Last updated: March 03, 2022
- What does this Policy cover?
- What personal data do we collect?
- Why do we collect, use, and store this personal data?
- How and to whom do we share your personal data?
- What choices and rights do you have with respect to the data we process?
- How long do we retain your personal data?
- How can you contact us?
1. What does this Policy cover?
This Policy describes how OpenX (“OpenX“, “we“, “us” or “our“) processes your personal data. It applies only to visitors to the OpenX website.
This Policy describes the choices or rights you may have with respect to our processing of your data, including a right you may have to object to some of the processing that OpenX carries out. More information about your choices and rights, and how to exercise them, is set out in the “Your choices and rights” section.
The data processing described in this Policy may be limited as required by applicable law, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”) to the extent those laws apply to you.
2. What personal data do we collect?
We collect certain information through our website when you choose to provide it (for example, when you create an account with us or contact us using a website form), such as:
- Information to identify you – such as your name, surname, contact details (email address and phone number), company name, job title, reason why you contact us;
- Information necessary to establish and access your OpenX Community account – such as your username and password;
- Your marketing preferences, including any consents you have given us; and
- The content of communications you send us.
We collect certain information automatically including:
- Unique online identifiers (e.g., IP address, cookies, mobile advertising identifiers such as Apple IDFA and Android Advertising ID);
- Browser information (e.g., browser type, version, or language);
- Device information (e.g., screen dimensions, device brand, and model);
- Internet service information (e.g., Internet Service Provider used by you);
- Derived location data (as derived from IP address or GPS (for mobile); and
- Precise location data (if you have enabled location services on your device and not otherwise indicated that you would not like your precise location information to be shared).
3. Why do we collect, use, and store this personal data?
We collect, use and store your personal data under legal bases set out below.
To fulfil a contract, or take steps linked to a contract, that we have with you. This includes:
- Communicating with you; and
- Providing customer service.
As required to conduct our business and pursue our legitimate interests, as follows:
- To provide the OpenX products and services you have requested, and respond to any comments or complaints you may send us;
- To monitor use of our website and use this information to improve and protect our services;
- To personalize our services for you;
- To confirm your identity when making payments in order to prevent fraud or detect and prevent any other malicious, fraudulent, invalid, or illegal activity, if applicable;
- To investigate any complaints received from you, or from others, about our website, products, or services;
- To ensure data are securely transmitted and processed;
- To ensure correct and efficient operation of systems and processes, including monitoring and enhancing the performance of systems and processes;
- To manage legal claims or compliance, regulatory and investigative processes as necessary (including disclosure of such information in connection with legal processes or litigation); and
- to invite you to take part in market research.
Where you give us consent or we are otherwise permitted to process your data after we give you notice of our processing:
- We may send you direct marketing (e.g., quarterly newsletters or our regular emails that highlight relevant services we offer), which may be sent directly from us or via third party service providers;
- On other occasions where we ask you for consent or provide you with notice of processing, we will use the data for the purpose which we explain at that time.
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. Also, withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below.
Because we are compelled to do so by law:
- In response to requests by government or law enforcement authorities conducting an investigation.
4. How and to whom do we share your personal data?
- With your express permission;
- With other entities in the OpenX group for business purposes, such as making sure that questions or comments submitted via our “Contact Us” form are addressed appropriately;
- To our advisers (or the advisers of potential purchasers or new owners) in the event that we, or some or all of our affiliated entities or assets, are merged, sold, transferred (including in bankruptcy), or otherwise subject to a material corporate change;
- Where we believe it is necessary to protect OpenX or our users, enforce our terms or the legal rights of OpenX or others, or comply with a request from governmental authorities, legal processes, or other legal obligations; and
- Where we contract with third parties to provide certain services under our instruction, including service providers managing distribution of our marketing content, data analytics, web hosting, web development, and our website operation or cloud computing services (“Vendors”). We ask Vendors to confirm that their privacy and security practices are consistent with ours, provide them with information only to the extent necessary to perform the services we request, and prohibit them from using such information for any other purposes. A list of these service providers is available here.
OpenX may offer online resources that facilitate discussion amongst our customers and other third parties. Whenever you voluntarily post information to any public forum we operate, please be aware that such information (along with your username) is accessible to other users of the forum, including members of the public if the forum is open to the public.
UK/EEA based individuals
If you are an EEA or UK based individual and in the event that your personal data is transferred outside of the UK or the EEA to an organization in a country which is not subject to an adequacy decision by the EU Commission or considered adequate as determined by applicable data protection laws, we will take steps to ensure your personal information is adequately protected (e.g. by way EU Commission approved Standard Contractual Clauses or a vendor’s Processor Binding Corporate Rules or by relying on such other data transfer mechanisms as available under applicable data protection laws). A copy of the relevant mechanism can be obtained for your review on request by using the contact details below.
6. What choices and rights do you have with respect to the data we process?
UK/EEA based individuals
You have the right to ask us for a copy of your personal data; to correct, delete or restrict processing of your personal data; and to obtain the personal data you provide in a structured, machine readable format. In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement).
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to a data protection authority where you live, work or believe a breach has taken place. You’ll find contact details for your data protection authority here if you are an EEA based individual or here if you are a UK based individual.
Data which provision is mandatory is indicated on relevant forms that you complete. Where provision of data is mandatory, if relevant data is not provided, the we will not be able to fulfil your requests to register, make a purchase or otherwise engage with OpenX. Providing us with information other than marked as mandatory is optional.
If you would like to exercise any of the rights listed above, please reach us here.
California Privacy Rights
California residents have certain rights with respect to the personal information collected by businesses. If you are a California resident, you may exercise the following rights regarding your personal information, subject to certain exceptions and limitations:
- The right to know the categories and specific pieces of personal information we collect, use, disclose, and sell about you, the categories of sources from which we collected your personal information, our purposes for collecting or selling your personal information, the categories of your personal information that we have either sold or disclosed for a business purpose, and the categories of third parties with which we have shared personal information.
- The right to request that we delete the personal information we have collected from you or maintain about you.
- The right to opt out of our sale(s) of your personal information.
To exercise any of the above rights, please click here and submit the verifying information. Under the CCPA, you have a right not to receive discriminatory treatment when you exercise the above rights.
Verification Process and Required Information: Because most of the information we store can only identify a particular browser or device, and cannot identify you individually, we may need to request additional information from you to verify your identity or understand the scope of your request. Such additional information may include your online identifier (i.e. cookie or mobile advertising ID) and some proof that the devices that have the cookie or mobile advertising ID you provide are yours, such as a screenshot of the applicable cookie or of a screen that displays the mobile advertising ID or other documentation that can verify you.
Authorized Agent: You may designate an authorized agent to make a CCPA request on your behalf by verifying your identity and providing written permission to your agent to make the request for you.
Minors’ Right to Opt In: We do not sell the personal information of consumers that we know to be under 16 years of age.
Collection, Disclosure or Sale of Personal Information:
- In the last 12 months, we collected categories of personal data about California residents directly from those residents and automatically when they visited our website.
Information About Past Year’s CCPA Requests: In 2020, with respect to CCPA requests from California residents, OpenX:
- Received 62 requests to know, complied with all of them in an average of 23 days, and denied none of them.
- Received 79 requests to delete, complied with all of them in an average of 34 days, and denied none of them.
- Received 137 requests to opt-out of data sales, complied with all of them in an average of 13 days, and denied none of them.
- Received 32 requests that did not provide a specific type of request and were denied because they could not be verified or were otherwise invalid.
7. How long do we retain your personal data?
Where we process account data collected via our website, we generally retain it for as long as you are an active customer of OpenX. Where we process personal data in connection with performing a contract with you or your organization, we keep the data for so long as the contract remains in force and for a certain period after its expiration; this period depends on the applicable claims’ limitation periods and may vary between jurisdictions. We encourage you to contact us here to obtain more specific information on how long we may retain your personal data.
Where we collect certain information about you or your device automatically, we retain this information for various periods, depending on the lifespan of the specific cookie that facilitated collection. Please contact us here to know more about the lifespan of cookies that we use on our website.
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your request). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.
9. How can you contact us?
You can also reach us at:
OpenX Technologies Inc.
Attention: Legal Department
888 E. Walnut St., 2nd Floor, Pasadena CA 91101
You may also contact our data protection officer at firstname.lastname@example.org or by calling us at (855) 231-3834.