Effective: November 14, 2011
ABOUT PUBMATIC & THE CONTENT OF THIS PRIVACY POLICY.
PubMatic offers a Sell Side Platform (“SSP”) to premium publishers, which enables them to earn the most-possible ad revenue while protecting their brands online. We are headquartered in the United States, in Silicon Valley, with an office in New York and several international offices. We provide this privacy policy (“Privacy Policy”) so that we may inform you about how our services gather and process information on behalf of the advertisers, publishers and other third-party vendors. This policy also outlines our privacy practices for on our corporate Web site, www.pubmatic.com.
After reviewing the Privacy Policy, if you have any further questions, please contact us at privacy@pubmatic.com.
PubMatic’s SSP is designed to help online and mobile publishers to increase the amount of revenue they make from advertising sales by increasing the overall competition among media buyers for each advertising impression displayed through the PubMatic platform. We are a publisher focused company, but at the same time we maintain client relationships with certain Demand Partners. Ads that you see come from those Demand Partners and usually the ad comes from an ad server with the same domain as the Demand Partner. Generally, a user will encounter an ad from one of our demand partners by viewing the content on a website owned or operated by one of our Publishers.
A GENERAL NOTE ON INTERNET TECHNOLOGIES AND PRIVACY
Before you review this Privacy Policy, we recommend that you familiarize yourself with the following concepts and terms so that you can best understand how PubMatic and its Clients use data about you and other Internet users to display better, more interesting advertising to you as you browse the Internet.
Ad Tags: Ad Tags are pieces of code that allow the delivery of online advertisements in the dedicated ad spaces on websites and in online applications. PubMatic’s Ad Tags may transmit certain anonymous information about the web site, section of the site and size of the ad that we are optimizing.
API: An application programming interface or “API” is a particular set of rules and specifications that allows one software program to access and make use of another software program. It helps facilitate the interaction between applications, similar to the way the user interface facilitates interaction between humans and computers. PubMatic uses APIs for its real-time bidding service (as defined below), and occasionally uses Publisher APIs to download data about users that is unique to those Publishers. This data is only Non-PII data (as defined below).
Cookies: Cookies are small text files that web servers typically send to users’ computer when they visit a website. Cookies can be read or edited when the user loads a website or advertisement from the domain that wrote the cookie in the first place. Cookies are used by companies to collect and send information about a user’s website visit – for example, number of visits, average time spent, pages viewed, navigation history through the website, and other statistics. This information can be used to improve a user’s online experience by saving passwords, or allowing companies to track and improve website loading times, for instance. Cookies can also be used to track a user’s browsing or online purchasing habits and to target advertisements to specific users. Cookies cannot be used to access any other data on a user’s hard drive, to personally identify them, or to act like malware or a virus. Users who prefer not to accept cookies can set their Internet browser to notify them when they receive a cookie or to prevent cookies from being placed on their hard drive. You can read more about cookies at http://www.allaboutcookies.org/cookies/.
Personally Identifiable Information: We define personally identifiable information (or “PII”) as “information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual.” This is the common industry definition used by most Internet companies. Information that is collected by various Internet companies but which does not qualify as PII is called “non-PII.”
Real-Time Bidding: Real-Time Bidding (or “RTB”) is a method of buying online or mobile advertising inventory by responding in real-time to an ad call with a “bid,” usually priced by cost per thousand impressions (“CPM”), to buy that single impression and thus the opportunity to display an ad to that user. RTB buyers use multiple different data sources, including third parties, to more precisely target the ads they display.
Web Beacons & Pixels: A web beacon consists of a small string of code that represents a graphic image request on a web page, a page in an online application, or in an email. A graphic image can be associated with the web beacon, but is not required. When an image is present, usually the image is designed to blend into the background of the web page, application, or email in which it appears. Often a beacon will be placed by a online data collecting company without an image, so it is invisible to the user, and in the smallest discrete space possible on the screen. This is a “pixel” and is essentially an invisible web beacon. Pixels and web beacons can be used for site traffic reporting, unique visitor counts, advertising auditing and reporting, personalization, and other uses. They do this typically by writing or editing cookies on each user’s computer. Therefore, like cookies, they cannot be used to log keystrokes, copy personal files from your computer, or replicate like a virus. Most pixels and web beacons, including those used by PubMatic, collect only anonymous data.
PUBMATIC’S SERVICE & THE DATA IT COLLECTS
We Do Not Collect Personally Identifiable Information, Except From Job Applicants.
We do not collect PII via our Service, and expressly forbid our Clients from sending us PII and also take all precautions to avoid receiving PII from our Clients. If, despite these measures, we do receive PII from a Client or we, inadvertently, send PII we have received from a Client to a third party, we shall take all the measures to remove the PII from our servers and records, and ensure that the third parties have removed the PII from their records as well.
Notwithstanding the foregoing, we do collect PII on our Website (www.pubmatic.com) in the Career Opportunities section from those who submit a resume to PubMatic for recruiting purposes. If you would like us to update, correct, delete or deactivate any PII that you have provided to us on the Website or through a job application or resumé, please send your request to us at privacy@pubmatic.com and we will process your request within a reasonable period of time after receipt.
We Collect Non-Personally Identifiable Information About You.
We collect Non-PII via our Service, including but not limited to your IP host address, date, time, and time zone of the ad request, pages viewed, browser type, the referring URL, and your computer’s operating system.
Our Clients Also Collect Information About You.
Our Publishers may choose to pass information about their Web site users to us, either directly through our services or through APIs when our services connect to their systems.. We also contract separately with Data Providers to supply audience data to both our Publishers and our Demand Partners to help them in optimizing their businesses. Our Publishers may collect PII (for instance, from the online registration forms that they may present to the users), but we insist that they do not transmit such PII to us. And even if they do transmit such PII to us and we become aware of that transmission, then we will take all the necessary measures to remove it and ensure that we also do not transmit it.
Several of our Demand Partners also use Non-PII. For our RTB Demand Partners, we share the same Non-PII which we collect with those Demand Partners with each ad impression that we deliver. All Demand Partners, whether RTB-enabled or not, may use their own Data Providers, like Publishers, use Non-PII delivered by Data Providers from both online and offline sources. In addition, Demand Partner’s ads may link to landing pages that have their own data collection processes.
In all cases, please refer to the privacy policies kept by our Clients for more information on their data collection processes and policies. We are not responsible for the privacy practices of our Clients and you should check the privacy policies of the websites you visit to learn about the information they collect from you, how they store that information, and how they use that information.
We Use Cookies And Web Beacons In A Variety Of Ways And So Do Our Clients.
We use cookies and web beacons for a number of purposes. We use them in order to track when we deliver an advertising impression so that we can correctly credit it to a Demand Partner and invoice that Demand Partner. We distribute our pixels to Demand Partners who wish to set-up retargeting campaigns (also called “remarketing” or “repurposing”) through our campaign buying product, AdFlex. These Demand Partners place our pixels on web pages where they are authorized to do so and then, when our ad server indicates a user with that cookie is expecting an ad, they target an ad to that user based on the user’s consumer interests that the Demand Partner inferred from the website where the pixel was placed. We also distribute our cookies and those of certain Demand Partners who buy media through our RTB product in the HTML code of the ads that we display. These piggybacked pixels allow those Demand Partners to map their anonymous user identification number (“UID”) against PubMatic’s own anonymous UID so that the Demand Partner can associate a user profile to a particular advertising impression in order to target better the ad they choose to display to that particular user’s interests. Finally, we distribute pixels through Ad Tags for those Data Providers we have contracted with to supply data for our Audience Direct Service. These pixels are dropped through the delivery of advertisements from the PubMatic Service, and associate demographic, behavioral, and other audience related data from the Data Provider’s user profile with that user to better target future advertisements to that user.
You Can Opt Out From Having Us Collect Non-PII And From Having Our Clients Collect Non-PII.
PubMatic’s Opt Out Mechanism
If you’d like to opt-out from having PubMatic place cookies on your computer to collect Non-PII in connection with our Service, please go to http://www.pubmatic.com/opt-out. When you opt out, we will place an opt-out cookie on your computer. The opt-out cookie tells us not to collect your Non-PII to help our Demand Partners target advertisements at you. Please note that if you delete, block or otherwise restrict cookies, or if you use a different computer or Internet browser, you may need to renew your opt-out choice. You can tell if your browser and computer have the opt-out cookie present by reviewing your status at http://www.pubmatic.com/opt-out.
However, if you do not opt out as explained above, then PubMatic will collect your Non-PII and perform audience targeting on you so that our clients can display the most-relevant ads to you.
Opting Out Through The Network Advertising Initiative
Many of our Demand Partner and Data Provider clients are members of the Network Advertising Initiative which provides a universal opt-out mechanism for those Clients. If you go to http://www.networkadvertising.org/managing/opt_out.asp, you will find the chance to opt-out from Non-PII collection by a number of different Demand Partners and Data Providers. If you opt-out through the Network Advertising Initiative (NAI), please refer to the FAQ available on the NAI website to understand how their opt-out mechanism functions.
Independent Opt Out Mechanisms
Many of our Clients have their own opt-out mechanisms that are linked from their sites or their online- posted privacy policies. You should review the privacy policies of those partners for these opt-out links if you no longer wish to receive targeted advertising.
PUBMATIC’S SECURITY & STORAGE PROCEDURES FOR YOUR DATA
PubMatic is conscious of the importance of your data to you and conscientious about protecting that data from loss, theft, or misuse. All of the user data collected by PubMatic is stored using the same security measures that we use to protect our own proprietary corporate data. Only authorized users are able to access the data we collect and store. While we cannot absolutely guarantee the security of the data we store, we do use all commercially reasonable measures to protect this information.
We retain the Non-PII collected via our Service at a user level for up to 90 days in order to ensure that our Service is functioning properly. We retain data at an aggregated level – so that no individual, albeit anonymous, user could be picked out from the data – indefinitely for purposes of reporting and system analytics. When we remove the user-level information every 90 days, we purge this information from our servers and record over the media to ensure that the information is permanently erased. If you have any questions about our security practices, please send an email to us at privacy@pubmatic.com.
PUBMATIC’S INFORMATION SHARING
Unless you, otherwise, permit PubMatic to share the Non-PII information it has collected about you, it will only share that information with the following third parties and in the following circumstances: (i) to the appropriate authorities when we reasonably believe we are obligated to do so by law, or in order to investigate, prevent, or take action regarding suspected or actual prohibited activities, including but not limited to, fraud and situations involving potential threats to the physical safety of any person; (ii) to a court of law, arbitration panel, or similar body to enforce or protect our rights either under law or as granted by an agreement; (iii) to the company or entity that acquires all or substantially all of PubMatic’s assets, including if the acquisition occurs as the result of PubMatic’s bankruptcy; or(iv) to third parties that help us provide the Service to Clients, that act as Demand Partners on our RTB service, or that enter into strategic partnerships with PubMatic which allow us to expand the Service for our Clients.
CHILDREN UNDER 13 YEARS OF AGE
PubMatic’s advertising products and the Service are not intended for persons under 13 years of age, and are not intentionally developed for or directed to children. We do not knowingly solicit or collect any personally identifiable information from children under the age of 13, nor do we knowingly market our products or services to children under the age of 13.
PUBMATIC’S E.U. SAFE HARBOR STATUS
PubMatic complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of PII from European Union member countries and Switzerland. PubMatic has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view PubMatic’s certification, please visit http://www.export.gov/safeharbor/
CHANGES TO PUBMATIC’S PRIVACY POLICY
We may revise this Privacy Policy at any time. Any changes and/or updates to the Privacy Policy will be updated directly on this page. We encourage you to visit this page periodically to review our current Privacy Policy so that you will always know what information we gather and how we may use that information. In the event we make any material changes to this Privacy Policy, we will advise our Clients of those changes in advance.
CONTACTING US
Should you have any questions in regards to this Privacy Policy or PubMatic’s privacy practices, please contact our representatives at the following email address and they will be more than happy to clarify and assist you in any way possible: privacy@pubmatic.com, or by mail at:
PubMatic, Inc.
c/o Privacy
P.O. Box 975
Palo Alto, CA 94302
PRIVACY PRACTICES FOR THE PUBMATIC WEBSITE
What Information Does PubMatic.com Collect?
PubMatic collects PII in the Career Opportunities section of the Website, such as personal name, company name and e-mail address, and collects resumés from job applicants over email. The information that PubMatic records is for reply only and is later on erased with no further use. We do retain resumés in case there is a future match with a role we are looking to fill. Nevertheless, we never attempt to match the cookie-based Non-PII we collect with the PII we gather from our Website or with the resumé information we gather from job applicants. If, for any reason, you would like us to update, correct, delete or deactivate any PII that you have provided to us on the Website or through a job application or resumé, please contact us at privacy@pubmatic.com and we will complete the request in a reasonable amount of time.
We Collect Non-Personally Identifiable Information From Website Visitors.
We collect Non-PII from visitors to this Website through persistent cookies. Non-PII is information that cannot by itself be used to identify a particular person or entity, and may include your IP host address, pages viewed, browser type, Internet browsing and usage habits, Internet Service Provider, domain name, the time/date of your visit to this Website, the referring URL and your computer’s operating system.
We Occasionally Display Content or Ads from Third-Party Websites.
The Website may contain links to and advertisements for websites operated by third parties whose privacy practices may differ from PubMatic’s. While we endeavor to associate only with reputable entities, PubMatic cannot be responsible for the privacy practices of these other websites. We encourage you to check the privacy policies of all websites that you visit.
