OpenX Website Privacy Policy

1. What does this Policy cover?

This Policy describes how OpenX (“OpenX“, “we“, “us” or “our“) processes your personal data. It applies only to visitors to the OpenX website. You can visit our Privacy Center to find more information about how we process personal data in other contexts. For example, if you would like to know how we process personal data in the context of the OpenX Ad Exchange, the Privacy Center includes a link to our Ad Exchange Privacy Policy.

The data processing described in this Privacy Policy may be limited as required by applicable law, including the General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”), and other federal or state laws, to the extent those laws apply to your personal data.

We encourage you to read this whole Privacy Policy, because it provides important information about how we may process your data and the choices or rights you may have with respect to our processing of your data.

This Policy does not apply to the privacy practices of other websites that may be linked from our website. OpenX is not responsible for the privacy practices of any other websites. We encourage you to consult the privacy policies of those websites to learn more about their privacy practices. 

2. What personal data do we collect?

We collect certain information through our website when you choose to provide it (for example, when you create an OpenX Community account, submit a request through our Data Subject Request Portal, or contact us using a website form). This information may include:

• Information to identify you, such as your name, surname, contact details (email address), company name, and job title;
• Information necessary to establish and access your OpenX Community account, such as your username and password;
• Information provided as part of your Data Subject Request, such as your country and/or state of residence and your relationship to OpenX;

• Your marketing preferences, including any consents you have given us; and
• The content of communications you send us.

We also collect certain information automatically including:

• Unique online identifiers (e.g., IP address, cookies, mobile advertising identifiers such as Apple IDFA and Android Advertising ID);
• Browser information (e.g., browser type, version, language);
• Device information (e.g., screen dimensions, device brand, model);
• Internet service information (e.g., Internet Service Provider used by you);
• Derived (non-precise) location data (as derived from IP address); and
• Usage information (e.g., your interactions with the website, including our Data Subject Request Portal and communications sent through the portal).

Additionally, we may obtain certain information about you from our partners as part of our Ad Exchange activities. For more information about how we may obtain and use such information, please see our Ad Exchange Privacy Policy.

3. Why do we collect, use, and store this personal data?

We may process your personal data to provide our website and services and to communicate with you. Depending on where you live,we may need a valid legal basis to process your personal data. If we do, depending on the circumstances, we collect, use and store your personal data under the legal bases set out below.  

• To fulfil a contract, or take steps linked to a contract, that we have with you. This includes:
  • Communicating with you; and
  • Providing customer service.

• As required to conduct our business and pursue our legitimate business and legal interests. This includes:
  • To provide the OpenX products and services you have requested, and respond to any requests, comments, or complaints you may send us;
  • To monitor use of our website and communications we send through our Data Subject Request Portal and to engage in analysis, auditing, research, and reporting to improve and protect our services;
  • To personalize our services for you and help ensure that content on the OpenX website is presented in an appropriate manner for your device;
  • To investigate any complaints received from you, or from others, about our website, products, or services;
  • To ensure data are securely transmitted and processed;
  • To ensure correct and efficient operation of systems and processes, including monitoring and enhancing the performance of systems and processes;
  • To manage legal claims or compliance, regulatory and investigative processes as necessary (including disclosure of such information in connection with legal processes or litigation); 
  • To enforce our terms and conditions and other legal rights; and
  • To invite you to take part in market research.

• Where you give us consent or we are otherwise permitted to process your data after we give you notice of our processing. For example:
  • We may send you direct marketing (e.g., regular newsletters or emails that highlight relevant services we offer), which may be sent directly from us or via third party service providers;
  • We or third parties may place cookies or similar technologies on your device. To learn more about the categories of cookies and similar technologies that we use on our website, please review our Cookie Policy;
  • On other occasions where we ask you for consent or provide you with notice of processing, we will use the data for the purpose which we explain at that time.

Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. Additionally, please note that withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. 

In some cases, we are able to send you direct marketing without your consent. You have the right to opt-out of direct marketing at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below.

• Because we are compelled to do so by law:
  • In response to a subpoena or other requests by government or law enforcement authorities conducting an investigation.

4. How and to whom do we share your personal data? 

We will disclose personal data to third parties for our business purposes as described in this Privacy Policy, including:

• With your express permission;

• With the OpenX affiliated companies listed on this page, such as to make sure that questions or comments submitted via our “Contact Us” form are addressed appropriately;

• To our advisers (or the advisers of potential purchasers or new owners) including in the event that we, or some or all of our affiliated entities or assets, are merged, sold, transferred (including in bankruptcy), or otherwise subject to a material corporate change;

• Where we believe it is necessary to protect OpenX or our users, enforce our terms or the legal rights of OpenX or others, or comply with a request from governmental authorities, legal processes, or other legal obligations; and

• Where we contract with third parties to provide certain services under our instruction, including service providers managing distribution of our marketing content, data analytics, web hosting, web development, and our website operation or cloud computing services (“Vendors”). A list of these Vendors is available here.

OpenX may offer online resources that facilitate discussion amongst our customers and other third parties, including the OpenX Community. Whenever you voluntarily post information to any public forum we operate, please be aware that such information (along with your username) is accessible to other users of the forum, including members of the public if the forum is open to the public.

International Transfers

OpenX complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. OpenX has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. OpenX has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. 

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the applicable Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit the Data Privacy Framework website.

The Federal Trade Commission has jurisdiction over OpenX’s compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) here.

Under certain conditions, more fully described on the DPF website here, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. In cases of onward transfer to third parties (e.g., instances where OpenX transfers personal data to a third party partner, service provider or an agent which processes such data in a manner inconsistent with the DPF Principles), OpenX is generally liable for the acts of the third party that are in violation of the DPF Principles.

In parallel to adhering to the Data Privacy Framework, in the event that personal data collected from a UK or EEA data subject is transferred outside of the UK or the EEA to an organization in a country which is not subject to an adequacy decision by the EU Commission or considered adequate as determined by applicable data protection laws, we  take additional steps to ensure your personal data is adequately protected (e.g., by way of EU Commission-approved Standard Contractual Clauses or by relying on other data transfer mechanisms approved under applicable data protection laws). We are also committed to conducting data transfer impact assessments and adopting any supplementary measures required to mitigate any risks to you identified in such an assessment. A copy of the relevant mechanism can be obtained for your review on request by contacting us using the details set out below. 

We regularly monitor updates to the Data Privacy Framework and other relevant international data protection standards to ensure continued compliance and promptly implement any required adjustments to our data transfer practices.

5. How do we use cookies?

On our website, we use cookies and similar technologies to collect information about your online activity. Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify your browser or device on each page. To learn more about the categories of cookies that we use, please review our Cookie Policy.

6. What choices and rights do California residents have with respect to the data we process?

California residents have various rights with respect to personal data we process. For OpenX website visitors and current, former, or prospective business partners that are California residents, this section provides disclosures required under California law and describes rights available to you. If you would like to understand our practices and your rights related to personal data collected through our advertising services, please visit the Ad Exchange Privacy Policy.

Categories and Sources of Personal Data. For purposes of the California Consumer Privacy Act (CCPA), in the past 12 months, we collected the following categories of personal data about our website visitors or business partners: (i) personal and online identifiers (e.g., name, email address, and phone number); (ii) record-keeping information (e.g., financial information); (iii) commercial or transactions information (e.g., information related to your transactions with OpenX); (iv) Internet or other electronic activity information (e.g., interactions with OpenX properties); (v) professional or employment related information (e.g., information about your company and your role); and (vi) other information that is linked to such personal data.  We collect these categories of personal data from our website visitors, our business partners, and our service providers (e.g., web hosting providers).

Collecting, Using, Disclosing, and Retaining Personal Data. In the last 12 months, we collected each category of personal data for our commercial and business purposes, as described in more detail above in the “Why do we collect, use, and store this personal data?” section of this Privacy Policy. We disclosed each category of personal data to the categories of third parties described above in the “How and to whom do we share your personal data?” section of this Privacy Policy. We stored and retained personal data in accordance with the retention periods described below in the “How long do we retain your personal data” section of this Privacy Policy.

“Sharing” of Personal Data. OpenX does not sell personal data collected about our website visitors or business partners for money, but we allow some third-party advertising companies to collect the following categories of personal data on the OpenX website: (i) personal and online identifiers; and (ii) Internet or other electronic activity information. We treat these advertising activities as “sharing” for cross-context behavioral advertising under the CCPA. You have the right to opt out of this sharing. You can opt out of this sharing by visiting our website with the Global Privacy Control (“GPC”) enabled. The GPC is a third-party tool, and you can activate the GPC by implementing a browser or extension that offers this tool. More information and instructions on implementing this tool are available here. Our website has implemented mechanisms to respond to GPC signals we receive, where required, and we treat these signals as requests to opt out of sharing for cross-context behavioral advertising. You can also opt out by visiting the Cookie Preference Center on our website and selecting “Reject.”

Privacy Rights. Subject to certain exceptions and limitations, you have the right to ask OpenX to delete personal data, correct inaccurate personal data, and provide you with access to your personal data (including the specific pieces of personal information we collect, the categories of personal data we collect, the categories of sources from which we collected personal data, our purposes for collecting personal data, and the categories of third parties to which we shared or disclosed personal data). While the CCPA provides an opt-out right to California residents related to “sensitive personal information,” OpenX does not collect such information about its website visitors or business partners. In addition, you have the right to not be retaliated against for exercising your privacy rights and our practice is to not discriminate against you for exercising your privacy rights.

If you would like to exercise any of the rights listed above, please submit a request through our webform here and select the “I’d like to submit an employee, applicant, or business partner data subject request” option. You will need to provide information about your relationship with OpenX so that we can process your request. When you choose to submit a rights request, we may use service providers to help us process such requests. You can also submit a request by calling us at (855) 231-3834.

You can designate an authorized agent to submit a request on your behalf by providing the agent with signed permission to do so and proof of your identity, or by the agent holding a valid power of attorney.

In some cases, we may need to request additional information from you (or your agent) to verify your identity or understand the scope of your request. Generally, we verify your identity by matching the information provided in your request with the information we retain in our records.

7. How long do we retain your personal data?

Where we process account data collected via our website, we generally retain it for as long as you are an active customer of OpenX. 

Where we process personal data in connection with performing a contract with you or your organization, we keep the data for as long as the contract remains in force and for a certain period after its expiration. This period may vary between jurisdictions depending on applicable law and other factors. 

Where we collect certain information about you or your device automatically, we retain this information for various periods, depending on the lifespan of the specific cookie that facilitated collection.You may contact us here to learn more about the cookies we use on our website. 

Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your request). We also keep a record of the fact that you have asked us not to send you direct marketing or to not process your data so that we can respect your request in future.

8. What if we update this privacy policy?

We reserve the right to update this Privacy Policy at any time.  If we do so, we will post the updated policy here and update the effective date. We may also notify you in other ways from time to time about changes to our processing of your personal data. 

9. How can you contact us?

If you have questions about this Privacy Policy or wish to contact us for any reason in relation to our personal data processing, please contact us here.

You can also reach us at:

OpenX Technologies, Inc.

Attention: Legal Department

35 North Lake Avenue, Suite 240

Pasadena, California 91101

United States

You may also contact our data protection officer at dpo@openx.com or by calling us at (855) 231-3834.