- About End Users through our Ad Services (see “Privacy for Our Services”); and
- About individuals who visit, use, or interact with the PubMatic Properties (see “Privacy for the PubMatic Properties”).
If you are a resident of the European Economic Area, Switzerland or the United Kingdom and want to find out more about your data protection rights, please see “Your Data Protection Rights“.
If you have any questions, you may contact us (see “Contacting Us”).
We recommend that you read this entire Policy carefully. However, to make it easier for you to review those sections of this Policy that apply to you, you may click the links below:
- Section 1- Who We Are
- Section 2- Privacy for Our Services
- Section 3- Privacy for the PubMatic Properties
- Section 4- General Information
- 4.1- How Do We Share Your Information?
- 4.2- Your Opt-Out Choices
- 4.3- Your Data Protection Rights
- 4.4- Legal Basis for Processing Personal Information (EEA End Users and Visitors only)
- 4.5- Third Parties
- 4.6- How Do We Keep Your Personal Information Secure?
- 4.7- Retention of Your Information
- 4.8- International Data Transfers
- 4.9- Privacy Shield Notice
- 4.10- Sensitive Information and Our Use of Non-Sensitive Health Segments
- 4.11- Updates to this Policy
- 4.12- Contacting Us
Opt Out: To go directly to the opt-outs for interest-based advertising and cross-device targeting, click here: https://pubmatic.com/legal/opt-out/.
A reference to “PubMatic” “we” or “our” means PubMatic, Inc. and its global subsidiaries including, as of the effective date of this Policy, PubMatic Limited, PubMatic GmbH, PubMatic India Private Limited, パブマティック株式会社 (PubMatic KK), PubMatic Pte. Ltd. and 据翼软件科技有限公司 (PubMatic Software (Shanghai)) Limited.
PubMatic provides marketing automation technology via our supply side platform (“Platform”) and related advertising tools (collectively the “Ad Services”). We provide our services and tools to our “Clients,” which include “Publisher Clients” who own and operate websites, mobile applications, and “over-the-top” television devices (“OTT TV Device”), internet connected television (“CTV”) and other online services (each a “Digital Property”) and “Media Buyers” who are advertisers and other ad partners looking to distribute relevant ad content through our Platform. Our Ad Services help Clients display relevant online advertising to end users (“End Users”) who interact with Digital Properties that use our Ad Services.
PubMatic may also share or license certain information about End Users collected in connection with our Ad Services with brands, agencies and other interested third parties, to help them better identify and validate commercial opportunities, promote transparency and protect against fraud.
PubMatic also collects information from individuals when they visit, use, or interact with: (i) www.pubmatic.com and other websites operated by us, including PubMatic’s client interfaces (the “Websites”); (ii) our software applications (the “Apps”); (iii) our social media pages (our “Social Media Pages”); and (iv) our events, sales and marketing activities (collectively, our “PubMatic Properties”).
SECTION 2 – PRIVACY FOR OUR SERVICES
This Section covers all the information we collect and receive from End Users in connection with our products and services, including End Users of Digital Properties that use our Ad Services.
2.1 WHAT INFORMATION DO WE COLLECT?
Information we automatically collect
When End Users visit or use a Digital Property that uses our technology, we (and our partners or vendors) use and deploy tracking technologies (see “Cookies and Similar Tracking Technologies“) to automatically collect certain information about the End Users and their computer or other devices, such as their mobile device, CTV, or OTT TV Device. Some of this information (including, for example, unique identifiers stored in a cookie or your device) may identify a particular computer or device and may be “personal data” in some jurisdictions, including the EU and the State of California.
Our Ad Services are designed to process information in such a manner that the information cannot be directly attributed to a specific, identifiable individual without the use of additional information such as your name, address, or email address, unless you choose to provide that information in connection with any request that you may choose to make directly to PubMatic. We (and our partners or vendors) may collect this information the first time an End User interacts with a Publisher Client’s Digital Property that uses our Ad Services, and we may combine and associate this information (including your PubMatic ID – described below) with other information we (or our partners) may collect about End Users as described in this Policy.
For example, PubMatic may assign a unique identifier called a “PubMatic ID” to a browser or other devices when an End User first accesses a Publisher Client’s Digital Property. The PubMatic ID can be a cookie ID (a unique ID randomly assigned by PubMatic to a browser), a mobile advertising ID (a unique ID assigned by the mobile operating system (e.g., Apple ID for Advertising or Android Advertising ID)), or an CTV or OTT TV Device identifier for Advertising (a unique ID assigned by an the OTT or CTV publisher). The PubMatic ID enables the Platform to determine within a reasonable level of confidence that a browser or device is the same one with which the Platform has previously interacted. In some cases, based on data we receive from Clients or partners, advertisers are able to infer within a reasonable probability that a particular browser or device should be associated with the same PubMatic ID. This information may be used to deliver targeted ads across multiple browsers or devices. This is sometimes referred to as “cross-device targeting.” The other categories of information we automatically collect include:
- Browser and Device information, such as the device type and model, manufacturer, operating system type and version (e.g. iOS or Android), web browser type and version (e.g., Chrome or Safari), user-agent, carrier name, time zone, network connection type (e.g., Wi-Fi or cellular), IP address, general location inferred from IP address (e.g. country, region postal or zip code), hardware-based identifiers (e.g. MAC address), information about our Publisher Client’s apps and versions currently active on a device (but not any other apps), and identifiers assigned to a device, such as its iOS Identifier for Advertisers (IDFA), Android/Google Advertising ID (AAID or GAID), CTV identifier or OTT Device Identifier or other unique device identifier (typically an alphanumeric string allocated to a device by the device manufacturer, a Publisher Client’s Digital Property, or PubMatic, including identifiers stored in a cookie, ETag, or browser or web cache).
- Information about an End User’s behavior on our Publisher Clients’ Digital Properties, such as information about the activities or actions on those Digital Properties, session start/stop time, and geolocation (including latitude and longitude coordinates, but only if the Publisher Client’s Digital Property has enabled location services on the device and the End User has granted the Publisher Client permission to collect and share this information for advertising purposes).
- Information about ads served, viewed, or clicked on, such as the type of ad, where the ad was served, whether the End User clicked on it, the number of times an End User has seen the ad, and whether the End User visited the Media Buyer’s website or relevant app store and/or purchased or installed the product or service advertised.
Information we receive from third parties
We may also combine, merge and/or enhance the information we collect about an End User with information collected from our Publisher Clients and third parties (like our data providers). For example, our Publisher Clients may also collect information that they choose to pass to us either directly through our Ad Services or through application programming interfaces (APIs), when our Ad Services connect to their systems. This information may include, for example: network type of an End User’s device, age, ethnicity (where permitted by law), gender, and precise geolocation (where permitted by law), mobile device IDs, demographic or interest data, obfuscated user identifiers such as hashed email addresses, and content viewed or actions taken on a website or app to help make the ads served to an End User more relevant while limiting exposure to less relevant ads. Some Publisher Clients may also provide precise geolocation information collected on certain of their Digital Properties. We will not use precise geolocation information for interest-based advertising without your opt-in consent.
We work with Clients and other partners to help create or obtain audience segments for us and our Clients to use for advertising purposes. A segment is a grouping of End Users by one or more attributes (e.g., “cycling enthusiast”). These individuals are identified by an online identifier in these segments but are not identifiable by name or other personal information that directly reveals their identity.
We (or our third-party partners) may also receive information from third party partners that allows them and/or us to undertake “ID syncing” or “user matching,” which means that in addition to the PubMatic ID an End User has been assigned in our systems, we may also receive a list of unique IDs our external partners or Publisher Clients have assigned to the End User, which we match to the End User’s PubMatic ID.
2.2 HOW DO WE USE YOUR INFORMATION?
We use the information we collect for a variety of business purposes. For example, we use the information we collect for the following purposes:
- Providing Our Services: Generally, we use the information we collect about End Users to provide our products and services (including the Ad Services) as described in this Policy.
- Serving Ads: To allow Publisher Clients to offer advertising inventory in their Digital Properties and Media Buyers to bid on and fill that inventory with relevant ads.
- Ad Reporting and Conversions: To provide information and reports to Media Buyers about when and how End Users have been exposed to their ads, clicked on their ads, or visited their Digital Property.
- Frequency Capping: To prevent End Users from seeing the same ad too many times.
- Customizing Ads: To infer End Users’ likely commercial interests (e.g., sports or travel) based on their activities across websites, mobile apps, and other Digital Properties over time, including to build interest-based advertising segments or audiences, as well as to supplement the information we collect with additional information we receive from third parties, such as third-party advertising segments or audiences, to allow us to customize and more effectively tailor the ads we display to End Users and to optimize the display of ads (including limiting exposure to less relevant ads).
- Performance Analytics: To analyze ad performance, such as tracking views of ads, as well as click-through rates to websites or app stores and/or installs of apps that have been advertised.
- Interest-Based Advertising: To serve targeted ads to an End User on behalf of our Clients based on the End User’s activity across websites, mobile apps, and other Digital Properties over time and information regarding an End User’s inferred commercial interests.
- Location-Based Advertising: To deliver location-based advertising, services, and content in real-time through the use of your device’s physical location (where permitted by law).
- Fraud Detection and Prevention and Security: To identify invalid ad impressions, clicks, installs, or ad queries, protect us and our Publisher Clients from fraudulent behavior, and protect the security of the Ad Services.
- Providing, Managing, and Improving our Ad Services and Developing New Services: To facilitate navigation, display information more effectively, and to personalize your experience while using the Ad Services, as well as auditing, researching, and analyzing information to provide, protect, manage, and improve our Ad Services, develop new services, and ensure that our technologies function properly.
- Service Usage and Support: To calculate usage levels of the Ad Services, help diagnose server problems, and administer the Ad Services.
- As we believe to be necessary or appropriate: (a) under applicable law, including laws outside an End User’s country of residence; (b) to comply with subpoenas, warrants, or other legal process; (c) to respond to requests from public and government authorities including public and government authorities outside an End User’s country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, End Users, or others; and (g) to allow us to establish or exercise our legal rights or defend against legal claims.
2.3 COOKIES AND SIMILAR TRACKING TECHNOLOGIES
Cross-Device and Cross-App Targeting
Our Publisher Clients and partners may use information that we share with them to establish connections among related devices (such as smartphones, tablets, and computers) for targeted advertising, analytics, and reporting purposes. They may match an End User’s devices if the End User logs into the same online service on multiple devices or web browsers, or if the End User’s devices share similar attributes that support an inference that they are used by the same person or household. This means that information about an End User’s use of websites or applications on his or her current browser or device may be combined and used with information from the End User’s other browsers or devices. For example, this allows Media Buyers to deliver ads on an End User’s tablet based on activities the End User engaged in on his or her smartphone. To opt out of cross-device targeting practices, please follow the instructions in the paragraph below titled “Opting Out of Cross-Device Targeting.”
Our Publisher Clients and partners also may use information about an End User’s activity across multiple, unaffiliated third-party mobile applications for targeted advertising, analytics, and reporting purposes. For example, if an End User uses a travel app, these third parties may display travel-related ads to the End User on other, unrelated apps. To opt out of cross-app targeting practices, please follow the instructions in the paragraph below titled “Opting Out of Interest-Based Advertising for Mobile Advertising Identifiers.”
SECTION 3 – PRIVACY FOR THE PUBMATIC PROPERTIES
This Section describes how we collect and use information when visitors interact with or use any of the PubMatic Properties (such as our Websites).
3.1 WHAT INFORMATION DO WE COLLECT?
Information that individuals provide voluntarily
Certain parts of the PubMatic Properties may ask visitors to provide personal information voluntarily: for example, we may collect personal information when a visitor registers for a PubMatic account, expresses an interest in obtaining additional information about PubMatic or our products and services, subscribes to our marketing, or otherwise contacts us.
The personal information we collect may include contact information (such as name, address, telephone number, or email address) and contact preferences. It may also include professional information, such as job title, department or job role, and the nature of an individual’s request or communication. We also collect information that visitors choose to provide to us when completing any ‘free text’ boxes in our forms (for example, for event sign-up, product feedback, or survey requests). Please do not post any information that you do not want to reveal to the public at large.
Information we or our third-party partners collect automatically
When using the PubMatic Properties, we or our third-party partners may automatically collect certain information from an individual’s device. In some countries and states, including countries in the EU and the State of California, this information may be considered personal data under applicable data protection laws.
3.2 HOW DO WE USE YOUR INFORMATION?
We may use information collected from the PubMatic Properties for the following purposes:
- To send marketing and promotional communications. For example, we and/or our third-party marketing partners may use the information for our marketing purposes (for example, to send promotional emails), in accordance with an individual’s marketing preferences. You may opt out of our marketing at any time (see “Your Opt-Out Choices“).
- To send administrative information. For example, to send information regarding our services and changes to our terms, conditions, and policies.
- To engage in and process transactions. For example, we may use personal information to process your transactions and for billing purposes.
- To post testimonials. We post testimonials on the PubMatic Properties that may contain personal information. Prior to posting a testimonial, we will obtain your consent to use your name and testimonial. If you wish to update or delete your testimonial, please contact us at firstname.lastname@example.org and be sure to include your name, testimonial location, and contact information.
- To manage accounts and provide customer support or other services. For example, we may use information to create or administer PubMatic accounts and to provide customer support or other requested services or information about the Ad Services.
- To select content and improve quality. We may use information to help improve the PubMatic Properties and PubMatic Ad Services and to ensure that content on the PubMatic Properties is presented in the most effective manner for your device.
- For legal purposes. We may use information as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with subpoenas, warrants, or other legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to establish or exercise our legal rights or defend against legal claims.
- For our business purposes. We may use information for our business purposes, such as data analysis, audits, identifying usage trends, determining the effectiveness of our promotional campaigns, and to evaluate and improve our products, services, marketing, and client relationships.
3.3 COOKIES AND SIMILAR TRACKING TECHNOLOGIES
3.4 USE OF PUBMATIC PROPERTIES BY MINORS
The PubMatic Properties are not intended for nor directed to individuals that are deemed to be children under applicable data protection or privacy laws, and we request that such individuals do not provide information through any of the PubMatic Properties.
SECTION 4 – GENERAL INFORMATION
4.1 HOW DO WE SHARE YOUR INFORMATION?
Information we collect may be disclosed:
- To our affiliates: We may disclose your information to our affiliates (see “Who We Are“) for the purposes described in this Policy. PubMatic, Inc., is the party responsible for the management of your personal information jointly used by it and its affiliates.
- Publisher Clients: If you are an End User, we may disclose information collected through our Ad Services to our Publisher Clients to allow them to analyze the effectiveness and performance of our Ad Services and to offer targeted ad inventory to our Media Buyer Clients.
- Media Buyers: If you are an End User, we may share information we collect in connection with our Ad Services with our Media Buyer Clients for purposes relevant to our business relationships with them, such as for billing purposes, dispute resolution, or fraud prevention and to allow them to make decisions regarding buying advertising inventory on our Publisher Clients’ Digital Properties and other websites and applications, and to analyze the effectiveness and performance of their advertising campaigns via our services, including sharing your device’s physical location to enable our Media Buyer Clients to provide you with more personalized content and to study the effectiveness of advertising campaigns.
- Other Clients:If you are an End User, we may share certain information we collect in connection with our Ad Services with brands, agencies and other interested third parties to help them better identify and validate commercial opportunities, promote transparency and protect against fraud.
- Attribution and Analytics Partners: If you are an End User, we may share your information (such as your cookie ID, mobile device ID, or other unique identifier) with our (or our Publisher Client or Media Buyer’s) attribution and analytics partners to validate and measure the success and effectiveness of ads delivered via the Platform.
- With our vendors, consultants, and other service providers: We may share your information with our third-party service providers, vendors, contractors, or agents who perform functions required for the operation of the business. Examples include, to provide data storage and processing services, lead management, campaign management, technical support for our Platform and PubMatic Properties and fraud prevention.
- Website advertising partners: As noted above, we may partner with certain third parties to collect information on the PubMatic Properties to engage in analysis, auditing, research, and reporting, as well as to deliver advertising that we believe may interest you based on your activity on the PubMatic Properties and other websites over time. We may share information with them for this purpose.
- Business transfers: We may share your information with a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets or sock (including in connection with any bankruptcy or similar proceedings).
- For legal purposes: We may share your information as we believe to be necessary or appropriate : (a) under applicable law, including laws outside your country of residence; (b) to comply with subpoenas, warrants, or other legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to establish or exercise our legal rights or defend against legal claims.
- With consent: We may disclose an individual’s information to any other person with the individual’s consent to such disclosure.
- On message boards or other public webpages: Individuals may choose to share information on message boards, chat, profile pages and blogs and other services that allow visitors to post information and materials (including, without limitation, our Social Media Pages). Please note that any information posted or disclosed through these services and forums will become public information, and may be available to users of the PubMatic Properties and to the general public. We urge you to be very careful when deciding to disclose your personal information, or any other information, on the PubMatic Properties.
Opting out of receiving electronic communications from us
If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt out of receiving these marketing-related emails by contacting us at email@example.com or by clicking on the opt-out link within the email message that you receive from us. Please also note that if you do opt out of receiving marketing-related emails from us, we may still be required to send you administrative messages relating to our services from time to time.
Opting out of our sharing of your personal information with affiliates for their direct marketing purposes
If you would prefer that we do not share your personal information in the future with our affiliates for their direct marketing purposes, you may opt out of this sharing by contacting us at firstname.lastname@example.org.
Opting out of interest-based advertising from Cookies
We are a member of the Network Advertising Initiative (NAI) and adhere to the NAI Code of Conduct. We also adhere to the Digital Advertising Alliance’s (DAA) Self-Regulatory Principles for Online Behavioral Advertising and Multi-Site Data, the Application of Self-Regulatory Principles to the Mobile Environment, and the Application of the DAA Principles of Transparency and Control to Data Used Across Devices. If you go to optout.networkadvertising.org, or optout.aboutads.info, you can learn how to exercise choice regarding the collection of information about your online activities over time and across multiple third-party websites, online services, devices, or applications for interest-based advertising purposes.
Some of our Publisher Clients have their own opt-out mechanisms that are linked from their sites or their online-posted privacy policies. You should review the privacy policies of those companies for these opt-out links if you no longer wish to receive targeted advertising from a particular company, or multiple companies.
At this time, we do not honor “Do Not Track” headers and similar mechanisms.
Opting Out of Interest-Based Advertising in Mobile Applications
Our clients and partners may display interest-based advertising to you in mobile applications, based on your use of mobile applications over time and across non-affiliated apps. To learn more about these practices and how to opt out, please visit http://www.aboutads.info/appchoices, download the DAA’s AppChoices mobile app, and follow the instructions provided in the AppChoices mobile app. You can also adjust the advertising preferences on your mobile device (in iOS, visit Settings > Privacy > Advertising > Limit Ad Tracking, and in Android, visit Settings > Google > Ads > Opt out of interest-based ads).
Opting Out of Interest-Based Advertising on Connected TVs
Our clients and partners may display interest-based advertising on CTVs (also known as smart TVs or connected devices), based on your use of CTVs over time and across non-affiliated CTV apps. To learn more about these practices and how to opt out, please review your connect TV’s settings menu and visit https://thenai.org/opt-out/connected-tv-choices/.3.568/9*
Opting Out of Cross-Device Targeting
Our clients and partners may combine and use information from websites or applications on your current browser or device with information from your other browsers or devices for advertising purposes. To opt out of such practices by our clients and partners, please follow the instructions above for opting out on each of your browsers and on each of your mobile devices, including:
- Opting Out of Interest-Based Advertising from Cookies
- Opting Out of Interest-Based Advertising for Mobile Advertising Identifiers
Please note that you will need to opt out separately on each of your browsers and on each of your mobile devices to ensure that information collected on a particular browser or device is not used on another browser or device.
4.3 YOUR DATA PROTECTION RIGHTS
You may certain data protection rights under laws applicable to you. Those rights may include the following:
- You may have the right to request access to or that we change, update, or delete your personal information. Please note that we may impose a small fee for access and disclosure of your personal information where permitted under applicable law, which will be communicated to you.
- If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You may have the right to opt out of receiving marketing communications from us. See “Your Opt-Out Choices” for further information.
- If you are a resident of the European Economic Area (EEA) or the UK, you may also have the following rights:
- The right to object to processing of your personal information, restrict processing of your personal information, or request portability of your personal information. To exercise these rights please see our DSR Notice to submit a request; and
- The right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are here and the UK here.
Please note that because most of the information we store can only identify a particular browser or device, and cannot directly identify you personally, you will need to provide us with some additional information to enable us to identify the personal information we hold about you and ensure that we accurately fulfill your request and do not infringe on the privacy rights of other individuals.
You can exercise your rights at any time by submitting a request through our webforms found on our DSR Notice page. We will respond to your request in accordance with our obligations under applicable privacy laws.
4.4 LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION (EEA AND UK END USERS AND VISITORS ONLY)
If you are located in the EEA or UK, our legal basis for collecting and using personal information described above will depend on the personal information concerned and the specific context in which we collect or use it. We normally rely on our (or a third party, such as our Clients) legitimate interests to collect and use your personal information, except where such interests are overridden by your data protection interests or fundamental rights and freedoms. Our legitimate interests are described in more detail in the sections above with the heading “How Do We Use Your Information”. In connection with our Ad Services, our legitimate interests include the operation of our Platform and the provision of our Ad Services to Clients as required by our agreements with them.
In some cases, we may rely on your consent that we obtain directly from you, or in the context of our Ad Services, which is obtained for us by our Clients that use our technology or use technology that interacts with our Platform. Additionally, we may have a legal obligation to collect data.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contacting Us” heading below.
This Policy does not address, and except as otherwise described in this Policy, we are not responsible for, the privacy, information, or other practices of any third parties, including our vendors or any other third party operating any site or service to which the Ad Services or PubMatic Properties link. The inclusion of a link through the Ad Services or Online Property does not imply endorsement of the linked site or service by us or by our affiliates.
Please note that we are not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including any personal information you disclose to other organizations through or in connection with the Ad Services or PubMatic Properties.
4.6 HOW DO WE KEEP YOUR PERSONAL INFORMATION SECURE?
We use reasonable organizational, technical, administrative, and physical safeguards to protect the personal information we collect and process. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information and to help ensure that your data is safe and secure. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contacting Us” section below.
4.7 RETENTION OF YOUR INFORMATION
We will retain personal information for the period necessary to fulfill the purposes outlined in this Policy and where we have ongoing legitimate business needs to do so (for example, to provide the Ad Services, to comply with applicable legal, tax or accounting requirements, to enforce our agreements or comply with our legal obligations) unless a longer retention period is required or permitted by law.
If you are an End User, we may retain information that we collect through the Ad Services (including the segment information that we receive from third parties) for up to 45 days from the last date that we received any of the End User’s data. We may retain ad impression information for up to 45 days. We may retain raw ad server logs for our CTV and mobile ad server businesses for up to 45 days. We use precise geolocation for the specific ad impression to which the geolocation relates, after which the geolocation information is aggregated with other geolocation data for use by us for analytical purposes. If we de-identify information we collect through the Ad Services, we may retain that information, in an aggregated format, indefinitely. In such cases, we commit to not re-identifying the information. If we are required to retain information to comply with a legal or audit obligation, we may store End User information for longer periods.
4.8 INTERNATIONAL DATA TRANSFERS
In connection with the PubMatic Properties and Ad Services, your personal information may be transferred to, and processed by PubMatic its service providers and partners in countries other than the country in which you are resident, including in the United States, India and other locations where we have offices or employees or engage service providers or our partners. These countries may have data protection laws that are different from the laws of your country of residence and may not provide the same level of protection as your jurisdiction. Regardless of where your data is located, PubMatic shall process your personal information in accordance with this Policy.
If you are resident in the EEA, UK or Switzerland, we will protect your personal information when it is transferred outside of your jurisdiction by (i) processing it in a territory that provides an adequate level of protection for personal information based on the receiving country’s data protection laws; and/or (ii) implementing appropriate safeguards to protect your personal information, such as requiring the recipient to comply with the Standard Contractual Clauses, or another lawful and approved transfer mechanism.
In addition, although PubMatic does not rely on the Privacy Shield Framework to lawfully receive EEA, UK or Swiss personal information in the U.S., PubMatic, Inc. has self-certified to and does comply with the Privacy Shield Framework for transfers of such personal information to PubMatic, Inc. See our Privacy Shield Notice below for further information.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Status
PubMatic, Inc., located in the United States, participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to processing all personal information received in the U.S. from European Economic Area (“EEA”), United Kingdom and Switzerland, respectively, in reliance on the Privacy Shield Framework. PubMatic Inc. has certified to the US Department of Commerce that PubMatic Inc. adheres to the Privacy Shield Principles in respect of all personal information received from the EEA, UK and Switzerland.
To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome. A list of Privacy Shield participants is maintained by the Department of Commerce and is available at: https://www.privacyshield.gov/list.
PubMatic is responsible for the processing of personal information it receives under each Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal information from the EEA, UK and Switzerland, including the onward transfer liability provisions.
With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website, https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Residents of the EEA, UK and Switzerland may also request our data processing agreements in addition to relying on PubMatic’s Privacy Shield certification.
4.10 SENSITIVE INFORMATION AND OUR USE OF NON-SENSITIVE HEALTH SEGMENTS
We ask that you not send us, and you not disclose, any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background, or trade union membership) on or through the PubMatic Properties or Ad Services or otherwise to us.
We may receive the following non-sensitive health-related advertising segments that we use to target ads that may be of interest to End Users: diet and fitness; doctors; health care professionals; health conscious; health and medicine; health and well-being; interest in health insurance; and pregnancy.
We will review and update this Policy periodically and will note the date of its most recent revision at the top of this Policy. If we make material changes to this Policy, we will post the revised Policy on our website and may take additional measures to inform you about such changes prior to such changes taking effect, if required by applicable data protection laws. We encourage you to review this Policy frequently to be informed of how PubMatic is protecting your information.
If you have any questions about this Policy or PubMatic’s privacy practices, please contact us by email at email@example.com, or by mail using the details provided below.
Please note that email communications are not always secure, so please do not include sensitive information in your emails to us.
Residents outside the European Economic Area (EEA):
PubMatic, Inc. c/o Privacy
601 Marshall Street
Redwood City, California 94063, USA
European Economic Area (EEA), and Swiss Residents:
Attn: EEA Representative
Barbara Strozzilaan 101
1083 HN Amsterdam, Netherlands
Attn: UK Representative
18 – 22 Stoney Lane
Yardley, Birmingham B25 8YP, England
To comply with our obligations under EU/ UK data protection legislation, we have appointed a Data Protection Officer (DPO). Our DPO is contactable at firstname.lastname@example.org or by mail using the details provided above.
Who is the controller of my data? For the purposes of EU/UK data protection legislation, PubMatic, Inc is the controller of your personal information.