OpenX Ad Exchange Privacy Policy (original) (raw)

Last updated: October 03, 2024

1. Introduction
2. What personal data do we collect?
3. Why do we collect, use, and store this personal data?
4. How and to whom do we share your personal data?
5. How can you opt out of interest-based advertising?
6. What are cookies and how do we use them?
7. What choices and rights do you have with respect to the data we process?
8. How long do we retain your personal data?
9. What if we update this privacy policy?
10. How can you contact us?

1. Introduction

OpenX (“OpenX“, “we“, “us” or “our“) runs an advertising exchange (the “Ad Exchange”). This means that we connect companies that offer advertising space on their websites, mobile applications, or connected television applications (called “Publishers” in this Privacy Policy) with brands, advertising agencies, and demand side platforms (called “Advertising Partners” in this Privacy Policy) looking to purchase that advertising space in order to advertise their products or services to consumers like you.

We know you may have questions and concerns about who is collecting your data, how your data is used, and how Publishers and Advertising Partners seem to know which products and services you may be interested in as you engage online. We’ve designed this Privacy Policy to help answer those questions with respect to the data that flows through our systems, and to make sure you know how to take action to prevent or limit our collection and use of your data for interest-based advertising (sometimes called “targeted advertising” or “cross-context behavioral advertising”) if you choose to do so by clicking here.

We encourage you to read the whole Privacy Policy, because it provides important information about how we may process your data, and the choices or rights you may have with respect to our processing of your data. In the meantime, here are some key takeaways:

• We collect data about you from Publishers, Advertising Partners, and third party data providers.
  • This data may include personal information about you such as your device identifiers, location, browsing history, and specific interests, and it may be collected from a variety of partners, such as Publishers operating websites and apps.
• We use this data to understand your online activity and interests over time so we can serve you relevant ads.
  • Using cookies and other persistent identifiers that track your online activity, we collect data about you across different websites and apps, and across different devices. So, we may know you visited a website on Monday from your desktop computer to look at a product, returned to the website on Tuesday from your mobile phone to add the product to your check-out basket, and finally completed your purchase of the product on Wednesday from your tablet. We use this data to learn about your interests over time and understand what products and services may be most relevant to you.
• We share this data with third parties.
  • We share the data we collect about you, and the information we learn from it, with the Advertising Partners that use our Ad Exchange to help them decide whether, where, and how to serve (or re-serve) advertisements for particular products or services to you. We may also share some of your data with trusted third party data providers and service providers.
• We don’t know your name, but we do know your online identifier.
  • None of the data we collect or share about you via our Ad Exchange is connected to your clear-text name, contact information, or other information that could directly identify you as an individual. But, it is connected to the cookies and other persistent identifiers that are affiliated with your unique online activity. So, while we (and the partners who use our Ad Exchange) may know about the interests and online activity of device ABC123 and use it to serve that device ads as described above, we don’t know that device ABC123 is used by a person with your name.
• You can opt out of interest-based advertising.
  • While we strongly believe that our services help foster a healthy Internet, grow a strong economy, and enhance your online experience, we understand that not everyone wants to receive interest-based (i.e., “targeted” or “cross-context behavioral”) advertisements. You can opt out by clicking here or by following the instructions in this section.
  • If you do opt out, you should understand that you may still receive the same amount of advertisements from Advertising Partners using our Ad Exchange (or other ad exchanges) as you engage online. But, at least for advertisements served via our Ad Exchange to your opted out device(s) or browser(s), none of those advertisements will be tailored to your specific interests over time.

To learn more about our collection, use, and disclosure of your data, and your choices or rights with respect to our processing of your data, please scroll down to read the rest of this Privacy Policy. If you have any questions as you do, you can always contact us here.

As you read our Privacy Policy, please also remember that the Publishers and Advertising Partners you interact with as you engage online and in the real world may have their own privacy policies that govern how they collect and use your data, including when they may share your data with advertising partners like us. These policies and practices may differ from what you read in our Privacy Policy. To fully understand how your data is being collected, used, and shared, you should always carefully read the privacy policy of any website you access, any app you use, and any social network page through which you share information.

2. What personal data do we collect?

Unless you contact us directly, we never collect information that directly identifies you, such as your clear-text (i.e., unhashed) name, physical address, email address, phone number, online usernames, or user passwords. But, we may collect the following categories of personal data about you from Publishers, Advertising Partners, and third party data providers that partner with us to serve you advertisements:

• Unique online identifiers
  • These are persistent identifiers that help us identify you across devices and over time, such as your IP address, cookie ID, mobile advertising ID, hashed email address, and user agent string
• Online and offline activity and interests (including inferences)
  • This includes information about your online activity and interests, such as your browsing history and online behavior
  • This may also include information about your offline activity and interests, such as your purchase history
  • And, this may include information derived or inferred from your online and offline activity and interests, such as your likelihood to be interested in buying a particular product, using a particular service, or visiting a particular website
• Geolocation information
  • This is information about your or your device’s location, such as your country, region, metro, zip, or postal code, or geographic coordinates, typically as inferred from your IP address
• Browser, device, and service information
  • This is information about the devices you are using to engage online, such as your browser or device type (e.g., Google Chrome, iPhone), screen dimensions, operating system, and preferred language
• Ad reporting and delivery information
  • This is information about the advertisements you have been served and how you interacted with them, such as the size and format of advertisements you were served and whether you clicked on them

As described above, we collect this information primarily using cookies and other persistent identifiers that track your online activity. You can learn more about these technologies in this section.

We will also collect your personal data if you visit our website or contact us for any reason, although we will not use this data for advertising via our Ad Exchange. Please view our Website Privacy Policy to learn more.

3. Why do we collect, use, and store this personal data?

Depending on where you live, we may need a valid legal basis to collect, use, and store your personal data. If we do, depending on the circumstances, our valid legal basis may be: (i) that you have given us permission to process your data by consenting to our processing or by choosing not to opt out of our processing after receiving notice of our processing activities (we’ll collectively refer to this legal basis below as “consent”), in which case you can always withdraw your consent or opt out of our processing by contacting us here (note, though, that withdrawing or opting out will not affect the lawfulness of processing based on consent before a withdrawal or opt out); (ii) that it is in our legitimate interests to process your data, taking into consideration your interests, rights, and expectations (we’ll refer to this legal basis below as “legitimate interest”); or (iii) that we are legally required to process your data (we’ll refer to this legal basis below as “legal requirement”).

When we are legally allowed to process your personal data, we may do so for the following purposes, with the caveat that some of our processing activities vary depending on where you live:

• To facilitate non-interest based advertising
  • We may help serve you an ad on one of our Publisher’s online properties based solely on information you have provided directly to that Publisher
  • Our legal basis for this purpose is legitimate interest
• To facilitate interest-based advertising
  • We may help serve you an ad on one of our Publisher’s online properties based on information you have provided to that Publisher, in addition to information we have collected independently or from third parties, including other Publishers, Advertising Partners, and third party data providers
  • You can opt out of interest-based advertising (sometimes called “cross-context behavioral” or “targeted” advertising) by clicking here
  • Our legal basis for this purpose is consent
• To understand your activity and preferences over time
  • We may use the data we collect (whether directly or from our partners) to learn about your online activity across sites, apps, and devices over time and infer information about your online and real-world preferences (e.g., we may infer that device ABC123 is used by a female in the New York Metro area interested in buying new shoes)
  • We only maintain information about your activity and preferences for the last 90 days (at most), and we use this information only to improve our ability to serve interest-based advertisements
  • Although we can’t control our partners’ actions, we also include restrictions in our agreements with our Advertising Partners and third party data providers requiring them to limit their use of this information, to the extent it is shared with them
  • You can opt out of this kind of data processing, which facilitates interest-based advertising, by clicking here
  • Our legal basis for this purpose is consent
• To control the content and frequency of ads
  • Whenever we help serve you an ad, we may use real-time information about the context in which it will be shown to help make sure the ad is relevant to you and delivered in a format that will work on your device
  • We also take steps designed to make sure that you are being shown a reasonable amount of ads, that those ads do not contain malware and otherwise meet our ad standards, and that you are not receiving the same ads too frequently
  • Our legal basis for this processing is consent or legitimate interest, depending on the circumstances
• To measure ad performance
  • Whenever we help serve you an ad, we may measure the delivery and performance of the ad to understand whether it displayed correctly, how long you had the opportunity to see it, and how if at all you interacted with it
  • We use this information to provide reporting to our Publishers and Advertising Partners so that they can understand how their ad campaigns are working or can be improved
  • Our legal basis for this processing is consent or legitimate interest, depending on the circumstances
• To build and improve our products, features, and models
  • We use data to build and improve our products and features, including by building and improving models and algorithms through machine learning
  • Our legal basis for this processing is legitimate interest
• To respond to valid legal requests and protect our legal interests
  • In rare instances, we may be required to produce your data in response to a valid legal request from a governmental, law enforcement, or other legal entity
  • It is also possible, although unlikely, that we may need to produce your data to protect our rights and property, or to protect someone’s safety
  • If we are required to produce your data in either of these circumstances (or any similar circumstances), we will limit our response to the information required to resolve the legal request or situation
  • Our legal basis for this processing is legitimate interest or legal requirement, depending on the circumstances

When we process your personal data for one of these purposes, we do so in accordance with our robust privacy program, including by taking measures to securely store and transmit your data and by adhering to our retention limits.

4. How and to whom do we share your personal data?

We may disclose the information that we collect about you to the following third parties, for the following reasons:

• Advertising Partners and third party data providers
  • As described throughout this Privacy Policy, we pass data to our Advertising Partners, subject to data use restrictions, so that they can combine this information with other information they have independently collected to determine whether to serve (or re-serve) you an ad, and so that they can understand how well their advertising campaigns are working
  • We may also pass data to trusted third party data aggregators or data partners, subject to data use restrictions, so that they can combine this information with other information they have independently collected to understand, and in some cases help us understand, your online activity and preferences across sites, apps, and devices over time
  • Some of these transfers of data may considered “sales” or “sharing” of data under privacy laws applicable to you; you can opt out of any “sales” or “sharing” of data by clicking here
• Service providers
  • We share certain data with contracted vendors, subject to data use restrictions, so that they can perform functions on our behalf, such as fraud and malware prevention, identification of invalid traffic, and data storage and hosting; a list of our service providers is available here
• Affiliates and potential acquirers
  • We may share data amongst affiliate companies in the OpenX group for the purposes described in this Privacy Policy; a list of our affiliates is available here
  • We may also share data in connection with an actual or proposed sale or transfer of all or a part of our business or assets, corporate merger, consolidation, or bankruptcy, including with our advisers and any prospective purchaser’s advisers and with the new owners of the business
• Regulators, law enforcement entities, and other legal actors
  • In rare instances, we may share data with regulatory, governmental, law enforcement, courts with competent jurisdictions, emergency services, or other legal entities or public authorities in response to a valid legal request, to protect our rights or property, to protect someone’s safety, or to meet national security or law enforcement requirements
  • If we are required to produce your data to these entities, we will limit our response to the information required to resolve the legal request or situation

International transfers

OpenX complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. OpenX has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. OpenX has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, OpenX commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the applicable Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit the Data Privacy Framework website.

The Federal Trade Commission has jurisdiction over OpenX’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) here.

Under certain conditions, more fully described on the DPF website here, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. In cases of onward transfer to third parties, OpenX is generally liable for the acts of the third party that are in violation of the DPF Principles.

In parallel to adhering to Data Privacy Framework, in the event that personal data collected from a UK or EEA data subject is transferred outside of the UK or the EEA to an organization in a country which is not subject to an adequacy decision by the EU Commission or considered adequate as determined by applicable data protection laws, we take additional steps to ensure your personal data is adequately protected (e.g., by way of EU Commission-approved Standard Contractual Clauses or by relying on other data transfer mechanisms approved under applicable data protection laws). We are also committed to conducting data transfer impact assessments and adopting any supplementary measures required to mitigate any risks to you identified in such an assessment. A copy of the relevant mechanism can be obtained for your review on request by contacting us here.

5. How can you opt out of interest-based advertising?

OpenX adheres to the Digital Advertising Alliance (“DAA”) Self-Regulatory Principles in the United States (“U.S.”), the European Digital Advertising Alliance (“EDAA”) Principles in the European Economic Area (“EEA”), and the IAB Europe OBA Framework. These principles and framework address interest-based advertising, also called “cross-context behavioral” or “targeted” advertising, which our services facilitate. As described throughout this Privacy Policy, OpenX collects the types of data described in Section 2 across multiple devices and across websites and apps over time, in order to use and transfer such data to our partners to facilitate interest-based advertising.

You can request to opt out of our interest-based advertising services – and the interest-based advertising services of other companies that adhere to the principles and framework listed above – by taking the steps listed below. Please remember that even if you take some or all of these steps, some information may still be collected about you as you engage online, and you may still receive the same number of advertisements. The difference will be we will not collect or use data collected from your opted out browser or device to tailor the online ads you receive to your interests based on data collected over time from different websites, apps, and devices (at least for data collected and advertisements received via our Ad Exchange).

You’ll see that there are multiple steps listed. That’s because, as described throughout this Privacy Policy, interest-based advertising services involve the collection of your data across multiple devices and via multiple mechanisms. As a result, because cookies and other persistent identifiers cannot be read between different browsers or devices, you will need to opt out on each device and browser you use, and may need to take special steps to opt out of the collection of certain kinds of data.

• To opt out on a browser (e.g., as you engage on websites):
  • Cookies and Similar Technologies. Cookies and similar technologies, like web beacons and pixels, may be used to collect data about you as you browse the web. If you live in the EEA, you can learn more about and opt out of this kind of data collection by companies, including OpenX, that adhere to the European DAA Principles at www.youronlinechoices.com. If you live outside of the EEA, you can learn more about and opt out of this kind of data collection by companies, including OpenX, that adhere to the DAA’s self-regulatory programs at https://youradchoices.com/control. As an opt out alternative, you can also download a browser or extension that supports the Global Privacy Control by visiting this website.
    * Please note that in order for your opt-out choice to be effective using the DAA’s tools, you must ensure that your browser is first set to accept third-party cookies such as the OpenX opt-out cookie. Some browsers block third-party cookies by default, and you may need to change your browser settings to accept third-party cookies before opting out. Additionally, if you later use a different device or browser, or erase cookies from your browser, you may need to renew your opt-out choice.
  • Local Storage or Cache. Companies may use the local storage or cache in your browser to collect information about you as you browse the Internet. You can opt-out of this kind of data collection by (1) using any tools provided by your browser to clear local storage and the browser cache, and (2) turning on any “Do Not Track” header setting offered by your browser. Please note that you must complete both of these steps in order to complete the opt out process. As an opt out alternative, you can also download a browser or extension that supports the Global Privacy Control by visiting this website.
• To opt out on a cell phone or mobile device (as you use mobile apps): You can opt out of the collection of data for interest-based advertising on your mobile device, for OpenX and other companies participating in industry self-regulation, by downloading the DAA’s AppChoices application from the Android or iOS app store. Alternatively, or if you live outside of the United States (in which case you may not have access to this application), you can turn off the “Allow Apps to Request to Track” setting in your iOS settings or turn on the “opt out of interest-based ads” setting in your Android settings to limit the collection of your data for interest-based advertising. You can find additional information and more detailed instructions here.
• To opt out of the collection of precise location data (as you use your mobile device): You may wish to opt out of the collection of your precise location data, to the extent Publishers collect and share such data with OpenX and other advertising partners. This would mean that certain data related to your online activity and general location (such as your city) could be collected, but data indicating your precise location (such as your precise GPS coordinates) could not be collected. You can do this by using the “location services” controls in your mobile device’s settings.
• To opt out on a connected television (as you watch TV on apps): You may be able to opt out of the collection of data for interest-based advertising on your connected or “smart” TV or set top box by visiting your device’s settings menu. You can find additional information and more detailed instructions here.

6. What are cookies and how do we use them?

What are cookies?

A cookie is a very small text document, containing a string of characters that uniquely identifies your web browser. Cookies are created when your browser loads a particular website. The website sends information to the browser which then creates a text file. This allows the browser to remember the websites you visit, and that information is shared with other parties such as our Advertising Partners. This also allows us to collect information about your browsing habits over time in order to facilitate interest-based advertising and make advertising more relevant to you and your interests, as described throughout this Privacy Policy.

In other words, when you visit a Publisher’s website or a digital property, we may assign a random, unique identifier, specific to OpenX, to your browser or device. Using that OpenX identifier, our Ad Exchange can automatically recognize your browser or device the next time it visits another website or digital property owned by a Publisher we work with. This means that, over time, our Ad Exchange can track your online activity to learn about your online browsing behavior and preferences. The Publishers and Advertising Partners we work with can also map their own unique identifiers against our OpenX identifier via a process called “cookie syncing,” so that they can use data they have collected independently on our Ad Exchange. In the case of Advertising Partners, the aggregated insights cookie syncing facilitates may influence their decision to bid (or not bid) on opportunities to advertise products or services to you. For example, certain Advertising Partners may be more willing to serve you an advertisement for a particular product if they know, via insights learned from cookie syncing, that you have seen and clicked on advertisements for the same or similar products in the past.

We also use cookies for frequency capping, meaning that we may use data they collect to limit the number of times you see an advertisement, as well as to help measure the effectiveness of our Advertising Partners’ advertising campaigns. Find out more about the use of cookies on https://www.aboutidentifiers.org.

What cookies do we use?

• Cookie ‘i’ –this is the user / market cookie. It includes a random string created to recognize your device for the purpose of delivering advertisements, as well as the timestamp of the string’s creation. By matching this cookie with data collected by Advertising Partners, we and our Advertising Partners can deliver more relevant ads to you. This cookie is stored on your device for 1 year and is refreshed for the next year on each bid request.
• Cookie ‘pd’ –this cookie stores information about which other third parties the user cookie (‘i’ cookie) has been synced with to reduce the amount of user matching done on your device.This cookie is stored on your device for 15 days.
• Cookie ‘OX_dnt’ – this cookie acts as a flag which we set if you indicate that you want to opt-out of interest-based advertising. Please see the information above on opting out of interest-based advertising. This cookie is stored on your device for 5 years.

Third parties

Third parties, such as our Publishers and Advertising Partners, may also serve cookies on your computer or mobile device to facilitate advertising, analytics, and other functions. They may also use information about your visits to different online properties to provide you with more relevant advertisements and measure the effectiveness of their advertising campaigns. We do not have access to or control over these cookies and encourage you to review the privacy and cookie policies of any companies you engage with online to find out about their data collection practices, including how they may use cookies.

7. What choices and rights do you have with respect to the data we process?

Depending on the country or state where you live, you have different legal rights with respect to your personal data and how we may process it. We’ve provided more detail on these rights for consumers in the UK/EEA and certain U.S. states below, but you can always contact us here to learn more.

UK/EEA based individuals

UK- and EEA-based individuals have the right to ask us for a copy of your personal data; to correct, delete or restrict our processing of your personal data; and to obtain the personal data we have collected from you in a structured, machine readable format. In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement).

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to a data protection authority where you live, work or believe a breach has taken place. You’ll find contact details for your data protection authority here if you are an EEA based individual or here if you are a UK based individual.

If you would like to exercise any of the rights listed above, please reach us here.

U.S. based individuals

Residents of California, Colorado, Connecticut, Montana, Oregon, Texas, Virginia, and Utah may exercise the following rights regarding your personal data, subject to certain exceptions and limitations:

• The right to confirm whether we have processed your personal data.
• Theright to know and access, in a portable format that is accessible to you, the categories and specific pieces of personal data we collect, use, share, and sell about you, the categories of sources from which we collected your personal data, our purposes for collecting, using, sharing, and selling your personal data, the categories of your personal data that we have shared or sold for a business purpose, and the categories of third parties with which we have shared or sold your personal data. Oregon residents also have the right to obtain a list of third parties (other than our service providers) to which we have disclosed personal data.
• The right to correct inaccuracies related to the personal data we have collected from or about you.
• The right to request that we delete the personal data we have collected from or about you.
• The right to opt out of our processing and sharing of your personal data for purposes of interest-based advertising, also called “cross-context behavioral advertising” or “targeted advertising,” which our services facilitate, as well as the right to opt out of our sales of your personal data.
• The right not to be discriminated or retaliated against for exercising any of these data rights.

Certain states provide residents with additional rights related to “sensitive” personal data. OpenX may process limited personal data related to children within our Child-Safe Marketplace, and this data may be considered “sensitive” in certain states. You can learn more about data processing within our Child-Safe Marketplace in our Child-Safe Marketplace Privacy Policy. Other than as detailed in our Child-Safe Marketplace Privacy Policy, OpenX does not knowingly collect sensitive personal data as a business, data controller, or equivalent entity.

To exercise any of the above rights, please reach us here or call us at (855) 231-3834 . You may be asked to submit verifying information in certain circumstances, as described below. Depending on your state, if you have submitted a request that we have not fulfilled, you may appeal our decision by contacting us here.

Verification Process and Required Information: Because most of the information we store is linked only to online identifiers, and cannot identify your name or contact information, we may need to request additional information from you to verify your identity or understand the scope of your request. Such additional information may include your online identifier (e.g., your cookie or mobile advertising ID), your state of residence, and some proof that the devices that have the cookie or mobile advertising ID you provide are yours, such as a screenshot of the applicable cookie or of a screen that displays the mobile advertising ID or other documentation that can verify you.

Authorized Agent : You may designate an authorized agent to make a data subject request on your behalf by verifying your identity and providing written permission to your agent to make the request for you.

Minors’ Personal Data: We do not sell the personal data of consumers that we know to be under 18 years of age or share such data for purposes of interest-based advertising (also known as “targeted” or “cross-context behavioral” advertising).

Collection, Sharing, and Sale of Personal Data:

• In the last 12 months, we collected the categories of personal data described above in the “What personal data do we collect?” section of this Privacy Policy, which correspond to the following categories of personal data under California law: (1) personal and online identifiers; (2) commercial or transactions information; (3) Internet or other electronic network activity information; (4) geolocation information; (4) inferences about your predicted characteristics and preferences; and (5) other information about you that is linked to the “personal information” or “personal data” we collect.
• In the last 12 months, we collected these categories of personal data from Publishers, Advertising Partners, service providers (e.g., fraud prevention services), and third party data providers (e.g., consumer data resellers).
• In the last 12 months, we collected personal data for our commercial and business purposes, as described in more detail above in the “Why do we collect, use, and store this personal data?” section of this Privacy Policy. As described in that section, we sell and share personal data for interest-based advertising purposes (also known as “cross-context behavioral” or “targeted” advertising). However, we do not sell or use personal data for profiling in furtherance of decisions that produce legal or similarly significant effects on you.
• In the last 12 months, we sold, shared, or disclosed personal data we collected to the categories of third parties described above in the “How and to whom do we share your personal data?” section of this Privacy Policy. In particular, we “sold” (as a “sale” is defined under state privacy laws) or shared for interest-based advertising purposes each category of personal data we collected to Advertising Partners and third party data providers (e.g., consumer data resellers). We also disclosed each category of personal data we collected with our service providers and affiliates as well as, in limited instances, governmental entities for our business purposes.
• In the last 12 months, we stored and retained personal data in accordance with the retention periods described below in the “How long do we retain your personal data” section of this Privacy Policy.

Information About Past Year’s California Requests: In 2023, with respect to requests from California residents submitted under the California Consumer Privacy Act, as amended (“CCPA”), OpenX:

• Received 26 requests to know or access, complied with all of them in an average of 34 days and a median of 42 days, and denied none of them.
• Received 32 requests to delete, complied with all of them in an average of 18 days and a median of 23 days, and denied none of them.
• Received 58 unique requests to opt-out, complied with all of them in an average of 15 days and a median of 15 days, and denied none of them.
• Received 8 requests that did not provide a specific type of request, responded to all of them in an average of 17 days and a median of 17 days, and denied none of them.

In some instances, although we have not denied a request, we cannot fully complete the data subject’s requested action due to an inability to connect the data in our systems to the data provided by the data subject. In such instances, we request additional information from the data subject to attempt to verify the request.

8. How long do we retain your personal data?

We may keep each data point we collect about you for a maximum of 90 days from the last date that we received it. For example, if we collect data indicating that you visited a particular website on day 0, we may keep that data until day 90 (at the latest) unless we collect data indicating that you visited that particular website again within that initial 90 day period (in which case, the 90 day clock would reset). For most categories of data, this is limited to 14 days.

Additionally, we’ve set retention limits on the cookies that may be set on your devices. In particular, the market cookie (“i”) used for OpenX’s device recognition is set to remain on your device for a maximum of one year, while the cookie implemented to recognize your opt-out from interest-based advertising is set to last for five years, should you choose to opt out.

9. What if we update this privacy policy?

We reserve the right to update this Privacy Policy at any time. If we do so, we will post the updated policy here and update the effective date. We may also notify you in other ways from time to time about the processing of your personal data.

10. How can you contact us?

If you are a UK or EEA based individual, the data controller for your personal data is OpenX Poland Sp. z o.o.

If you are a U.S. based individual, the business, data controller, or equivalent entity that controls how your data may be processed is OpenX Technologies Inc.

If you have questions about this Privacy Policy or wish to contact us for any reason in relation to our personal data processing, you can contact us here.

If you are a UK or EEA based individual, you can also reach us at:

OpenX Poland sp. z o.o.
Attention: Legal Department
Aleja 29 Listopada 20
31-401 Krakow
Poland

If you are an U.S. based individual, you can also reach us at:

OpenX Technologies Inc.
Attention: Legal Department
177 E. Colorado Blvd., #3039
Pasadena, CA 91105
United States

You may also contact our data protection officer at dpo@openx.com or by calling us at (855) 231-3834.