Last Updated to address Data Retention Section and Effective as of September 11, 2018
As part of its commitment to privacy, Lotame adheres to both the DAA Self-Regulatory Principles and the eDAA’s European Principles for Online Behavioral Advertising. Lotame is also a member of the NAI and adheres to the NAI Code of Conduct. Please visit our Memberships, Affiliations and Oversight page to learn more about Lotame’s participation in the EDAA, DAA, NAI and other self-regulatory organizations.
Lotame does not provide products or services directly to consumers. Instead, Lotame has products and services that help businesses – marketers, advertising agencies and publishers – engage in interest-based advertising and marketing. Interest based advertising is the practice of delivering relevant content and advertising to people based on their interests, activities, and behaviors. Note that when providing interest-based advertising services to its clients, Lotame does not use information that directly identifies you as a specific person (such as your name, address, email address, or phone number), but we may use other pseudonymised personal information as further described below.
Lotame has the following products and services, which are collectively our “Services”:
Lotame collects and receives information on behalf of its clients and receives information from third parties for use in its Services. Lotame collects information via many methods, including cookies, pixel tags, SDKs (software development kits), secure file transfers, and server to server connections. Lotame pixel tags generally appear as “third party tags”.
Information Collected by Lotame
The following information is collected and used by Lotame to provide its Services:
Demographic Information, such as:
Online Behavioral Information
Lotame collects information on your online browsing activity to determine what types of activities and products you may be interested in and how you interact with certain content and advertisements. This information includes:
These can be used to identify your device and typically include:
Client and Partner IDs
Clients and partners may provide Lotame with proprietary IDs, which are IDs that identify a customer or consumer to the client or partner. These client and partner IDs may correspond to personal information of the client or partner but Lotame does not see the personal information connected with these IDs.
Personally Identifiable Information That Has Been De-Identified or Pseudonymised
Lotame may use personal information that has been de-identified, typically by using a mathematical process (commonly known as a hash function) to convert information into a code. We use that de-identified data to provide our services (including to connect your activity and interests). Lotame also pseudonymises data by assigning proprietary IDs to technical identifiers, such as cookies.
Lotame analyzes the information it collects and receives, and organizes it into user groups and audiences, based on factors such as age, gender, geography, interests and online actions. Our clients and partners then use the Lotame-created user groups and audiences, along with information about the possible relationships among different browsers and devices, to design and deliver customized advertising campaigns or other relevant content to users on their computers, phones, and other mobile devices. Clients have the ability to combine this Third Party Data with their own First Party Data when using Lotame’s SaaS and Marketing Technology Services. Our clients and partners may also analyze and organize the underlying data to create custom user groups and audiences.
Lotame uses the information it collects and receives to:
Lotame clients generally use First Party Data, along with Third Party Data provided by Lotame, to:
In addition to sharing certain data as directed by clients, we may share information that is non-personal or pseudonymised with other clients and third party companies such as advertisers, agencies, ad networks or exchanges, to provide services to our clients and to enable our clients and those third parties to analyze user behaviors or to customize the ads that you see online. In addition, we may provide access to information we collect to service providers, but to the extent we have any personal information we only share personal information with service providers who will only utilize the information to provide their services to us.
If our company is sold, assigned, transferred, merged, files for bankruptcy protection, sells all or a portion of its assets, or undergoes some other change to its corporate form, information may be transferred as part of that transaction or change, including in connection with a due diligence process. We may also release information in order to comply with requests from law enforcement, government agencies, and similar entities, or to otherwise protect Lotame, our clients and users.
Lotame does not create or share general audience segments through its Online AdvertisingData Products and Services that are classified by the Network Advertising Initiative (“NAI”) as Sensitive Information (as defined in the NAI Code of Conduct).
To learn about the non-sensitive health-related segments we offer through our Online Advertising Data Products and Services, click here.
Lotame does not create or share EEA audience segments that are classified by the General Data Protection Regulation as Sensitive Personal Data.
Lotame does not generate pre-packaged audience segments that are targeted to children.
Lotame collects First and Third Party Data online via the use of Lotame pixel tags, cookies and other technologies. These allow Lotame to collect information from websites that Lotame does not own or operate. Lotame provides you with the ability to opt-out of the collection and use of your information for interest-based advertising via all of Lotame’s Services. This means that Lotame, and any clients that utilize data collected by Lotame using a Lotame pixel tag or similar technologies, will not have the right to use your data for online interest-based advertising purposes.
Browser Opt Out
Lotame. To opt-out of the collection and use of data by Lotame for online interest-based advertising on your browser (including a mobile browser if third-party cookies are enabled in your browser), you can click here and follow the instructions provided. Your opt-out choice is applied only to the browser from which you make the choice. Note that our opt-out is cookie based, and so if you delete your cookies, you may no longer be opted out and you may need to opt-out again.
Interest-Based Advertising, Generally. You can opt-out of the collection of data across unaffiliated sites over time for Interest-Based Advertising and other purposes from companies participating in the Digital Advertising Alliance Consumer Choice Page at www.aboutads.info/choices and from members of the Network Advertising Initiative via www.networkadvertising.org/choices.
Mobile Applications Opt-Out
To opt-out of the collection and use of data for interest-based advertising on your mobile device, you can modify the settings on your mobile device. For example:
For Apple Devices: Go to Settings, Select Privacy, Select Advertising, and enable the “Limit Ad Tracking” setting.
For Android Devices: Open the Google Settings App, Select Ads, and enable the “Opt out of interest-based advertising” setting.
Note: The specific opt-out instructions for each device may differ slightly depending on which version of the operating software you are running.
Alternately, you may wish to download the TrustE mobile application and/or the Digital Advertising Alliance “App Choices” mobile application and follow the instructions provided. You may opt-out of the collection and use of data by Lotame specifically, or by all companies that offer a mobile application opt-out via the TrustE or AppChoices app. Your opt-out choice is applied only to the collection of data from applications on the device from which you opt-out.
Note: Even after you opt-out of the use of your information by Lotame for Interest-Based Advertising, Lotame may continue to collect and use such information for other purposes, including analytics and research. Should you elect to opt-out, you will still receive ads, but these ads may be less relevant to your interests.
Also, after choosing to opt-out via any of the methods above, if you use a different device or a different browser, or if you delete browser cookies, you may need to repeat the opt-out steps for that particular device or browser. In addition, if you block cookies on your browser or if third-party cookies are blocked by default, some of the opt-out tools above may not function.
For those in Europe, you can opt-out via the IAB Europe’s industry opt-out at www.youronlinechoices.eu.
Do Not Track
Please note that your browser settings may allow you to automatically transmit a “Do Not Track” signal to websites and online services that you visit. If Lotame receives a “Do Not Track” signal from any browser other than Internet Explorer, Lotame will implement an opt-out. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
General Data Protection Regulation (GDPR)
Lotame has certain responsibilities as both a data controller and a data processor under the European Union’s General Data Protection Regulation (“GDPR”). We have worked cooperatively with clients and partners to address these responsibilities, and have taken steps to ensure that Lotame has updated its policies and procedures to address GDPR. We have made certain enhancements to our products and services in advance of GDPR and will continue to operate according the principles of “privacy by design”. For a brief overview of Lotame’s commitment to GDPR compliance, please click here.
Lotame complies with the EU-U.S. Privacy Shield Framework Principles (the “Privacy Shield Principles”). Lotame has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to the collection, use and transfer of personal data from the European Economic Area to the U.S.
Lotame’s commitment to the EU-US Privacy Shield Framework covers personal information about residents of all nations in the European Economic Area (EEA), which comprises the European Union (currently including the United Kingdom), Iceland, Liechtenstein, and Norway (collectively, “EEA residents”).
To learn more about Privacy Shield, and to view Lotame’s certification, please visit http://www.privacyshield.gov/list.
With respect to its participation in the EU-U.S. Privacy Shield Framework, Lotame is subject to the jurisdiction and enforcement powers of the United States Federal Trade Commission.
Lotame may be liable in some circumstances for transferring personal information to a third party that violates the Privacy Shield Principles.
Upon the request of clients and partners, Lotame may also agree to be bound by the terms of the EU Standard Contractual Clauses.
In certain cases you may have the right to request binding arbitration of non-monetary claims that are not otherwise resolved by the procedures listed here (see www.privacyshield.gov , Annex 1).
Subject Access Requests
EEA residents have the right to request certain information from Lotame, including without limitation, the right to ask what personal data Lotame has collected on you from the EEA, and the right to ask that Lotame correct this personal data if you believe it to be inaccurate.
EEA residents should first visit the Lotame Privacy Manager, which provides information to consumers about how Lotame uses personal data in connection with its Data Products and Services. The Lotame Privacy Manager displays Third Party Data associated with the device viewing the Lotame Privacy Manager, as well as any devices that are connected to this device through Lotame’s cross-device technology. Specifically, the Lotame Privacy Manager displays audience segments that show interests, behaviors, and attributes associated with this particular device, as well as any connected devices. You will see different segments displayed when viewing the Privacy Manager from a different browser, computer or device.
For additional information about how Lotame uses personal data in connection with its other service offerings, EEA residents should contact Lotame via email at: email@example.com or by mail at 8850 Stanford Blvd, Suite 4000, Columbia, MD 21045, Attention: Legal Department. Lotame has appointed Tiffany Morris, General Counsel and VP of Global Privacy, as Lotame’s Data Protection Officer for GDPR purposes. Ms. Morris will work with the broader Lotame team to respond to all inquiries within thirty (30) days of receipt.
Lotame will respond in good faith to all privacy inquiries, but may not be able to provide complete information if your request requires Lotame to release confidential information of third parties, or otherwise imposes an undue burden or expense.
Lotame may be required to disclose your personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Lotame continues to voluntarily submit unresolved privacy complaints of EEA residents to an independent dispute resolution mechanism administered by DMA. If you do not receive timely acknowledgment of your complaint, or if Lotame does not satisfactorily address your complaint, you can reach the DMA for more information and to file a complaint at:
Privacy Shield Line
Direct Marketing Association
1333 Broadway, Suite #301
New York, NY 10018
To file a complaint/inquiry: https://thedma.org/shield-complaint-form/
In the event a satisfactory resolution cannot be resolved through the DMA, Lotame will cooperate with the United States Federal Trade Commission and any data protection authorities of the EEA member states to investigate and resolve any open complaints.
Lotame generally retains the non-personal user data we collect for all of our products and services for purposes of interest-based advertising for up to thirteen (13) months from the date of its collection. In limited cases, where a client has a legitimate business purpose for requesting a longer retention timeline, Lotame will retain non-personal user data for the client’s use for up to eighteen (18) months.
Lotame has implemented physical, administrative, and technical measures which are reasonably designed to help protect the data that Lotame collects or receives in connection with its Services from unauthorized access, disclosure, or modification. In accordance with internal policies, Lotame promptly evaluates and responds to all security incidents. However, no transmission or storage of data can be guaranteed to be completely secure and we therefore cannot ensure or warrant the security of any information we collect or store.
To contact us with any questions, comments, or suggestions, please email us at firstname.lastname@example.org or write to us at Lotame Solutions, Inc., 8850 Stanford Blvd., Suite 4000, Columbia, Maryland, 21045, Attention: Legal Department.
Cookie: A cookie is a small file of information that is stored on your hard drive when you visit a website using a particular browser. Cookies are used to store and receive information about a user’s activities on a particular website.
Pixel Tags: A pixel tag is an invisible image or block of code that allows a website owner or third party to “drop” cookies and collect certain information about a user’s activities on a particular website.
IP Address: An IP address is a series of numbers that can be used to identify a particular device on a computer network. An IP address provides a general location of a device, but not a specific street address.
Advertising Identifiers: Advertising identifiers are unique identification numbers assigned to your mobile device by the hardware manufacturer. IDFA is the advertising identifier for Apple devices and AAID is the advertising identifier for Android devices. Advertising identifiers are used to identify devices and collect certain information about a user’s activities on a mobile device.
Hashed Email Address: A hashed email address is an email address that has been transformed into a string of numbers and letters such that it cannot be traced back to the email address. There are several hashing formats. But, for example, email@example.com, when hashed might look like this: b5b2fc6f4cef.