Advertising Technology Platform Privacy Policy

Your Choices and Rights

For California residents

Users under 16 years old

Changes to this Privacy Policy

Contacting Us

Advertising Technology Platform Privacy Policy

This policy applies to our technology services that our customers use in connection with their digital advertising. If you are interested in our data collection and use in relation to other corporate activities, such as on our corporate website or in relation to recruiting and hiring, please click here .

Last modified: March 16, 2021

TripleLift provides a suite of technology products that facilitate digital advertising. Together, we call this technology our “Platform.” It is a platform because it provides underlying technology on top of which our clients and partners can build and run their own businesses. The Platform helps facilitate the buying and selling of ads that you see online such as in web pages, apps, and video content. Selling ads helps publishers of digital content – from one-person blogs to major media companies – generate revenue to support that content, and it helps advertisers – from the smallest local businesses to the largest global brands – reach customers.

The Platform uses information about internet users and devices. Some of this information may be considered personal information (or personal data). This policy explains how we collect, use, and disclose this information. Our customers and other third parties may use or interact with our Platform, and when they do, they are subject to contractual terms and other limitations we have put in place. This policy only describes TripleLift’s practices and does not apply to any third-parties.

Our technology is complex, but we try in this policy to describe the Platform in easy-to-understand terms. If you have any questions about our practices, please contact us using the contact details provided under the “Contact Us” heading below.

TripleLift follows the industry self-regulatory guidelines of the Digital Advertising Alliance. TripleLift also implements and adheres to the specifications and policies of the IAB EU Transparency & Consent Framework (TCF) as part of our compliance with EU data protection law. See https://iabeurope.eu/tcf-2-0/ for more information. TripleLift’s vendor identification number within the TCF is 28.

Overview

Below is a short overview of our practices, with links to further details.

What information do we collect and use?
The Platform is designed to collect and use primarily Platform Data, which includes information about internet devices and the content they are visiting, as well additional information that our clients may bring to the Platform. Details.

How do we collect information?
The Platform uses technologies, such as tags, pixels, or SDKs, all being small bits of computer code that enable us to receive information from an internet device, or technologies, such as cookies, that may store or access information on a device. We also use device IDs that are provided by many mobile devices. These technologies enable us to receive information about the digital content that a device is accessing, which in turn helps us deliver the right ads to the right people and places. If we have an identifier, like a cookie ID or a mobile advertising ID, we can recognize a device across different content over time. Details.

For what purposes do we use the collected information?
We use information to operate our Platform, and to improve it over time. This includes all of the things needed to build, operate, and maintain technology products like ours, plus all of the functions necessary for the buying and selling of digital ads that our Platform facilitates, which includes things like evaluating opportunities to show an ad to a particular user or device, selecting and delivering the ads, measuring the ads, and learning over time which ads work best on which content. We do not use the information for any purposes not related to providing our advertising-related services. Details .

What information do we transfer to other parties?
Most of our business involves helping content publishers sell their ad space, so on their behalf we transmit information to ad buyers. These buyers are typically companies called Demand Side Platforms that provide technology services to help advertisers and ad agencies manage their ad campaigns. We also transmit information to vendors who help us provide our Platform, such as cloud computing services and companies that look for illegitimate internet traffic. We also may transmit information to our publisher clients about the ads that were sold on their content. Finally, we also may transmit information to publishers’ and advertisers’ vendors, such as data management providers, that they use to process their own customer data in order to help them do things like make ads more relevant, or measure the delivery and effectiveness of ads. We are not a data broker. Details.

How is the information stored and how long is it kept?
Platform Data that we process is stored using generally accepted security standards. We retain the data for only as long as we need it for the purposes that it was collected for, unless the law requires us to delete it sooner or keep it longer. Details.

What are your choices and rights?
TripleLift provides a cookie-based opt out for web browsers. Additionally, mobile and other devices may offer opt out settings. You can find further details below. Details.

Furthermore, you may have particular rights granted by law in certain jurisdictions:

  • Europe: If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR). Details.
  • California: California residents have certain rights under the California Consumer Consumer Privacy Act (CCPA). Details.

Where do we operate?
TripleLift is a global company headquartered in the United States with offices globally.

What happens if this privacy policy is changed?
We may update this privacy policy from time to time to reflect changes to our Platform, changes in laws or regulations, or for other reasons. If we make changes that we believe are material, we will not apply those changes to previously collected information.

Questions?
If you have questions about privacy and our Platform, you can send us a message at platformprivacy((at))triplelift((dot))com.

Introduction to TripleLift’s Platform

TripleLift’s Platform helps facilitate the buying and selling of ads that you see online such as in web pages, apps, and video content. Publishers or others that deliver digital content, such as websites, mobile apps, audio, or video use our Platform to sell ads. Our Platform helps to connect advertisers to that digital content, and helps the publishers maximize their revenue from ads. To accomplish this, the Platform performs a variety of functions, such as measuring ad performance and effectiveness, selecting and delivering the ads, and preventing ad fraud or other malicious behavior.

Information we collect

When you visit the digital content of publishers using our technology, we collect certain information about your visit. This policy refers to this information collectively as “Platform Data,” which includes:

  • Browser and device information: such as the type and version of the browser or device, certain browser settings, like language, time, and time zone, and the IP address.
  • Identifiers: if available, identifiers that enable us to recognize a browser or device across different content, such as mobile ad identifiers, device IDs, and cookie IDs.
  • Location: precise geographic location, if available from the device,and provided by the publishers, and/or imprecise location as derived from IP address or provided by the publisher.
  • Content information: information about activity on the digital content visited, such as pages loaded, searches, or links clicked.
  • Ad information: information about the ads that were shown, such as what type of ad, where in the page they appeared, and whether you interacted with them.
  • Other information shared in connection with this data.

In sum, Platform Data is information about your use and interaction with content, associated with unique, randomized identifiers (e.g. mobile ad IDs or cookies). It does not include your name, email address, or other data that directly identifies you. Nonetheless, some Platform Data, especially IP address, identifiers, and precise geolocation, may be considered personal data (or personal information) under certain laws, because it can be used to collect information about you or your device over time, and then used to personalize ads or content based on that information. Also, although TripleLift does not collect information that directly identifies an individual (and prohibits clients from introducing directly identifying personal information into our Platform), it is possible that Platform Data could be matched to directly identifying personal information.

In addition to Platform Data, there may be other data introduced into our Platform by, or for, our customers, that is then used to improve customers’ advertising. Some of this may include information about your interests or demographic information. Interest information reflects your interests as may be derived from your behavior, such as your internet activity or your purchase history. Demographic information could be information about your age, where you live, or your income level. We do not provide this information to our customers, but they may produce it themselves or may acquire it from other third parties or data brokers.

How we collect information

The Platform uses technologies such as cookies, beacons, pixels, tags, mobile SDKs, and similar technology to collect this information. If you want to understand how these technologies work, there is a lot of information on the internet. However, the main thing to know is that these are bits of computer code that enable companies like us to collect or receive information from your visits to digital content, and in some cases, store identifiers or other information on your device.

It is the identifiers, as may be stored in cookies or made available by your device, that enable us to compile information over time from different digital content. Some browsers and devices give you controls over cookies and IDs. Other browsers, for example, will block cookies automatically. Some mobile devices enable you to turn off or reset the mobile ad identifier. Check the documentation for your browser or device for details. You also might find the information on the Network Advertising Initiative website helpful, though we take no responsibility for the content of that or any third-party’s site.

When we are able to use a cookie identifier for a web browser, we will try to match it to other companies’ cookie identifiers. This is a common practice in the digital advertising industry, often called cookie syncing, and it enables the sharing and use of data between different companies that are involved in buying and selling digital ad space. In essence, it allows one company to send a digital ad request to another that says, “we have an opportunity to show an ad to user 68723874 on somewebsite.com.”

Detailed information about TripleLift’s cookies is available here .

Geolocation data may be collected in different ways. Precise geolocation can be collected from devices, if the device has precise geolocation capabilities and is configured to allow the data to be collected. Less precise or imprecise geolocation – sometimes postal code, or city, or other region – can be derived from IP address. It is also sometimes provided by browser or devices settings that may be available to us.

How we use the information we collect

We use the information for purposes related to providing our Platform:

  • Selecting and serving advertising
  • Soliciting bids on ads on behalf of customers
  • Measuring, reporting on, and optimizing advertising
  • Preventing fraud, malware, and other bad behavior
  • Debugging and product improvement

Additionally, as described below, we may transmit information to other parties. While we place restrictions on customers’ and partners’ uses of the Platform Data outside of our Platform, and we take care to obtain assurances that they will adhere to our restrictions, as well as to applicable laws and industry standards, their collection and use of information is described and governed by their own privacy policies and applicable laws, rules, or regulations.

How and why we transmit the information we collect to other parties

We transmit Platform Data to other parties in the following circumstances:

  • Our affiliates: We share information with our affiliated companies, i.e. companies within our corporate family, which are also subject to this policy.
  • Customers and their service providers: We sometimes give our customers Platform Data in the form of logs and other types of records and reporting related to their use of our Platform.
  • Demand partners: Demand partners are companies that integrate with our Platform in order to buy ad space from publishers working with us. To facilitate these ad transactions, we transmit Platform Data in accord with publishers’ instructions to demand partners so that they have information about the ad unit to be filled, and can choose whether to bid for the ad space and how much.
  • Our vendors and service providers: We use a variety of vendors and service providers as part of, and for the purposes of, providing our Platform. These could include cloud storage and cloud computing services, or anti-fraud and security vendors. These vendors and service providers are subject to security and confidentiality restrictions to ensure their processing of the data is consistent with this policy.
  • Business transfers: We may transfer information as part of or in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change.
  • Legal requirements: We may also disclose Platform Data in the event that we reasonably suspect malicious activity or fake traffic or when we reasonably believe it is required by law, subpoena or other legal process, including to meet security or law enforcement requirements, as well as to honor user access rights, as applicable.
  • Aggregated or anonymized data: We may share, even publicly, Platform Data that has been aggregated, anonymized, or otherwise obfuscated such that it cannot reasonably be linked to you, or your browser or device.

Also note that in the ads we help deliver there may be tags, pixels, cookies, or other technology that enables other parties to collect data. Often, these are vendors working on behalf of the advertiser to measure ad performance or prevent ad fraud or other purposes. This policy does not apply to those parties, and TripleLift is not responsible for their collection or use of information.

Storage and retention

The cookies set on your device expire no later than 90 days after the last time you visited digital content that uses our technology.

We typically store the Platform Data that we collect from your device, such as IP address and other information described above, in our systems for up to 180 days before we anonymize and aggregate that data into summary reports.

Your Choices and Rights

TripleLift offers the ability to opt-out, in accordance with industry standards. How to opt out depends on the type of browser and/or device you are using. Find more details here .

If you reside or are located in certain jurisdictions, you may have rights and protections regarding the collection, processing, sharing, and use of your data under local law. See sections below for European and Californian users.

For users in the EEA, UK, or Switzerland

Under the laws of the EEA, UK, and Switzerland, certain Platform Data is considered to be “personal data.” We may have certain obligations and you may have certain rights with respect to this data.

International Transfer

TripleLift is a global company headquartered in the United States with data centers located in the United States, Europe and Asia.

If you visit digital content that uses our technology, your information may be transferred to, stored and processed in our facilities in the United States and other countries and by those third parties to whom we may transmit or disclose your information, as described above.

Under the European General Data Protection Regulation (GDPR) or equivalent laws, some countries may be deemed to not provide an adequate level of data protection for your information.

When we transfer data outside of the EEA, UK, or Switzerland, we ensure that appropriate protections are in place under European data protection legislation. These protections may include technical measures, such as removing personal data, or a legal mechanism such as the standard contractual clauses approved by the European Commission. In case any conflict between the terms in this policy and such mechanism, the terms of the transfer mechanism shall govern.

Privacy Shield

The Privacy Shield Framework (EU-US and Swiss-US) is another mechanism intended for transfer of personal data from Europe to the US. On July 16, 2020, the European Court of Justice issued a judgement declaring EU-US Privacy Shield Framework invalid. We now rely on other transfer mechanisms for the cross-border transfer of data previously covered by the Privacy Shield. However, TripleLift has certified to the Department of Commerce that it adheres to the Privacy Shield Framework and continues to comply with its obligations under the program for data regarding EEA, UK, or Swiss individuals that is transferred to the US. You can find more information about Privacy Shield, including a list of companies that participate, such as TripleLift, here . TripleLift is accountable for information that it receives under the Privacy Shield and subsequently transfers to a third party. Triple Lift, Inc. may transfer personal information collected  as described in this Privacy Policy. TripleLift may also transfer other information that meets the definition of “personal data” in the Privacy Shield Framework to service providers and to its customers and partners, as described above. If we share personal data covered by the Privacy Shield with a third-party service provider that processes the data solely on our behalf, then we will be liable for that third party’s processing of such data in violation of the Privacy Shield Principles, unless we can prove that we are not responsible for the event giving rise to the damage.

Additionally, TripleLift may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

TripleLift commits to resolve complaints about our collection or use of your personal information under the Privacy Shield Framework individuals who have inquiries or complaints under the Privacy Shield Framework should first contact TripleLift at platformprivacy((at))triplelift((dot))com or:

Triple Lift, Inc., c/o The Privacy Team 254 36th Street, Space B633, Building 2, 6th floor, Brooklyn, New York, 11232

Triple Lift, Inc. has further committed to refer unresolved Privacy Shield complaints to the ICDR (the international division of the American Arbitration Association), an international alternative dispute resolution provider. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact the ICDR or visit here for more information or to file a complaint. The services of the ICDR are provided at no cost to you.

Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. See here for more information.

The Federal Trade Commission has jurisdiction over Triple Lift, Inc.’s compliance with the Privacy Shield Framework.

Role of Company as a Controller or Processor

If you are located in the EEA, UK, or Switzerland, TripleLift may act as a “controller” as defined under applicable law when processing your personal data. We may also act as a “processor” as defined under applicable law to the extent that we process your personal data on behalf of and at the instruction of another party, for example a publisher or an advertiser.

TripleLift’s legal basis for processing your personal data depends upon the specific context in which we collect or use it. TripleLift uses the IAB Europe Transparency and Consent Framework (TCF) as one mechanism for establishing our legal basis. The TCF is designed to allow a publisher to present information and choices to users about third-party vendors, like TripleLift, that process data stemming from you accessing the publisher’s content. The TCF will display information about the purposes for which TripleLift processes data and allow you to make choices with respect to those purposes. For additional information about the TCF, please see here (though, we are not responsible for the content of that page).

Your Rights

You may be entitled to exercise certain data subject rights available under the GDPR or other applicable European laws. These rights may include the right to request access to personal data we hold about you. You may also have the right to object to, or request that we restrict, processing of your personal data. You may also have the right to ask that your personal data be corrected, erased, or transferred to another party. If you would like to exercise any of these rights, please visit our user rights page here .

You may contact our European Data Protection Officer via dpo((at))triplelift((dot)) com.

For California residents

The California Consumer Privacy Act or “CCPA” (California Civil Code Section 1798.100 et seq.) applies to the collection, use, and disclosure of “personal information” collected from California residents (as those terms are defined by the CCPA). The CCPA requires us to disclose to California consumers the categories of personal information (as defined in the CCPA) we collect, our business and commercial purposes for collecting, using, or selling such personal information, the categories of sources from which we collect personal information, the categories of personal information we have disclosed or sold for a business or commercial purpose in the preceding 12 months, and the categories third parties with whom we share personal information. We have provided these disclosures in this policy. Note that the activities described in the policy include these categories of personal information defined by the CCPA: Identifiers, Protected classification characteristics/demographic information, Internet or other network activity, both precise and non-precise Geolocation and, Inferences data.

Additionally, under the CCPA, you may have the right to: (i) request access to your personal information and request additional details about our information practices, (ii) request deletion of your personal information, (iii) opt out of the “sale” of your personal information (as that term is defined by the CCPA), and (iv) to not be discriminated against for exercising any of your rights under the CCPA. For more information about how to exercise these rights with respect to TripleLift and data we process, see our user rights page here .

Users under 16 years old

As of the effective date of this policy, we do not have actual knowledge of the ages of users of digital properties using our technology.  We are not able to identify users that are under 16 years of age.

Changes to this Privacy Policy

We may update this privacy policy from time to time to reflect changes to our Platform, changes in laws or regulations, or for other reasons. If we make changes that we believe are material, we will not apply those changes to previously collected information.

Contacting Us

For any questions about this Advertising Technology Platform Privacy Policy or TripleLift’s privacy practices, please contact us by email at platformprivacy((at))triplelift((dot))com, or by mail at:

Triple Lift, Inc., c/o The Privacy Team 254 36th Street, Space B633, Building 2, 6th floor, Brooklyn, New York, 11232

If you are a resident of the European Economic Area, UK, or Switzerland, and you have any questions about this Privacy Policy, please contact our data protection officer or our EU representative at platformprivacy((at))triplelift((dot))com or by mail at:

Triple Lift, Inc., c/o The Privacy Team 254 36th Street, Space B633, Building 2, 6th floor, Brooklyn, New York, 11232