Issued: July 2018
Eyeota is the global leader in audience data, allowing brands to target their advertising campaigns with precision. With more than 3.5 billion unique global profiles, we offer data with scale and depth that enables advertisers to paint a fuller picture of audiences.
Eyeota is committed to being transparent about its processes and the data it interacts with, and ensuring that the legal rights of individuals are respected and protected. We appreciate that the nature of our business and the legal rights of individuals are complicated topics and that you may have additional questions. If you want to contact us, please email email@example.com.
Any data we collect is processed in accordance with regional privacy laws, including GDPR in Europe. We advise you to check back with this page from time to time, as we may make changes in accordance with legal requirements.
Please click on each section to expand.
What does Eyeota’s Platform do?
Eyeota owns and operates a technology platform (the “Platform”) which collects, organizes, maintains and distributes pseudonymized profile information (the “Platform Data”). Platform Data is collected from a variety of online sources, such as website publishers, and also offline data sources such as market research companies.
What is the purpose of Eyeota’s Platform?
Eyeota’s Platform allows Eyeota’s clients to buy, sell & distribute Platform Data for the specific purposes of:
Eyeota’s clients and partners are contractually obliged to have adequate privacy policies which also facilitate these purposes.
What information does Eyeota Platform hold?
The Platform Data that is sent to us by our partners includes aggregated pseudonymized profile information, and data that is sent via the HTTP header including IP address, cookie information, date and time, URLs, operating system, and browser version.
The pseudonymized profile information is aggregated and then organized in to audience segments that fall into the categories of interest data (e.g., interest in sports, news, fashion and associated sub-categories etc.), demographic data (e.g., age, gender, employment sector, income band etc.) and purchase intent data (e.g. in-market for electronics, financial products, online fashion etc.).
Eyeota’s Platform is not designed to collect any Personal Data such as full name, email address, physical address or sensitive Personal Data such as social security number etc. In addition, our clients and partners are contractually prohibited from transmitting any data which can directly identify an individual to Eyeota. We do not intentionally collect data that we consider to be sensitive.
The definition of Sensitive Data within the EU (as defined by Article 9.1 of the General Data protection Regulation or “GDPR”) includes:
In the US and Asia, Eyeota does receive the following data from some of our data providers:
For information relating to our age data policies, please refer to the Protecting Children’s Data section of this policy under 4. Personal Rights for EU Data Subjects below.
What is Eyeota Platform Data used for?
Eyeota’s Platform is designed to enable manufacturers and brands to discover audiences who may have a preference for their advertising. The platform helps advertisers discover new audiences who have traits, preferences and interests which are similar to their existing customers or their desired audiences. Eyeota’s Platform Data is useful to a number of different groups
If, at any time, you would like to opt-out of participating in this type of online interest-based advertising where the adverts you see can be based on your pseudonymized profile information, please go to the opt-out section of this policy.
The Platform is operated by Eyeota Pte Ltd, a Singapore registered company with company number 201223893Z and with the registered address of
Eyeota Pte Ltd
12a Upper Circular Road
How does Eyeota collect Platform Data?
We use online technologies such as Cookies, Pixel Tags, Server-to-Server Connections and Secure Data Transfers with our partners to collect and store Platform Data. We do not use “flash cookies” or any other embedded tracking mechanisms.
Does Eyeota process data collected from consent signals?
Yes. Eyeota is a registered Global Vendor within the IAB Transparency and Consent Framework (IAB Vendor ID: 120) which in turn pushes vendor list and consent rights through various market-facing Consent Management Platforms (CMPs). We use this framework to collect and manage consent signals from our data partners for Matching Data to Offline Sources as well as for the purposes of Storage and Access of Information, Personalisation, Ad Selection, Reporting and Delivery, Content Delivery, Selection and Reporting, and Measurement.
Our platform also accepts consent-based data sets from CMPs that operate outside of the IAB Transparency and Consent Framework.
Does Eyeota also accept data collected under Legitimate Interest?
Yes. Some of our data partners have chosen to handle data collection for pseudonymous targeting under legitimate interest. Following the legitimate interest provisions of GDPR, we accept this data. However, we also require additional information that supports a data provider’s case for legitimate interest.
Eyeota is able to filter and separate data collected under consent and legitimate interest and provide specific siloed consent data based on client demand.
We believe it is likely that consent will ultimately be required under the ePrivacy Regulation and strongly encourage our data partners to obtain a consent as (may be) required under the ePrivacy Regulation.
What is Eyeota’s legal basis for collecting and processing Platform Data in the EEA?
For data from EU data subjects processed via the Platform, Eyeota operates under the legitimate interest provisions of the GDPR.
For example, as you use the internet to discover content, products and services or to use a digital service for your daily life, advertising may be served to you that is relevant to your interests or lifestyle. Brands and Advertisers use data companies like Eyeota to identify groups of people with particular interests or preferences so that they can serve advertising that is more relevant to them than other groups of people.
This legal basis of legitimate interest is founded on the position that the advertising funded internet delivers significant value to internet users as well as wider economies. The types of data segments utilized by Eyeota (e.g., pseudonymous Personal Data) and the profiling activities are not generally considered high risk. Eyeota adopts controls to ensure that the data collected is secured and won’t fall into the hands of an entity that might be in position to harm the human rights of data subjects. Thus, the balance of interests leans towards benefits generated for data subjects, publishers and advertisers outweigh the risks to the fundamental human rights of data subjects.
The only data that Eyeota interacts with which are directly classified as Personal Data under the GDPR are IP addresses and cookie IDs. However, as all profile information is attached to pseudonymous Personal Data such as a cookie ID, all profile information is also considered to be Personal Data.
For Eyeota to process your data, you may have consented to accept a cookie or to processing of your data from one of our partner data providers, thus, we also expect to handle data that has been collected and provided on the basis of consent.
If you have any further questions relating to Eyeota’s legal basis for collecting and processing data in the European Economic Area, please contact us here.
How long does Eyeota store Platform Data for?
What Platform Data information is shared with third parties?
Eyeota shares Platform Data with partners who provide online advertising services to marketers, advertisers and online publishers. For a full list of the organizations that receive Platform Data from Eyeota directly, please refer to Eyeota’s Integration list here. We will endeavor to keep this list updated on a regular basis as our partners may change from time to time.
Reporting is also an integral part of Eyeota’s business. Under contract, our clients and data providers receive periodic operational reports for performance tracking and billing and auditing. We also generate reports that provide insights on the popularity and usage of the aggregated data, such as the number of data subjects that appear in a segment, in aggregate. The reports are prepared using aggregated Platform Data and contain only pseudonymized data.
The aggregated Platform Data may be shared with authorized employees, independent contractors, consultants and subsidiaries. User level Platform Data is only made available to full time employees in our technology team, who need access to execute their job requirements, on a limited access basis, and in line with our Data Minimization Policy (Eyeota Company Policy designed to protect the individual rights of data subjects or users and to ensure that employees understand their obligations with respect to user level data).
We may also use the services of third-party service providers for cloud data storage, analysis, and processing facilities and to provide operational or other support services. The Platform Data is shared only to enable these entities to perform professional and technical functions in relation to Eyeota’s business. These entities are subject to confidentiality restrictions and are not authorized to use, access or transform the Platform Data for any purpose other than providing their services to Eyeota.
We may be required to share Platform Data and information with regulatory authorities, government agencies, and law enforcement officials, as permitted or enforced by law. Additionally we may share data and information to defend or protect our legal rights, our intellectual and physical property, our employees and service providers, the safety and security of our business partners and their online users, and to protect us against fraud.
Our corporate website at www.eyeota.com is designed for our business partners, those seeking information about Eyeota, and also for recruiting new employees. Eyeota collects partner and client data from its customers and website and marketing data from its corporate website www.eyeota.com for business purposes such as billing, account maintenance and other customer services, marketing to current and prospective customers, recruitment, responding to general inquiries and also for website analytics, detecting and preventing malicious behavior on our website and improving and organizing the content of our website. These data sets are collectively known as Business Data.
Business Data is collected from our website as follows:
Why do you collect this Business Data?
Do you share Business Data?
Business Data is not shared with third parties except for the purposes stated in this statement. We may share Business Data with authorized employees, affiliates, subsidiaries, vendors, or other third parties to perform services on our behalf that are related to the purposes stated in this statement (e.g. our customer relationship management (CRM) system provider etc).
We may disclose Business Data to third parties when we believe we are reasonably required to do so by law, and in order to investigate, prevent, or take action regarding suspected or actual prohibited activities, including but not limited to fraud and situations involving potential threats to the physical safety of any person.
We may transfer Business Data, including any personally identifiable data, to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, debt refinancing, or other corporate change. In these instances, Eyeota will take the steps necessary to ensure that the Business Data will continue to be governed by this privacy statement.
How long do you keep Business Data for?
We retain Business Data for as long as we have an active relationship with our partners unless otherwise specified, or until it is deleted following a request from the subject of the data. Business Data is deleted 13-months after our last interaction unless Business Data is required to be stored under applicable law.
Do you transfer this Business Data to other countries?
Eyeota has employees around the world, and due to the fact that we utilize a global CRM system, Business Data is transferred to other countries.
From 25th May 2018 onwards, where we are transferring data from the European Union to non-European Union countries, we will do so using EU-approved model contract clauses.
What is Eyeota’s legal basis for collecting and processing Business Data?
The legal basis for processing Business Data is contractual necessity. We also process data for sales and marketing purposes under our Legitimate Interest in expanding, managing and operating our business. We obtain consent when collecting Business Data via registration forms on www.eyeota.com.
Platform Data: Choice Mechanism
Eyeota honors your choice with respect to how data is processed on the Platform. Different jurisdictions provide you with different rights. For example, EU data subjects have the right to object to certain forms of data processing and/or to withdraw their consent to such processing. Data subjects in the United States and many other places have the right to opt-out from many forms of ad targeting.
When you click onto Eyeota’s choice mechanism, we will attempt to place a non-unique cookie on your browser which tells our systems to stop targeting ads to that browser and to cease processing of data with respect to that browser. Please note that you will still see adverts online, however, these adverts may be less relevant because they won't be based on your interests.
Other ways to opt-out (on desktop computers & laptops)
Users can also exercise choice with respect to Eyeota’s Platform Data collection via any one of the methods operated by certain advertising trade associations below:
Please note that if you change your browser settings to block, delete and/or control the use of all third party cookies, it may negatively impact Eyeota’s ability to place an opt-out cookie on your browser. Also, if you use a different computer or device, you may need to renew your choice.
Note for EU data subjects. When we can reasonably see that a data subject is coming from the EU and has an Eyeota opt-out cookie on their browser, that tells our systems to stop processing data with respect to that browser.
The lifespan of Eyeota’s choice cookie is 5 years if our opt-out cookie it is not deleted from the users’ browser.
Business Data: Opt-out Information
You are entitled to opt-out from our marketing lists and databases at any time. If you wish to update or change any information previously provided to Eyeota via our website, please re-submit your details via the “Contact us” section, or submit a request to update your details here. You may also request to delete any previously submitted information using the same form.
Please allow up to 72 hours for your contact details to be removed from our database. Please note, if you do decide to opt-out and you or your business have a contractual agreement with Eyeota regarding the provision of products or services, we may still be required to send you emails in regards to these services and to support our contractual obligations.
Subject Access Requests
Please complete a Subject Access Request form to receive a copy of any platform and/or business data we hold about you. You can also use this form to request the following further options:
The information you supply in this form will only be used to identify the platform and/or business data you are requesting and responding to your request. Once you submit a Subject Access Request form we will endeavor to respond to you within 72 hours of receipt of your request. Please allow 30 days for Eyeota to process your request. You can also email Eyeota at firstname.lastname@example.org with any questions or queries you have regarding your data.
Users that are located within the European Union are afforded certain rights under Chapter III of the GDPR. These rights include:
With respect to personal right 1 above
If you would like to receive a copy of your data, please submit a Subject Access Request here.
With respect to personal right 7 above
Eyeota’s supervisory authority in Europe is the Information Commissioner’s Office (ICO) of the United Kingdom. If you would like to lodge a complaint to the UK ICO, please contact them here.
Do you transfer Business or Platform Data to other countries?
Yes, Eyeota will typically transfer data outside of the country of origin for a number of purposes including:
From 25th May 2018 onwards, where we are transferring Personal Data to or from the European Union to non-European Union countries, we will do so under contract and using the standard EU EU-approved model contract clauses and/or another viable cross-border data transfer mechanism, such as Privacy Shield.
How is the data you collect secured & protected?
Eyeota takes appropriate security measures to safeguard Platform Data and other information in our possession against unauthorized access, use, modification, disclosure and destruction. Our security measures include physical security, appropriate encryption and restricted access to guard against the unauthorized use of data or information.
While we take all precautions to protect the data in our control, no security measures, however thorough, are perfect nor can they be guaranteed to be completely secure. Therefore, we cannot ensure or warrant absolute security of any Platform Data or other information. In particular we cannot guarantee that Platform Data or information will not be disclosed, altered, accessed or destroyed in accidental circumstances or by unauthorized acts of others.
Within the EU, Eyeota does not collect age data on users under the age of 16 and does not operate on digital properties that are directed to persons under 16. Eyeota is compliant with COPPA regulations within the US. Outside of the EU does not collect age data on users under the age of 13.
Eyeota supports industry self-regulation, and we endorse and align our business processes to the best practices and self-regulatory requirements that apply to our industry and the Platform.
Our Privacy Body Associations
Eyeota is associated with numerous data privacy bodies including being:
Changes to this policy
If there are any questions, comments, concerns or complaints related to this policy, please contact us here, or please write to us at the following address:
Eyeota Pte Ltd, 12a Upper Circular Road, 058410, Singapore, Attention: Privacy Team
The mechanism to control browser settings for managing cookies varies by browser. For information on managing cookies, check your browser’s help file.
Eyeota cookies are stored for 1 year from the time our systems last see your browser on your device and then deleted automatically.
The ability for advertisers to target end users based on their preferences or interests.
MARKET RESEARCH COMPANIES
Companies that gather and analyze opinions and attitudes towards goods or services through direct consumer research. The companies determine the relevance of a product or service among its target consumers and other groups.
Data that is gathered from offline data sources including CRM platforms, loyalty cards, survey responses and that is used for marketing. Offline data is generally provided to Eyeota in non personally identifiable form. (e.g., aggregated by postal code).
Pixel tags or “pixels” are terms that are used to describe a common technique which allows for a web page to call a server when it loads. The technique leverages the mechanism by which web browsers typically would download images from a server, namely through the use of an HTML <img> tag. Typically, the image tag would contain the address of the image on the server to be downloaded. In this case, however, instead of sending the image address, the browser sends a structured request to the server which can contain any data that is available to the browser at that point. Examples of this include, but are not limited to: the browser type, operating system, date and time information and other technical information about the user’s computer, data collected from the user by the website, as well as certain information about the identity of the website visited immediately before coming to a website. When the server replies to the browser, it sends back a tiny, transparent image (the actual “pixel”) which is rendered by the browser on the page. In this way, from the browser’s point of view, it has requested and been delivered an image.
As with any HTTP call to a server, the browser will transmit any http cookie files alongside the image call. These cookies are created and stored in the browser by the server, and can be used to store any arbitrary information. Typically they are used to identify the browser (and by extension, the user) to the server over successive calls over time. As per the HTTP standard, only cookies associated with the server’s domain can be viewed, set, deleted, or modified by the server. There is no way for the server to access or modify cookies set by other domains.
Eyeota collects Platform Data over time from cookies associated with pixel tags that have been placed on partner websites.
Eyeota’s proprietary technology platform which collects, organizes, creates, maintains, and distributes pseudonymized profile information.
The data which is processed on the Platform.
Data which has been processed in such a manner that it can no longer be attributed to a specific identifiable natural person without the use of additional information.
Statistically gathered data that comprises age, gender and income of a population.
PURCHASE INTENT DATA
Data that explicitly or implicitly implies a subject’s intent to purchase a particular good or service. Purchase intent data is gathered from e-retailer websites, classified and auction sites, and price comparison websites.
Explicit purchase intent data is generated when the subject expresses specific details unique to their requirements during the path to purchase. Examples of explicit purchase intent data include: filling a shopping basket with product, completing a booking form, inputting specific parameters when searching eg flight search by date, and using product or service configuration platforms.
Implicit purchase intent data is generated when the subject expresses interest in a product or service by searching for products or services within e-retailer websites, classified and auction sites, and price comparison websites.
Data generated based on a subject’s behavior when they search and browse websites and search engines. Interest data is qualified on the frequency by which a subject searches specific interest topics, products or services.
Direct technical connections and integrations with Eyeota and a technology partner whereby Eyeota may obtain data from other online and offline third-party sources through various secure information transfer methods. Only Pseudonymized Data is transferred to Eyeota through these server-to-server connections.
SECURE DATA TRANSFERS
Encrypted methods of transferring data containing Platform Data (including Platform Data coming from offline data sources) from third parties to Eyeota. No Personal Data is transferred to Eyeota through these secure data transfers.