This page is about the privacy practices on PubMatic’s Advertising Platform and the data it uses for delivering advertising. If you are interested in our corporate and website privacy policy, click here. This Platform Privacy Policy does not cover our privacy practices related to information submitted to the Careers section of the Websites. If you submit information to PubMatic’s Careers section of the Websites, please refer to PubMatic’s Careers Privacy Policy.

Last Updated: October 4, 2023. 

PubMatic is an advertising technology company that provides a variety of online advertising-related services (see “Who We Are“). We are concerned about privacy issues and want you to be familiar with how we collect, use, and share information and how you can exercise the privacy rights available to you. This Privacy Policy (“Policy” or the “Platform Privacy Policy”) covers the information that we may process about individuals who access websites, apps, or other digital properties that are being monetized through our Ad Services (see “Privacy for Our Services”).

If you are a resident of the European Economic Area, Switzerland or the United Kingdom and want to find out more about your data protection rights, please see “Your Data Protection Rights“.

If you are a resident of California, please see our CCPA Privacy Policy to find out more about your privacy rights.

If you have any questions, you may contact us (see “Contacting Us”).

Opt Out: To go directly to the opt-outs for interest-based advertising and cross-device targeting, click here: https://pubmatic.com/legal/opt-out/.

Overview:

PubMatic provides marketing automation technology that helps keep the internet open and accessible to people all over the world. We do that by providing tools and software that help content creators and others who own and operate websites, mobile applications, internet connected television, “over the top” television devices, and other online services (in this document we refer to those items collectively as “Digital Properties”) monetize their content. This helps those creators who publish content (what we call a “Publisher”) make money from the content they make available, which in turn helps incentivize them to make more of the content that you enjoy.

To provide this service, we – and our clients and partners – collect and use data both to help ensure that the ads you see are relevant and to measure and report on their effectiveness.

We value your privacy and want to ensure that you have a comprehensive understanding of how we collect, utilize, and disclose your information as described in this Advertising Platform Privacy Policy.

Quick Links

We recognize that reading and understanding online terms and conditions can be difficult and time-consuming. While we recommend that you read this document in its entirety, to make this process easier for you, we have taken steps to simplify it and provide the following quick links to make it easier for you to navigate.

  1. WHO WE ARE
  2. ABOUT US AND OUR AD SERVICES
  3. PUBMATIC’S AD SERVICES & PRIVACY
    1. AT A GLANCE
    2. PUBMATIC’S AD SERVICES & PRIVACY – FULL POLICY
      1. INFORMATION WE COLLECT
      2. CROSS-DEVICE AND CROSS-APP TARGETING
    3. HOW WE USE & DISCLOSE INFORMATION
    4. LEGAL BASIS FOR PROCESSING PERSONAL DATA (EEA AND UK END USERS AND VISITORS ONLY)
  4. GENERAL INFORMATION
    1. INTERNATIONAL DATA TRANSFERS
    2. EU-U.S. DATA-PRIVACY FRAMEWORK
    3. YOUR DATA PROTECTION RIGHTS
    4. THIRD PARTIES
    5. SECURITY
    6. RETENTION OF DATA
    7. SENSITIVE INFORMATION & USE OF NON-SENSITIVE HEALTH DATA
    8. UPDATES TO THIS POLICY
  5. YOUR OPT-OUT CHOICES
  6. CONTACTING US

1. WHO WE ARE

Any reference to “PubMatic” “we” or “our” means PubMatic, Inc. and its global subsidiaries including, as of the effective date of this Platform Privacy Policy, PubMatic Limited, PubMatic GmbH, PubMatic India Private Limited, パブマティック株式会社 (PubMatic KK), PubMatic Pte. Ltd. and 据翼软件科技有限公司 (PubMatic Software (Shanghai)) Limited.

To get in touch with us, please see the “Contacting Us” section of this document.

2. ABOUT US AND OUR AD SERVICES

PubMatic provides marketing automation technology via our advertising platform (the “Platform”) and related advertising tools (collectively the “Ad Services”). Our platform includes tools that allow Publishers to make space available on their Digital Properties available for purchase (what the advertising industry refers to as a Supply Side Platform or SSP) and tools that allow a buyer to purchase the opportunity to display an ad on a Digital Property (these buyers are referred to in this document as “Media Buyers” and include advertisers, ad agencies, Demand-Side Platforms, and other ad partners looking to distribute ad content through our Platform). In this document we refer to both Media Buyers and Publishers as “Clients.” Our Ad Services help Clients display relevant online advertising to the individuals (referred to here as “End Users”) who interact with Digital Properties that use our Ad Services. To better understand our Ad Services, you can review descriptions of our primary products here. PubMatic may also share or license certain information about End Users collected in connection with our Ad Services with brands, agencies and other interested third parties, to help them better identify and validate commercial opportunities, promote transparency and protect against fraud.

PubMatic also collects information from individuals when they visit, use, or interact with: (i) www.pubmatic.com and other websites operated by us, including PubMatic’s client interfaces (the “Websites”); (ii) our software applications (the “Apps”); (iii) our social media pages (our “Social Media Pages”); and (iv) our events, sales and marketing activities (collectively, our “PubMatic Properties”).

3. PUBMATIC’S AD SERVICES & PRIVACY

3.1. AT A GLANCE

We provide a more detailed description below, but to simplify your review, please see this high-level summary:

What We Do:

  • Advertising technology platform for managing digital advertising campaigns and for monetizing Digital Properties.

Data Our Ad Services Collects:

Pseudonymous data such as:

  • Unique cookie and device identifiers
  • Mobile device advertising identifiers
  • IP addresses
  • Browser and device information
  • Web browsing history from advertising impressions
  • Information about end user engagement with ads
  • Information about end user behavior on Digital Properties

Data We May Receive from partners:

Pseudonymous user data such as:

  • Demographic data
  • Location data
  • Obfuscated user identifiers such as hashed email addresses
  • Information similar to the information described in “Data Our Ad Services Collects” above)
  • ID Syncing Data

How The Ad Services Collect Data:

Some of the ways our Ad Services collect data:

  • From Publishers passing us information so that we can help them monetize ad inventory space on their Digital Properties
  • Using cookies and/or pixels
  • From Clients uploading data onto our platform
  • From Clients and partners using our technology to gather data
  • Through the process of serving ads

Data Our Ad Services Do Not Collect:

PubMatic’s Ad Services do not collect directly identifiable information, including, for example:

  • PubMatic does not collect your email address
  • PubMatic does not collect your physical address
  • PubMatic does not collect your social security number
  • PubMatic does not collect your real name

How We Use the Data We Collect:

The Ad Services processes the data we collect for advertising purposes, including:

  • Personalizing ads
  • Delivering ads
  • Limiting the number of times you see an ad (called “frequency capping”)
  • Measuring the effectiveness of ads and ad campaigns
  • Reporting on ad campaigns
  • Maintaining records
  • Attributing purchases or other actions to ads
  • Associating devices or identifiers that may be related to each other
  • Preventing malicious or fraudulent activity
  • Improving our Ad Services

How We Disclose the Data We Collect:

We disclose data that we collect to:

  • Media Buyers in order to allow Publishers to offer advertising inventory in their Digital Properties to Media Buyers to bid on and fill that inventory with relevant ads
  • Clients to help them improve the effectiveness of their – and their client’s – ads
  • Service providers
  • Where we think we’re required to by law

 

In addition, much of the data collected on the Platform belongs to our clients and partners.

We may transfer data from the country of origin to the US or other countries. We do so under a valid legal framework.

We may also disclose personal information in response to lawful requests from public authorities, including to meet security or law enforcement requirements.

3.2 PUBMATIC’S AD SERVICES & PRIVACY – FULL POLICY

3.2.1. INFORMATION WE COLLECT

When End Users visit or use a Digital Property that uses our technology, we (and our partners or vendors) use and deploy tracking technologies – including, often, cookies – to automatically collect certain information about the End Users and their computer or other devices, such as their mobile device, CTV, or OTT TV Device. While none of this technology provides directly identifiable information (meaning, it doesn’t include your name, email address, phone number, social security number, or anything else that on its own can identify you), some of this information (including, for example, unique identifiers stored in a cookie or your device) may identify a particular computer or device as a unique device (even if it isn’t clear from the identifier who was using that specific computer or device) and may be considered “personal data” in some jurisdictions, including the EU and the State of California.

Our Ad Services are designed to process information in such a manner that the information cannot be directly attributed to a specific, identifiable individual without the use of additional information such as your email address, name, or physical address (this type of directly identifiable information is called “Personally Identifiable Information” or “PII”). PubMatic does not collect any PII and will not have access to any such information unless you reach out to PubMatic and provide it to us directly as part of a request you make directly to us.

Instead, PubMatic collects information by assigning pseudonymous identifiers to your browser or other device. For example, PubMatic may assign a unique identifier called a “PubMatic ID” (or “Digital Identifier”) to a browser or other devices when you first access a Publisher’s Digital Property that is deploying our Ad Services. The PubMatic ID can be a cookie ID (a unique ID randomly assigned by PubMatic to a browser), a mobile advertising ID (a unique ID assigned by the mobile operating system (e.g., Apple ID for Advertising or Android Advertising ID)), or a CTV or OTT TV Device identifier for Advertising (a unique ID assigned by the OTT or CTV publisher). The PubMatic ID enables our Ad Services to determine within a reasonable level of confidence that a browser or device is the same one with which the Ad Services has previously interacted. If we – or our Media Buyer partners – can identify a browser or device, it increases the monetization value of that device, resulting in Publishers making more money, which in turn allows them to provide more content for you to enjoy.

To opt out of our use of such technologies for interest-based advertising purposes, please follow the instructions for opting out, as described in “Your Opt-Out Choices” below. See PubMatic’s Platform Cookie and Other Similar Technologies Policy for more information on how PubMatic uses cookies and other similar technologies.

Other categories of information we collect include:

The following categories describe the information which is automatically collected when using our Ad Services.

  1. Browser and Device Information, such as the device type and model, manufacturer, operating system type and version (e.g. iOS or Android), web browser type and version (e.g., Chrome or Safari), user-agent, carrier name, time zone, network connection type (e.g., Wi-Fi or cellular), IP address, general location inferred from IP address (e.g. country, region postal or zip code), hardware-based identifiers (e.g. MAC address), information about our Publisher’s apps and versions currently active on a device (but not any other apps), and identifiers assigned to a device, such as its iOS Identifier for Advertisers (IDFA), Android/Google Advertising ID (AAID or GAID), CTV identifier or OTT Device Identifier or other unique device identifier (typically an alphanumeric string allocated to a device by the device manufacturer, a Publisher’s Digital Property, or PubMatic, including identifiers stored in a cookie, ETag, or browser or web cache).
  2. Information about an End User’s behavior on our Publishers; Digital Properties, such as information about the activities or actions on those Digital Properties, session start/stop time, and geolocation (including latitude and longitude coordinates, but only if the Publisher’s Digital Property has enabled location services on the device and the End User has granted the Publisher permission to collect and share this information for advertising purposes).
  3. Information about ads serviced, viewed, or clicked on, such as the type of ad, where the ad was served, whether the End User clicked on it, the number of times an End User has seen the ad, and whether the End User visited the Media Buyer’s website or relevant app store and/or purchased or installed the product or service advertised.

Information we receive from third parties

We may also combine, merge and/or enhance the information we collect about an End User with information received from Publishers and other third parties (like our data providers).

Here are 3 examples where we receive information from a third party:

  1. Our Publishers may collect information that they choose to pass to us either directly through our Ad Services or through application programming interfaces (APIs) when our Ad Services connect to their systems. This information may include, for example: network type of an End User’s device, age,, gender, and precise geolocation, mobile device IDs, demographic or interest data, obfuscated user identifiers such as hashed email addresses, and content viewed, or actions taken on a website or app to help make the ads served to an End User more relevant while limiting exposure to less relevant ads, each solely as permitted by law (meaning that we will not intentionally collect or use any of the above information points – or any other data points – that are prohibited by applicable law from being collected or used). We do not intentionally collect or process sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background, or trade union membership), and attempt to prohibit our Clients and partners from passing any such information to PubMatic.
  2. Our Publishers may also provide precise geolocation information collected on certain of their Digital Properties. We will not use precise geolocation information for interest-based advertising without your opt-in consent.
  3. We work with Clients and other partners to help create or obtain audience segments for us and our Clients to use for advertising purposes. A segment is a grouping of End Users by one or more attributes (e.g., “cycling enthusiast”). These individuals are identified by an online identifier in these segments but are not identifiable by name or other personal information that directly reveals their identity.

We (or our third-party partners) may also receive information from third party partners that allows them and/or us to undertake “ID syncing” or “user matching,” which means that in addition to the PubMatic ID an End User has been assigned in our systems, we may also receive a list of unique IDs our external partners or Publishers have assigned to the End User, which we match to the End User’s PubMatic ID.

3.2.2. CROSS-DEVICE AND CROSS-APP TARGETING

In some cases, based on data we receive from Clients or partners, Media Buyers can infer within a reasonable probability that a particular browser or device should be associated with the same PubMatic ID. This information may be used to deliver targeted ads across multiple browsers or devices, or across multiple apps. This is sometimes referred to as “cross-device targeting” or “cross-app targeting.”

Cross-device and cross-app targeting are strategies employed in digital advertising to effectively connect and interact with users across multiple devices and different mobile applications. These strategies aim to enhance the advertising experience by delivering more relevant and personalized ads to users, regardless of the devices or mobile apps they use.

Our Publishers, Media Buyers, and partners may use information that we share with them to establish connections among related devices (such as smartphones, tablets, and computers) for targeted advertising, analytics, and reporting purposes. They may match an End User’s devices if the End User logs into the same online service on multiple devices or web browsers, or if the End User’s devices share similar attributes that support an inference that they are used by the same person or household. This means that information about an End User’s use of websites or applications on his or her current browser or device may be combined and used with information from the End User’s other browsers or devices. For example, this allows Media Buyers to deliver ads on an End User’s tablet based on activities the End User engaged in on his or her smartphone. To opt out of cross-device targeting practices, please follow the instructions in the paragraph below titled “Opting Out of Cross-Device Targeting.”

Our Publishers and partners also may use information about an End User’s activity across multiple, unaffiliated third-party mobile applications for targeted advertising, analytics, and reporting purposes. For example, if an End User uses a travel app, these third parties may display travel-related ads to the End User on other, unrelated apps. To opt out of cross-app targeting practices, please follow the instructions in the paragraph below titled “Opting Out of Interest-Based Advertising for Mobile Advertising Identifiers” in the “Your Opt-Out Choices” section.

3.3. HOW WE USE INFORMATION

Please note that we take appropriate measures to ensure that any processing of information is done in accordance with applicable privacy laws and regulations, and with care for protecting your privacy and personal data. Sensitive Information may only be collected and used for lawful purposes and with the express affirmative consent of the individual. Because of the role that PubMatic plays in the advertising ecosystem, many of the use cases described below involve a transfer of data to a third party – often times either a Publisher or a Media Buyer. We have attempted to describe those use cases below, and have further elaborated in the “How We Disclose Information” section below.

Purposes of Use Examples

Ad Services:

Generally, we use the information we collect about End Users to provide our products and services (including the Ad Services) as described in this Platform Privacy Policy.
For example, we use contact information, demographic data, payment information for Clients, content and files, identifiers and device information, geolocation data, usage data, inferences to personalize and target advertisements, measure ad performance, and improve the overall user experience.

To Serve & Deliver Ads:

To allow Publishers to offer advertising inventory in their Digital Properties and Media Buyers to bid on and fill that inventory with relevant ads, as well as to determine inventory value and to inform bid decisions (i.e., whether to purchase an ad impression or not, for creating segments for end user matching, targeting of lookalike audiences or retargeting users. For example, when a Publisher has potential ad inventory to offer, we will send a “bid request” to Media Buyers which includes the information detailed in this privacy policy so that Media Buyers can determine if they want to purchase the ad impression.

Ad Reporting and Conversions

To provide information and reports to Media Buyers about when and how End Users have been exposed to their ads, clicked on their ads, or visited their Digital Property.

Frequency Capping

To prevent End Users from seeing the same ad too many times.

Customizing Ads

To infer End Users’ likely commercial interests (e.g., sports or travel) based on their activities across websites, mobile apps, and other Digital Properties over time, including to build interest-based advertising segments or audiences, as well as to supplement the information we collect with additional information we receive from third parties, such as third-party advertising segments or audiences, to allow us to customize and more effectively tailor the ads we display to End Users and to optimize the display of ads (including limiting exposure to less relevant ads).

Performance Analytics & Measuring the Effectiveness of Ads

To analyze ad performance, such as tracking views of ads, as well as click-through rates to websites or app stores and/or installs of apps that have been advertised.

ID Syncs

We may disclose cookie values to other advertising technology platforms so that they may match their value to our value.

Interest-Based Advertising (i.e. personalizing ads)

To serve targeted ads to an End User on behalf of our Clients based on the End User’s activity across websites, mobile apps, and other Digital Properties over time and information regarding an End User’s inferred commercial interests

Location-Based Advertising

To deliver location-based advertising, services, and content in real-time using your device’s physical location (where permitted by law).

Fraud Detection and Prevention (Security)

To identify invalid ad impressions, clicks, installs, or ad queries, protect us and our Publishers from fraudulent behavior, and protect the security of the Ad Services.

Providing, Managing, and Improving our Ad Services and Developing New Services

To facilitate navigation, display information more effectively, and to personalize your experience while using the Ad Services, as well as auditing, researching, and analyzing information to provide, protect, manage, and improve our Ad Services, develop new services, and ensure that our technologies function properly.

Service Usage and Support

To calculate usage levels of the Ad Services, help diagnose server problems, and administer the Ad Services.

Business operations

To operate our business, such as billing, support, accounting, improving our internal operations, securing our systems, detecting fraudulent or illegal activity, and meeting our legal obligations.

Client-owned Data

Some of the personal data processed on our Ad Services belongs to our Clients. When this is the case, our Clients can take this data, such as records of advertising impressions, off of the Ad Services. We also may disclose this personal data to other parties on the clients’ behalf and pursuant to their instructions.

Service Providers

We may disclose personal data to our service providers that store or process the personal data in furtherance of the services we offer via our Ad Services and on our behalf.

Corporate Entity

We may transfer personal data to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change.

Aggregated Data

We may disclose aggregated data that does not include individual-level records to any party or publicly.

As we believe to be necessary or appropriate

We may disclose the information we collect in accordance with applicable laws, both within and outside of an End User’s country of residence for specific situations which include:

  • Where we need to comply with legal obligations or respond to requests from public and government authorities, even if they are outside the End User’s country of residence.
  • To enforce our terms and conditions, protect our operations or the operations of our affiliates, safeguard our rights, privacy, safety, or property, as well as the rights, privacy, safety, or property of our affiliates, End Users, or others; and
  • When necessary to establish or exercise our legal rights or defend against legal claims.

 

 3.4. HOW WE DISCLOSE INFORMATION

Please note that we take appropriate measures to ensure that any disclosures of information are done in accordance with applicable privacy laws and regulations, and with care for protecting your privacy and personal data.

Information we collect may be disclosed for the following purposes:

  • To our affiliates: We may disclose your information to our affiliates (see “Who We Are“) for the purposes described in this Policy. PubMatic, Inc., is the party responsible for the management of your personal information jointly used by it and its affiliates.
  • Publishers: If you are an End User, we may disclose information collected through our Ad Services to our Publishers to allow them to analyze the effectiveness and performance of our Ad Services and to offer targeted ad inventory to our Media Buyer Clients.
  • Media Buyers: If you are an End User, we may share information we collect in connection with our Ad Services with our Media Buyer Clients for purposes relevant to our business relationships with them, such as for billing purposes, dispute resolution, or fraud prevention and to allow them to make decisions regarding buying advertising inventory on Publishers’ Digital Properties and other websites and applications, and to analyze the effectiveness and performance of their advertising campaigns via our services, including sharing your device’s physical location to enable our Media Buyer Clients to provide you with more personalized content and to study the effectiveness of advertising campaigns.
  • Other Clients: If you are an End User, we may share certain information we collect in connection with our Ad Services with brands, agencies and other interested third parties to help them better identify and validate commercial opportunities, promote transparency, and protect against fraud.
  • Attribution and Analytics Partners: If you are an End User, we may share your information (such as your cookie ID, mobile device ID, or other unique identifier) with our (or our Publisher or Media Buyer’s) attribution and analytics partners to validate and measure the success and effectiveness of ads delivered via the Platform.
  • With our vendors, consultants, and other service providers: We may share your information with third-party service providers, vendors, contractors, or agents who perform functions required for the operation of the business. Examples include providing data storage and processing services, lead management, campaign management, technical support for our Platform, and/or fraud prevention.
  • Business transfers: We may share your information with a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or sock (including in connection with any bankruptcy or similar proceedings).
  • For legal purposes: We may share your information as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with subpoenas, warrants, or other legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to establish or exercise our legal rights or defend against legal claims.
  • With consent: We may disclose an individual’s information to any other person with the individual’s consent to such disclosure.

3.5 LEGAL BASIS FOR PROCESSING PERSONAL DATA (EEA AND UK END USERS AND VISITORS ONLY)

If you are located in the EEA or UK, our legal basis for collecting and using personal information described above will depend on the personal data concerned and the specific context in which we collect or use it. In most instances, consent is the basis for PubMatic’s processing of your personal data. For example, processes the identifiers described in Section 3.2.1 only with your consent (your consent is passed to us from the Publishers whose Digital Properties you are visiting). In the event that you do not consent, PubMatic may still solicit bids for advertising to be displayed to you but PubMatic would not process your personal data or share an identifier, which will likely result in you seeing less relevant ads.

In some circumstances we may rely on our legitimate interest to collect and use your personal information, except where such interests are overridden by your data protection interests or fundamental rights and freedoms. For example, we may use any of the data described in this policy for the secondary purpose of detecting, preventing or otherwise addressing fraud, security, or technical issues, as well as to protect against harm to our rights, property, or safety, or that of the public. This is necessary for us to pursue our, your and our partners’ legitimate interests.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contacting Us” heading below.

4. GENERAL INFORMATION

4.1. INTERNATIONAL DATA TRANSERS

In connection with the PubMatic Properties and Ad Services, your personal information may be transferred to, and processed by PubMatic its service providers and partners in countries other than the country in which you are resident, including in the United States, India, and other locations where we have offices or employees or engage service providers or our partners. These countries may have data protection laws that are different from the laws of your country of residence and may not provide the same level of protection as your jurisdiction. Regardless of where your data is located, PubMatic shall process your personal information in accordance with this Platform Privacy Policy.

If you are resident in the EEA, UK or Switzerland, we will protect your personal information when it is transferred outside of your jurisdiction by (i) processing it in compliance with the EU-US Data-Privacy Framework (EU-U.S. DPF, as described below); (ii) processing it in a territory that provides an adequate level of protection for personal information based on the receiving country’s data protection laws; and/or (ii) to the extent that the EU-US DPF is unavailable, implementing appropriate safeguards to protect your personal information, such as requiring the recipient to comply with the Standard Contractual Clauses, or another lawful and approved transfer mechanism.

4.2. EU-U.S. DATA-PRIVACY FRAMEWORK

PubMatic complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. PubMatic has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. PubMatic has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the applicable Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

The Federal Trade Commission has jurisdiction over PubMatic’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, PubMatic commits to refer unresolved complaints concerning our handling of personal data received in reliance on EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to our U.S.-based third-party dispute resolution provider (free of charge), TRUSTe. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit at https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The services of TRUSTe are provided at no cost to you.

TRUSTe

Under certain conditions, more fully described on the DPF website, https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2 you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Residents of the EEA, UK and Switzerland may also request our data processing agreements in addition to relying on PubMatic’s DPF certification.

4.3. YOUR DATA PROTECTION RIGHTS

You may have the right to review, update, correct, access, obtain a copy of, port or delete the information PubMatic processes related to you. You may also have a right to restrict or limit the ways in which your information is processed, and the right to object to the processing of your personal data in certain circumstances. Depending on where you reside, you may designate someone to submit a request on your behalf as your authorized agent and appeal a decision denying your request by contacting us using the information provided below. You can find information regarding submitting a request and details regarding our process for responding to requests on our DSR Notice page.

If we process your information based on our legitimate interests or those of a third party you can object to this processing, and we will cease processing your information, unless the processing is based on overriding legitimate grounds or is needed for legal reasons.

If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

If you are a resident of the European Economic Area (EEA) or the UK, you may also have the following rights:

  • The right to object to processing your personal information, restrict processing of your personal information, or request portability of your personal information. To exercise these rights please see our DSR Notice to submit a request; and
  • The right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.  Contact details for data protection authorities in the EEA are here and the UK here.

Please note that because most of the information we store can only identify a particular browser or device, and cannot directly identify you personally, you may need to provide us with additional information to enable us to identify the personal information we hold about you and ensure that we accurately fulfill your request and do not infringe on the privacy rights of other individuals.

4.4. THIRD PARTIES

This Platform Privacy Policy does not address, and except as otherwise described in this Policy, we are not responsible for, the privacy, information, or other practices of any third parties, including our vendors or any other third party operating any site or service to which the Ad Services link.  The inclusion of a link through the Ad Services does not imply endorsement of the linked site or service by us or by our affiliates.

Please note that we are not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including any personal information you disclose to other organizations through or in connection with the Ad Services.

You should always read the privacy policy of any website you access or social network page through which you share information carefully in order to understand their specific privacy and information usage practices.

4.5. SECURITY

We use reasonable organizational, technical, administrative, and physical safeguards to protect the personal information we collect and process. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information and to help ensure that your data is safe and secure. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contacting Us” section below.

4.6. RETENTION OF DATA

We will retain personal information for the period necessary to fulfill the purposes outlined in this Platform Privacy Policy and where we have ongoing legitimate business needs to do so (for example, to provide the Ad Services, to comply with applicable legal, tax or accounting requirements, to enforce our agreements or comply with our legal obligations) unless a longer retention period is required or permitted by law.

If you are an End User, we may retain information that we collect through the Ad Services (including the segment information that we receive from third parties) for up to 40 days from the last date that we received any of the End User’s data. We may retain raw ad impression information for up to 40 days. We may retain raw ad server logs for our CTV and mobile ad server businesses for up to 40 days. We use precise geolocation for the specific ad impression to which the geolocation relates, after which the geolocation information is aggregated within one day with other geolocation data for use by us for analytical purposes. We maintain Client Data (including audience segments or identifiers provided by Clients for ad optimization or targeting) indefinitely, since that data is not owned by PubMatic. If we de-identify information we collect through the Ad Services, we may retain that information, in an aggregated format, indefinitely. In such cases, we commit to not re-identifying the information. If we are required to retain information to comply with a legal or audit obligation, we may store End User information for longer periods.

4.7. SENSITIVE INFORMATION & USE OF NON-SENSITIVE HEALTH DATA

We ask that you not send us, and you not disclose, any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background, or trade union membership) on or through Ad Services or otherwise to us.

We may receive the following non-sensitive health-related advertising segments that we use to target ads that may be of interest to End Users: diet and fitness; doctors; health care professionals; health conscious; health and medicine; health and well-being; interest in health insurance; and pregnancy

4.8. UPDATES TO THIS POLICY

We will review and update this Policy periodically and will note the date of its most recent revision at the top of this Policy. If we make material changes to this Policy, we will post the revised Policy on our website and may take additional measures to inform you about such changes prior to such changes taking effect. We encourage you to review this Policy frequently

5. YOUR OPT-OUT CHOICES

Opting out of interest-based advertising from Cookies

To opt out of receiving interest-based advertising (including retargeting) from our Ad Services through the use of cookies in your current browser and for more information on what it means to opt out, please go to https://pubmatic.com/legal/opt-out/.

See PubMatic’s Ad Services or “Platform” Cookie Policy for more information on how PubMatic uses cookies and other similar technologies. For more information about cookies in general, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.  For more information about how to clear your browser cache, please see your browser’s instructions for doing so.  Please note that deleting or resetting cookies and clearing your browser cache will not opt you out of receiving interest-based advertising (including retargeting) from PubMatic’s Ad Services.

We are a member of the Network Advertising Initiative (NAI) and adhere to the NAI Code of Conduct.  We also adhere to the Digital Advertising Alliance’s (DAA) Self-Regulatory Principles for Online Behavioral Advertising and Multi-Site Data, the Application of Self-Regulatory Principles to the Mobile Environment, and the Application of the DAA Principles of Transparency and Control to Data Used Across Devices.  If you go to optout.networkadvertising.org, or optout.aboutads.info, you can learn how to exercise choice regarding the collection of information about your online activities over time and across multiple third-party websites, online services, devices, or applications for interest-based advertising purposes.

Some of our Publishers have their own opt-out mechanisms that are linked from their sites or their online-posted privacy policies. You should review the privacy policies of those companies for these opt-out links if you no longer wish to receive targeted advertising from a particular company, or multiple companies.

Currently, we do not honor “Do Not Track” headers and similar mechanisms.

Opting Out of Interest-Based Advertising in Mobile Applications

Our clients and partners may display interest-based advertising to you in mobile applications, based on your use of mobile applications over time and across non-affiliated apps.  To learn more about these practices and how to opt out, please visit http://www.aboutads.info/appchoices, download the DAA’s AppChoices mobile app, and follow the instructions provided in the AppChoices mobile app.  You can also adjust the advertising preferences on your mobile device (in iOS, visit Settings > Privacy > Advertising > Limit Ad Tracking, and in Android, visit Settings > Google > Ads > Opt out of interest-based ads).

Opting Out of Interest-Based Advertising on Connected TVs

Our clients and partners may display interest-based advertising on CTVs  (also known as smart TVs or connected devices), based on your use of CTVs over time and across non-affiliated CTV apps. To learn more about these practices and how to opt out, please review your connect TV’s settings menu and visit https://thenai.org/opt-out/connected-tv-choices/.

Opting Out of Cross-Device Targeting

Our clients and partners may combine and use information from websites or applications on your current browser or device with information from your other browsers or devices for advertising purposes. To opt out of such practices by our clients and partners, please follow the instructions above for opting out on each of your browsers and on each of your mobile devices, including:

Please note that you will need to opt out separately on each of your browsers and on each of your mobile devices to ensure that information collected on a particular browser or device is not used on another browser or device. When you opt out PubMatic stores an opt out cookie in your browser or otherwise attempts to remember your choice, and we will not collect and share personal information related to you for targeted behavioral advertising purposes.

6. CONTACTING US

If you have any questions about this Platform Privacy Policy or PubMatic’s privacy practices, please contact us by email at privacy@pubmatic.com, or by mail using the details provided below.

Please note that email communications are not always secure, so please do not include sensitive information in your emails to us.

Residents outside the European Economic Area (EEA):

PubMatic, Inc. c/o Privacy
601 Marshall Street
Redwood City, California 94063, USA

European Economic Area (EEA), and Swiss Residents:

Attn: EEA Representative

PubMatic GmbH
Barbara Strozzilaan 101
1083 HN Amsterdam, Netherlands

UK Residents:

Attn: UK Representative
PubMatic Limited
18 – 22 Stoney Lane
Yardley, Birmingham B25 8YP, England

To comply with our obligations under EU/ UK data protection legislation, we have appointed a Data Protection Officer (DPO). Our DPO is contactable at dpo@pubmatic.com or by mail using the details provided above. Who is the controller of my data? For the purposes of EU/UK data protection legislation, PubMatic, Inc. is the controller of your personal information.