video streaming devices are available here.
In Europe, you can opt-out via the IAB Europe’s industry opt-out at www.youronlinechoices.eu.
When you browse the web, your browser can send a request to websites to not collect or track your browsing data (“Do Not Track”). In some browsers, that standing request may even be turned on by default. Standards regarding how to interpret and implement a “Do Not Track” signal are not currently defined, which means different websites, publishers, data providers, or ad technology companies that work with Lotame or use its technology may request that we interpret the signal differently. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Lotame transfers the data it collects in the European Union, European Economic Area, United Kingdom, and Switzerland to the United States for processing. Lotame processes the data as described in this Policy, in accordance with the EU’s General Data Protection Regulation (GDPR) and the agreements with our business clients.
Lotame has certain responsibilities as both a data controller and a data processor under the European Union’s General Data Protection Regulation (“GDPR”). We have worked cooperatively with clients and partners to address these responsibilities and have updated our policies and procedures to address GDPR. We have made certain enhancements to our products and services to address GDPR and will continue to operate according to the principles of “privacy by design”.
Lotame’s legal basis for processing an individual’s personal information is consent, which is given by individuals to our business clients and data licensors and provided to Lotame via the IAB Europe Transparency & Consent Framework or directly to Lotame using Lotame’s Consent API.
Lotame participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. Lotame’s identification number within the framework is 95. For additional information about the IAB Europe Transparency & Consent Framework, and the obligations of participating vendors, please click here.
While Lotame no longer relies on EU-U.S. and Swiss-U.S. Privacy Shield as a lawful basis for international transfers of personal information from EU/EEA and Switzerland to the U.S., Lotame remains certified under both EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the EU/EEA, the UK and Switzerland to the United States, (each a “Privacy Shield Framework”). To learn more about the Privacy Shield program please visit https://www.privacyshield.gov/. Lotame’s certification can be viewed here.
In compliance with the Privacy Shield Principles, Lotame commits to resolving complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Lotame at:
Lotame Privacy Team
8850 Stanford Blvd, Suite 4000
Columbia, MD 21045
If you do not receive a timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please visit ANA’s Privacy Shield Dispute Resolution. The services of ANA are provided at no cost to you.
Lotame is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). Under certain conditions, more fully described on the Privacy Shield website here, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
EEA residents have the right to request certain information from Lotame, including without limitation, the right to ask what personal information Lotame has collected, and the right to ask that Lotame correct this personal information if it is believed to be inaccurate.
Brazil residents have the right to request certain information from Lotame, including without limitation, the right to ask what personal information Lotame has collected on you, and the right to ask that Lotame correct this personal information if you believe it to be inaccurate.
Brazil residents should first visit the Lotame Privacy Manager, which provides information to consumers about how Lotame uses personal information in connection with its Data Products and Services and displays Third Party Data associated with the device viewing the Lotame Privacy Manager, as well as any devices that are connected to this device through Lotame’s cross-device technology. Specifically, the Lotame Privacy Manager displays audience segments that show interests, behaviors, and attributes associated with this particular device, as well as any connected devices. You will see different segments displayed when viewing the Privacy Manager from a different browser, computer, or device.
If you are a California resident, California law, including the California Consumer Privacy Act of 2018 (“CCPA”) and California Civil Code section 1798.83, provides you with additional rights regarding our collection, disclosure and, if applicable, sale of your personal information.
|Lotame has collected the following categories of Personal Information in the preceding 12 months as a ‘service provider’ on behalf of its SaaS clients and as a ‘business’ from entities from which Lotame licenses Personal Information: Category A: Identifiers||Unique personal identifier, online identifier, Internet Protocol address|
|Category F: Internet or other electronic network activity information||Interaction with our client’s or licensee’s web sites, applications, or advertisements|
|Category G: Geolocation data||Approximate physical location (derived from an Internet Protocol address)|
|Category K: Inferences||Consumer preferences, characteristics, behaviors|
See Part 2: What Information We Collect & How We Collect It, listing the sources of Personal Information.
See Part 3: How we Use Your Information, setting forth the purposes for which Lotame uses Personal Information.
See Part 4: How We Share Your Information, setting forth the categories of third parties with whom Lotame may share Personal Information. For Lotame’s SaaS clients, Lotame will only share Personal Information collected on behalf of that client with third parties requested by the client.
In the preceding 12 months, Lotame has disclosed the following categories of Personal Information for performing services on behalf of a client as their service provider and sold the following categories of Personal Information for conducting analytics or use in interest-based advertising or other marketing purposes for:
Category A: Identifiers
Category F: Internet or other electronic network activity information
Category G: Geolocation data
Category K: Inferences
Lotame does not knowingly sell Personal Information of minors under 16 years of age (“Minors”). Lotame contractually prohibits businesses that license data to us from transmitting to Lotame Personal Information of Minors and have procedures in place to ensure compliance with this requirement.
Under CCPA, you may have the following consumer rights. Please note that these rights are not absolute and in certain cases are subject to conditions or limitations as specified in the CCPA:
You have the right to request, at no charge, that we disclose to you the categories and specific pieces of Personal Information Lotame has collected about you in the prior 12 months, including:
You have the right to obtain the above information, in a portable and (if technically feasible) readily usable format.
You have the right to request the deletion of your Personal Information we have collected about you. This right may be subject to certain conditions and limitations under CCPA.
You have the right to opt-out of sale of your Personal Information we have collected about you.
You may exercise all of the above rights at any time and Lotame will not unlawfully discriminate against you for exercising your rights under CCPA.
You may exercise any of your rights as set out above, by submitting a request as set forth below. You may be required to provide additional information to verify your identity and request before further action is taken. Please note that when submitting the following requests, Lotame is only able to apply your request to Personal Information that we use in our Data Products and Services, where we act as a business. For our clients where Lotame acts as a service provider, Lotame will inform our client of your request.
You may exercise any of your rights as set out above by:
You may also exercise your right to opt-out of sale by clicking the following link: DO NOT SELL MY PERSONAL INFORMATION
Lotame verifies your request based upon the browser you are using to access the Privacy Manager or, if providing an IDFA/GAID of your device, by requesting an attestation.
You may use an authorized agent to submit a request to know or delete on your behalf. If you authorize an agent to make a request for you, the agent will be required to provide Lotame with written proof of your authorization and verification of your identity.
Lotame has implemented (and requires its subprocessors or subcontractors to maintain) appropriate physical, administrative, and technical measures that are designed to help protect the data that Lotame collects or receives in connection with its Services from unauthorized access, disclosure, or modification. However, no security procedures or protocols can be guaranteed to be completely secure and we therefore cannot ensure or warrant the security of any information we collect or store. In accordance with internal policies, Lotame promptly evaluates and responds to all security incidents.
Lotame generally retains the non-personal user data we collect for all of our products and services for purposes of interest-based advertising for up to thirteen months from the date of its collection. In limited cases, where a client has a legitimate business purpose for requesting a longer retention timeline, Lotame will retain non-personal user data for the client’s use for up to eighteen months.
Lotame will review and update this Policy periodically in response to changing legal, technical, and business developments. If we change this Policy, we will provide notice by posting the new policy here, changing the date at the top, and indicating on our homepage that this Policy has been updated.
To contact us with any questions, comments, or suggestions, please email us at email@example.com or write to us at Lotame Solutions, Inc., 8890 McGaw Road Suite 250
Columbia, MD 21045 Attention: Legal Department.
Cookie: A cookie is a small file of information that is stored on your hard drive when you visit a website using a particular browser. Cookies are used to store and receive information about a user’s activities on a particular website.
Data Protection and Privacy Laws: Any laws and regulations relating to (1) data privacy, data protection, or data retention, (2) regulatory statements, regulatory guidance, or enforcement action decisions that have the effect of laws or regulations, and (3) governmental frameworks adopted for extra-territorial transfers of personal data or personal information.
Pixel Tags: A pixel tag is an invisible image or block of code that allows a website owner or third party to “drop” cookies and collect certain information about a user’s activities on a particular website.
IP Address: An IP address is a series of numbers that can be used to identify a particular device on a computer network. An IP address provides a general location of a device, but not a specific street address.
Advertising Identifiers: Advertising identifiers are unique identification numbers assigned to your mobile device by the hardware manufacturer. IDFA is the advertising identifier for Apple devices and AAID is the advertising identifier for Android devices. Advertising identifiers are used to identify devices and collect certain information about a user’s activities on a mobile device.
Hashed Email Address: A hashed email address is an email address that has been transformed into a string of numbers and letters. There are several hashing formats. But, for example, firstname.lastname@example.org, when hashed might look like this: b5b2fc6f4cef.