Last Updated: May 18, 2018; Effective: May 25, 2018.  Please read our summary of changes to this Privacy Policy.

PubMatic is an advertising technology company that provides a variety of online advertising-related services (see “Who We Are“). We are concerned about privacy issues and want you to be familiar with how we collect, use, and share information and how you can exercise the privacy rights available to you.  This Privacy Policy (“Policy”) covers the information that we may process:

  1. About End Users through our Ad Services (see “Privacy for Our Ad Services”); and
  2. About individuals who visit, use, or interact with the PubMatic Properties (see “Privacy for the PubMatic Properties” ).

This Policy does not cover our privacy practices related to information submitted to the Careers section of the Websites.  If you submit information to PubMatic’s Careers section of the Websites, please refer to PubMatic’s Careers Privacy Policy.

If you are resident in the European Economic Area and want to find out more about your data protection rights, please see “Your Data Protection Rights“.

If you have any questions, you may contact us (see “Contacting Us”).

Quick Links

We recommend that you read this entire Policy carefully.  However, to make it easier for you to review those sections of this Policy that apply to you, you may click the links below:

 Opt Out:  To go directly to the opt-outs for interest-based advertising and cross-device targeting, click here: https://pubmatic.com/legal/opt-out/.

SECTION 1 – WHO WE ARE

A reference to “PubMatic” “we” or “our” means PubMatic, Inc.  and its global subsidiaries including, as of the effective date of this Policy, PubMatic Limited, PubMatic GmbH, PubMatic India Private Limited, パブマティック株式会社 (PubMatic KK), PubMatic Pte.  Ltd.  and 据翼软件科技有限公司 (PubMatic Software (Shanghai)) Limited.

PubMatic provides marketing automation technology via our supply side platform (“Platform”) and related advertising tools (collectively the “Ad Services”).  We provide our services and tools to our “Clients,” which include “Publisher Clients” who own and operate websites, mobile applications, and other online services (each a “Digital Property”) and “Media Buyers” who are advertisers and other ad partners looking to distribute relevant ad content through our Platform.  Our Ad Services help Clients display relevant online advertising to end users (“End Users”) who interact with Digital Properties that use our Ad Services.

PubMatic also collects information from individuals when they visit, use, or interact with: (i) www.pubmatic.com and other websites operated by us, including PubMatic’s client interfaces (the “Websites”); (ii) our software applications (the “Apps”); (iii) our social media pages (our “Social Media Pages”); and (iv) our sales and marketing activities (collectively, our “PubMatic Properties”).

SECTION 2 – PRIVACY FOR OUR AD SERVICES

This Section describes how we collect and use information we receive from End Users of Digital Properties that use our Ad Services.

2.1       WHAT INFORMATION DO WE COLLECT?

Information we automatically collect

When End Users visit a Digital Property that uses our technology, we (and our partners or vendors) use and deploy tracking technologies (see “Cookies and Similar Tracking Technologies“) to automatically collect certain information about the End Users and their devices.  Some of this information (including, for example, unique identifiers stored in a cookie or mobile advertising IDs) may identify a particular computer or device and may be “personal data” in some jurisdictions, including the EU.  However, our Ad Services are designed to process information in such a manner that the information cannot be directly attributed to a specific, identifiable individual without the use of additional information (such as your name, address, or email address).

We (and our partners or vendors) may collect this information the first time an End User interacts with a Publisher Client’s Digital Property that uses our Ad Services, and we may combine and associate this information with information we (or our partners) may collect about the End User’s interactions with other ads served through our Platform.

The information we collect includes:

  • Browser and Device information, such as the device type and model, manufacturer, operating system type and version (e.g. iOS or Android), web browser type and version (e.g., Chrome or Safari), user-agent, carrier name, time zone, network connection type (e.g., Wi-Fi or cellular), IP address, general location inferred from IP address, information about our Publisher Client’s apps and versions currently active on a device (but not any other apps), and identifiers assigned to a device, such as its iOS Identifier for Advertisers (IDFA), Android/Google Advertising ID (AAID or GAID), or other unique device identifier (typically an alphanumeric string allocated to a device by the device manufacturer, a Publisher Client’s Digital Property, or PubMatic, including identifiers stored in a cookie, ETag, or browser or web cache).
  • Information about an End User’s behavior on our Publisher Clients’ Digital Properties, such as information about the activities or actions on those Digital Properties, session start/stop time, and geolocation (including latitude and longitude co-ordinates, but only if the Publisher Client’s Digital Property (like an app) has enabled location services on the device and the End User has granted the Publisher Client permission to collect and share this information for advertising purposes).
  • Information about ads served, viewed, or clicked on, such as the type of ad, where the ad was served, whether the End User clicked on it, the number of times an End User has seen the ad, and whether the End User visited the Media Buyer’s website or relevant app store and/or purchased or installed the product or service advertised.

Information we receive from third parties

We may also combine, merge and/or enhance the information we collect about an End User with information collected from our Publisher Clients and third parties (like our data providers).  For example, our Publisher Clients may also collect information that they choose to pass to us either directly through our Ad Services or through application programming interfaces (APIs), when our Ad Services connect to their systems.

This information may include, for example: network type of an End User’s device, age, ethnicity (where permitted by law), gender, and precise geolocation (where permitted by law), mobile device IDs, demographic or interest data, obfuscated user identifiers such as hashed email addresses, and content viewed or actions taken on a website or app to help make the ads served to an End User more relevant while limiting exposure to less relevant ads.  Some Publisher Clients may provide precise geolocation information collected on certain of their Digital Properties.  We will not use precise geolocation information for interest-based advertising without your opt-in consent.

We (or our third-party partners) may also use this additional information to undertake “ID syncing” or “user matching,” which means that in addition to the PubMatic ID an End User has been assigned in our systems, we may also receive a list of unique IDs our external partners or Publisher Clients have assigned to the End User, which we match to the End User’s PubMatic ID.

2.2       HOW DO WE USE YOUR INFORMATION?

We use the information we collect for a variety of business purposes.  For example, we use the information we collect for the following purposes:

  • Serving Ads: To allow Publisher Clients to offer advertising inventory in their Digital Properties and Media Buyers to bid on and fill that inventory with relevant ads.
  • Ad Reporting and Conversions: To provide information and reports to Media Buyers about when and how End Users have been exposed to their ads, clicked on their ads, or visited their Digital Property.
  • Frequency Capping: To prevent End Users from seeing the same ad too many times.
  • Customizing Ads: To infer End Users’ likely commercial interests (g., sports or travel) based on their activities across websites, mobile apps, and other Digital Properties over time, including to build interest-based advertising segments or audiences, as well as to supplement the information we collect with additional information we receive from third parties, such as third-party advertising segments or audiences, to allow us to customize and more effectively tailor the ads we display to End Users and to optimize the display of ads (including limiting exposure to less relevant ads).
  • Performance Analytics: To analyze ad performance, such as tracking views of ads, as well as click-through rates to websites or app stores and/or installs of apps that have been advertised.
  • Interest-Based Advertising: To serve targeted ads to an End User on behalf of our Clients based on the End User’s activity across websites, mobile apps, and other Digital Properties over time and information regarding an End User’s inferred commercial interests.
  • Location-Based Advertising: To deliver location-based advertising, services, and content in real-time through the use of your device’s physical location (where permitted by law).
  • Fraud Detection and Prevention and Security: To identify invalid ad impressions, clicks, installs, or ad queries, protect us and our Publisher Clients from fraudulent behavior, and protect the security of the Ad Services.
  • Providing, Managing, and Improving our Ad Services and Developing New Services: To facilitate navigation, display information more effectively, and to personalize your experience while using the Ad Services, as well as auditing, researching, and analyzing information to provide, protect, manage, and improve our Ad Services, develop new services, and ensure that our technologies function properly.
  • Service Usage and Support: To calculate usage levels of the Ad Services, help diagnose server problems, and administer the Ad Services.
  • As we believe to be necessary or appropriate: (a) under applicable law, including laws outside an End User’s country of residence; (b) to comply with subpoenas, warrants, or other legal process; (c) to respond to requests from public and government authorities including public and government authorities outside an End User’s country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, End Users, or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

2.3       COOKIES AND SIMILAR TRACKING TECHNOLOGIES

We use cookies and other similar tracking technologies (such as pixel tags, IDFA, AAID/GAID, UDID, ETags, and web or browser caches) to collect information automatically from End Users’ devices.  They help us identify unique browsers or devices used by an End User and to perform functions like, for example, limiting the same ad from continuously reappearing, ensuring that ads are properly displayed on our Publisher Clients’ Digital Properties, and serving an ad more relevant to the End User.  To opt out of our use of such technologies for interest-based advertising purposes, please follow the instructions for opting out, as described in “Your Opt-Out Choices” below.  See PubMatic’s Platform Cookie and Other Similar Technologies Policy for more information on how PubMatic uses cookies and other similar technologies.

Cross-Device and Cross-App Targeting

Our Publisher Clients and partners may use information that we share with them to establish connections among related devices (such as smartphones, tablets, and computers) for targeted advertising, analytics, and reporting purposes.  They may match an End User’s devices if the End User logs into the same online service on multiple devices or web browsers, or if the End User’s devices share similar attributes that support an inference that they are used by the same person or household.  This means that information about an End User’s use of websites or applications on his or her current browser or device may be combined and used with information from the End User’s other browsers or devices.  For example, this allows Media Buyers to deliver ads on an End User’s tablet based on activities the End User engaged in on his or her smartphone.  To opt out of cross-device targeting practices, please follow the instructions in the paragraph below titled “Opting Out of Cross-Device Targeting.”

Our Publisher Clients and partners also may use other information about an End User’s activity across multiple, unaffiliated third-party mobile applications for targeted advertising, analytics, and reporting purposes.  For example, if an End User uses a travel app, these third parties may display travel-related ads to the End User on other, unrelated apps.  To opt out of cross-app targeting practices, please follow the instructions in the paragraph below titled “Opting Out of Interest-Based Advertising for Mobile Advertising Identifiers.”

SECTION 3 – PRIVACY FOR THE PUBMATIC PROPERTIES

This Section describes how we collect and use information when visitors interact with or use any of the PubMatic Properties (such as our Websites).

3.1       WHAT INFORMATION DO WE COLLECT?

Information that individuals provide voluntarily

Certain parts of the PubMatic Properties may ask visitors to provide personal information voluntarily: for example, we may collect personal information when a visitor registers for a PubMatic account, expresses an interest in obtaining additional information about PubMatic or our products and services, subscribes to our marketing, or otherwise contacts us.

The personal information we collect may include contact information (such as name, address, telephone number, or email address) and contact preferences.  It may also include professional information, such as job title, department or job role, and the nature of an individual’s request or communication.  We also collect information that visitors choose to provide to us when completing any ‘free text’ boxes in our forms (for example, for event sign-up, product feedback, or survey requests).  Please do not post any information that you do not want to reveal to the public at large.

Information we or our third-party partners collect automatically

When using the PubMatic Properties, we or our third-party partners may automatically collect certain information from an individual’s device.  In some countries, including countries in the EU, this information may be considered personal data under applicable data protection laws.

Specifically, the information we collect automatically may include IP address, operating system type and version, browser type and version, cookie ID, an individual’s activities on the PubMatic Properties, and other information about the individual’s system and connection and how the individual interacts with the PubMatic Properties and other websites.  We and our third-party partners may collect this information as a part of log files and through the use of cookies or other tracking technologies, as explained further under the heading “Cookies and Similar Tracking Technology“.

3.2       HOW DO WE USE YOUR INFORMATION?

We may use information collected from the PubMatic Properties for the following purposes:

  • To send marketing and promotional communications. For example, we and/or our third-party marketing partners may use the information for our marketing purposes, in accordance with an individual’s marketing preferences.  You may opt out of our marketing at any time (see “Your Opt-Out Choices“).
  • To send administrative information. For example, to send information regarding our services and changes to our terms, conditions, and policies.
  • To engage in and process transactions. For example, we may use personal information to process your transactions and for billing purposes.
  • To post testimonials. We post testimonials on the PubMatic Properties that may contain personal information.  Prior to posting a testimonial, we will obtain your consent to use your name and testimonial.  If you wish to update or delete your testimonial, please contact us at privacy@pubmatic.com and be sure to include your name, testimonial location, and contact information.
  • Interest-based advertising and analytics. We may partner with certain third parties to collect information on the PubMatic Properties to engage in analysis, auditing, research, and reporting, as well as to deliver advertising that we believe may interest you based on your activity on the PubMatic Properties and other websites over time. These third parties may set and access cookies on your computer or other device and may also use pixel tags, web logs, web beacons, or other similar technologies.  For more information about these practices and how to opt out, please see PubMatic’s Website Cookie Policy.
  • To manage accounts and provide customer support or other services. For example, we may use information to create or administer PubMatic accounts and to provide customer support or other requested services or information about the Ad Services.
  • To select content and improve quality. We may use information to help improve the PubMatic Properties and PubMatic Ad Services and to ensure that content on the PubMatic Properties is presented in the most effective manner for your device.
  • For legal purposes. We may use information as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with subpoenas, warrants, or other legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
  • For our business purposes. We may use information for our business purposes, such as data analysis, audits, identifying usage trends, determining the effectiveness of our promotional campaigns, and to evaluate and improve our products, services, marketing, and client relationships.

3.3         COOKIES AND SIMILAR TRACKING TECHNOLOGIES

We and our third-party partners may use cookies and similar tracking technologies on the PubMatic Properties to collect and use information about you.  For further information about the types of cookies and other tracking technologies we use, why, and how you can control cookies, please see our Website Cookie Policy. 

3.4       USE OF PUBMATIC PROPERTIES BY MINORS

The PubMatic Properties are not intended for nor directed to individuals that are deemed to be children under applicable data protection or privacy laws, and we request that such individuals do not provide information through any of the PubMatic Properties.

SECTION 4 – GENERAL INFORMATION

4.1       HOW DO WE SHARE YOUR INFORMATION?

Information collected from our Ad Services and PubMatic Properties may be disclosed:

  • To our affiliates: We may disclose your information to our affiliates (see “Who We Are“) for the purposes described in this Policy.  PubMatic, Inc., is the party responsible for the management of your personal information jointly used by it and its affiliates.
  • Publisher Clients:  We may disclose information to our Publisher Clients to allow them to analyze the effectiveness and performance of our Ad Services and to offer targeted ad inventory to our Media Buyer Clients.
  • Media Buyers: If you are an End User, we may share information we collect in connection with our Ad Services with our Media Buyer Clients for purposes relevant to our business relationships with them, such as for billing purposes, dispute resolution, or fraud prevention and to allow them to make decisions regarding buying advertising inventory on our Publisher Clients’ Digital Properties and other websites and applications, and to analyze the effectiveness and performance of their advertising campaigns via our services, including sharing your device’s physical location to enable our Media Buyer Clients to provide you with more personalized content and to study the effectiveness of advertising campaigns.
  • Attribution and Analytics Partners: If you are an End User, we may share your information (such as your cookie ID, mobile device ID, or other unique identifier) with our (or our Publisher Client or Media Buyer’s) attribution and analytics partners to validate and measure the success and effectiveness of ads delivered via the Platform.
  • With our vendors, consultants, and other service providers: We may share your information with our third-party service providers, vendors, contractors, or agents who perform functions required for the operation of the business.  Examples include, to provide data storage and processing services, lead management, campaign management, technical support for our Platform and PubMatic Properties and fraud prevention.
  • Website advertising partners: As noted above, we may partner with certain third parties to collect information on the PubMatic Properties to engage in analysis, auditing, research, and reporting, as well as to deliver advertising that we believe may interest you based on your activity on the PubMatic Properties and other websites over time.  We may share information with them for this purpose.
  • Business transfers: We may share your information with a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets or sock (including in connection with any bankruptcy or similar proceedings).
  • For legal purposes: We may share your information as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with subpoenas, warrants, or other legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
  • With consent: We may disclose an individual’s information to any other person with the individual’s consent to such disclosure.
  • On message boards or other public webpages:  Individuals may choose to share information on message boards, chat, profile pages and blogs and other services that allow visitors to post information and materials (including, without limitation, our Social Media Pages).  Please note that any information posted or disclosed through these services and forums will become public information, and may be available to users of the PubMatic Properties and to the general public.  We urge you to be very careful when deciding to disclose your personal information, or any other information, on the PubMatic Properties.

4.2       YOUR OPT-OUT CHOICES

Opting out of receiving electronic communications from us 

If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt out of receiving these marketing-related emails by contacting us at privacy@pubmatic.com or by clicking on the opt-out link within the email message that you receive from us.  Please also note that if you do opt out of receiving marketing-related emails from us, we may still be required to send you administrative messages relating to the our services from time to time.

Opting out of our sharing of your personal information with affiliates for their direct marketing purposes 

If you would prefer that we do not share your personal information in the future with our affiliates for their direct marketing purposes, you may opt out of this sharing by contacting us at privacy@pubmatic.com.

Opting out of interest-based advertising from Cookies

To opt out of receiving interest-based advertising (including retargeting) from our Ad Services through the use of cookies in your current browser and for more information on what it means to opt out, please go to https://pubmatic.com/legal/opt-out/.

See PubMatic’s Platform Cookie Policy and Website Cookie Policy for more information on how PubMatic uses cookies and other similar technologies. For more information about cookies in general, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.  For more information about how to clear your browser cache, please see your browser’s instructions for doing so.  Please note that deleting or resetting cookies and clearing your browser cache will not opt you out of receiving interest-based advertising (including retargeting) from PubMatic’s Ad Services.

We are a member of the Network Advertising Initiative (NAI) and adhere to the 2018 NAI Code of Conduct.  We also adhere to the Digital Advertising Alliance’s (DAA) Self-Regulatory Principles for Online Behavioral Advertising and Multi-Site Data, the Application of Self-Regulatory Principles to the Mobile Environment, and the Application of the DAA Principles of Transparency and Control to Data Used Across Devices.  If you go to optout.networkadvertising.org, or optout.aboutads.info, you can learn how to exercise choice regarding the collection of information about your online activities over time and across multiple third-party websites, online services, devices, or applications for interest-based advertising purposes.

Some of our Publisher Clients have their own opt-out mechanisms that are linked from their sites or their online-posted privacy policies.  You should review the privacy policies of those companies for these opt-out links if you no longer wish to receive targeted advertising from a particular company, or multiple companies.

At this time, we do not honor “Do Not Track” headers and similar mechanisms.

Opting Out of Interest-Based Advertising in Mobile Applications

Our clients and partners may display interest-based advertising to you in mobile applications, based on your use of mobile applications over time and across non-affiliated apps.  To learn more about these practices and how to opt out, please visit http://www.aboutads.info/appchoices, download the DAA’s AppChoices mobile app, and follow the instructions provided in the AppChoices mobile app.  You can also adjust the advertising preferences on your mobile device (in iOS, visit Settings > Privacy > Advertising > Limit Ad Tracking, and in Android, visit Settings > Google > Ads > Opt out of interest-based ads).

Opting Out of Cross-Device Targeting

Our clients and partners may combine and use information from websites or applications on your current browser or device with information from your other browsers or devices for advertising purposes.  To opt out of such practices by our clients and partners, please follow the instructions above for opting out on each of your browsers and on each of your mobile devices, including:

Please note that you will need to opt out separately on each of your browsers and on each of your mobile devices to ensure that information collected on a particular browser or device is not used on another browser or device.

4.3       YOUR DATA PROTECTION RIGHTS

You have the following data protection rights:

  • You have the right to request access to or that we change, update, or delete your personal information at any time. Please note that we may impose a small fee for access and disclosure of your personal information where permitted under applicable law, which will be communicated to you.
  • If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • The right to opt out of receiving marketing communications from us. See “Your Opt-Out Choices” for further information.
  • If you are a resident of the European Economic Area (EEA), you also have the following rights:
    • The right to object to processing of your personal information, restrict processing of your personal information, or request portability of your personal information. To exercise these rights email privacy@pubmatic.com; and
    • The right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.  Contact details for data protection authorities in the EEA are here.

Please note that because most of the information we store can only identify a particular browser or device, and cannot directly identify you personally, you may need to provide us with some additional information to enable us to identify the personal information we hold about you and ensure that we accurately fulfil your request and do not infringe on the privacy rights of other individuals.

You can exercise your rights at any time by contacting us at privacy@pubmatic.com. Please review our Data Subject Rights Notice for further information and instructions on how to exercise your rights.

4.4       LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION (EEA END USERS AND VISITORS ONLY)

If you are a resident of the EEA, our legal basis for collecting and using personal information described above will depend on the personal information concerned and the specific context in which we collect it.  However, we normally rely on our legitimate interests to collect personal information from you, except where such interests are overridden by your data protection interests or fundamental rights and freedoms.  Where we rely on our legitimate interests to process your personal information, they include the interests described in the sections above with the heading “How Do We Use Your Information” for our Ad Services and for the PubMatic Properties.

In some cases, we may rely on your consent or have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.  If we rely on consent to collect and/or process your personal information, we will obtain such consent in compliance with applicable laws.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contacting Us” heading below.

4.5       THIRD PARTIES

This Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including our vendors or any other third party operating any site or service to which the Ad Services or PubMatic Properties link.  The inclusion of a link through the Ad Services or Online Property does not imply endorsement of the linked site or service by us or by our affiliates.

Please note that we are not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including any personal information you disclose to other organizations through or in connection with the Ad Services or PubMatic Properties.

You should always read the privacy policy of any website you access or social network page through which you share information carefully in order to understand their specific privacy and information usage practices.

4.6      HOW DO WE KEEP YOUR PERSONAL INFORMATION SECURE?

We use reasonable organizational, technical, administrative, and physical safeguards to protect the personal information we collect and process.  The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information and to help ensure that your data is safe and secure.  However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure.  If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contacting Us” section below.

4.7       RETENTION OF YOUR INFORMATION

We will retain personal information for the period necessary to fulfill the purposes outlined in this Policy and where we have ongoing legitimate business needs to do so (for example, to provide the Ad Services, to comply with applicable legal, tax or accounting requirements, to enforce our agreements or comply with our legal obligations) unless a longer retention period is required or permitted by law.

If you are an End User, we may retain information that we collect through the Ad Services (including the segment information that we receive from third parties) for up to 45 days from the last date that we received any of the End User’s data.  We may retain ad impression information for up to 45 days.  We may retain raw ad server logs for our mobile ad server business for up to 45 days.  We use precise geolocation for the specific ad impression to which the geolocation relates, after which the geolocation information is aggregated with other geolocation data for use by us for analytical purposes.  If we de-identify information we collect through the Ad Services, we may retain that information, in an aggregated format, indefinitely.  In such cases, we commit to not re-identifying the information.  If we are required to retain information to comply with a legal or audit obligation, we may store End User information for longer periods.

4.8       INTERNATIONAL DATA TRANSFERS

The PubMatic Properties and Ad Services are provided, supported, and hosted in the United States.  If you are using these from outside the United States, be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information, in the United States and other locations, including India, where we have offices or employees or engage service providers.  These countries may have data protection laws that are different from the laws of your country of residence.

However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Policy.  These include:

  • Implementing the European Commission’s Standard Contractual Clauses for transfers of personal information between our group companies, which require all group companies to protect personal information they process from the EEA in accordance with European Union data protection law. Our Standard Contractual Clauses can be provided upon request.  We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request; and
  • Self-certifying to the EU-US and Swiss-US Privacy Shield Frameworks. See our Privacy Shield Notice below for further information.

4.9       PRIVACY SHIELD NOTICE

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Status

TRUSTe

PubMatic, Inc., located in the United States, participates in and has certified its compliance with the EU-U.S.  Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.  We are committed to subjecting all personal information received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles.  To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S.  Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome.  A list of Privacy Shield participants is maintained by the Department of Commerce and is available at: https://www.privacyshield.gov/list.

PubMatic is responsible for the processing of personal information it receives under each Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf.  We comply with the Privacy Shield Principles for all onward transfers of personal information from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S.  Federal Trade Commission.  In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider TRUSTe (free of charge to you) at https://feedback-form.truste.com/watchdog/request.  Under certain conditions, more fully described on the Privacy Shield website, https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Residents of the EU and Switzerland may also request our data processing agreements in addition to relying on PubMatic’s Privacy Shield certification.

4.10     SENSITIVE INFORMATION AND OUR USE OF NON-SENSITIVE HEALTH SEGMENTS

We ask that you not send us, and you not disclose, any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background, or trade union membership) on or through the PubMatic Properties or Ad Services or otherwise to us.

We may receive the following non-sensitive health-related advertising segments that we use to target ads that may be of interest to End Users: diet and fitness; doctors; health care professionals; health conscious; health and medicine; health and well-being; interest in health insurance; and pregnancy.

4.11     UPDATES TO THIS POLICY

We will review and update this Policy periodically and will note the date of its most recent revision at the top of this Policy.  If we make material changes to this Policy, we will post the revised Policy on our website and may take additional measures to inform you about such changes if required by applicable data protection laws.  We encourage you to review this Policy frequently to be informed of how PubMatic is protecting your information.

4.12     CONTACTING US

If you have any questions about this Policy or PubMatic’s privacy practices, please contact us by email at privacy@pubmatic.com, or by mail using the details provided below.

Please note that email communications are not always secure, so please do not include sensitive information in your emails to us.

Residents outside the European Economic Area (EEA):

PubMatic, Inc. c/o Privacy
305 Main Street, First Floor
Redwood City, California 94063, USA

European Economic Area (EEA) Residents:

Attn: Data Protection Officer
PubMatic Limited
18 – 22 Stoney Lane
Yardley, Birmingham B25 8YP, England

To comply with our obligations under EU data protection legislation, we have appointed a Data Protection Officer (DPO).  Our DPO is contactable at dpo@pubmatic.com or by mail using the details provided above.

Who is the controller of my data? For the purposes of EU data protection legislation, PubMatic, Inc is the controller of your personal information.