Privacy Policy | Zeta Global (original) (raw)

Last Updated: August 29th, 2025

INTRODUCTION

Zeta is a business-to-business (B2B) marketing technology and data company that uses software and information / data about consumers to help advertisers reach selected audiences via online or in-app ads, email, direct mail, telemarketing, SMS, connected TV, or any other channel where advertisements are presented. Zeta also has affiliated companies including Disqus and LiveIntent that are separately branded and that have their own privacy policies. Zeta and our affiliates comply with all applicable laws.

Zeta collects, uses, and shares data about individual consumers for the limited purpose of helping to identify or predict the types of marketing offers most likely to appeal to them. We use and share a lot of data, because more data about a person’s interests and purchase intent leads to more relevant advertising for you, which in turn produces a higher rate of return for advertisers. We do not, however, collect, use, or share data indiscriminately. We limit the types of data we collect to what is relevant to your interests and purchase intent, and we focus on recent data, which is more relevant to how you might spend in the near future, and therefore more relevant to what marketing offers might appeal to you. Our data comes from (a) data that you have consented to be used for marketing purposes, (b) data from our cookies, which may be on your browser and which are recognized when you visit websites where our pixels are in use, and (c) data purchased or licensed from reputable third parties who are in the business of selling consumer data, which includes other companies that are under common ownership with Zeta.

Zeta provides a range of services, as described below, and the way each works is different. But in general, the purpose of our collection and use of data across all of our services is to match people to marketing offers that are likely to interest them, or to help advertisers do so. That is our mission. We use data, software, AI, and ingenuity to help advertisers reach people who want their products and services. Our business succeeds when we help advertisers achieve higher-than-average rates of response to offers—that is, people clicking on or forwarding a marketing offer or ultimately making a purchase.

Zeta maintains a platform known as the Zeta Marketing Platform (ZMP) that serves three functions: (1) our clients can load their own data there to be “activated” into advertising on different marketing channels (email, online, smart TV, etc.); (2) client-owned data can be matched with Zeta-owned data in order to better inform marketing decisions--we may have interest or purchase intent data about you that a particular brand that you have purchased from in the past does not have, and we can use that data to help that brand make decisions about whether, when, or what to market to you without transferring our data to them; and (3) marketing campaigns that involve Zeta sending advertisements to people known to Zeta but not to the advertiser, in order to help generate new business for the advertiser. For the majority of our services, Zeta does not directly sell data to its clients in the sense that the clients do not get to keep Zeta’s data. However, while client and Zeta data are being linked through the ZMP, both companies are considered under applicable laws to be sharing data with each other in order to facilitate cross-context behavioral advertising. That simply means that we are analyzing data about your interactions with multiple websites and/or advertisers and making inferences about what your interests are, or what you intend to purchase in the near future. We also maintain services that sell linkages between online identifiers (like cookie IDs) with email addresses to website publishers and to online identity resolution services. In short, Zeta shares—and in some circumstances, sells—the data we collect from or about you, or that you provide to us.

This Services Privacy Policy describes each of the different types of services Zeta provides, which are divided into two main categories:

When we act as a service provider, we follow our client’s privacy policy because the data we process in that role belongs to our client and we handle that data only at the client’s direction and are acting exclusively on their behalf. When Zeta collects data directly from consumers or obtains data collected by third parties for our own business purposes, we are responsible for how such data is used and shared, and for giving effect to individuals’ privacy legal rights.

Each of our services may include some amount of “lookalike modeling,” where we use data about known purchasers of a product or respondents to an ad to identify individual attributes that are correlated with a propensity to buy that product or respond to that ad. This allows us to create a profile of the attributes of a person most likely to respond to an offer, which is used to inform who we will send a future offer to.

Many of our services include a component of “cross-context behavioral advertising,” which means that Zeta has matched consumer data belonging to our clients with data from other sources in order to better tailor offers to an individual’s interests and preferences.

For all of our services the overall purpose of our data collection, use, and sharing is the same—to match marketing offers to people who have a propensity to engage with them, and ultimately to increase sales for our advertiser clients.

We do not provide services that include ads with illegal or adult content, nor do we advertise on adult sites or collect data about what adult sites people visit. In fact, your browsing history is only collected at certain websites, so it is never a complete history of all your online activity. We do not knowingly collect or sell personal information from children under 18 and in the event that we learn that we have collected personal information from a child under the age of 18, we will delete it. We do not knowingly facilitate any advertising that is exploitative, discriminatory, hateful, deceptive, or abusive, and our process for doing this is audited annually. We do not allow our data to be used to make impactful decisions about individuals, such as eligibility for credit, insurance, housing, employment, or education. Our data is used exclusively to match people to ads that may interest them.

TYPES OF DATA WE COLLECT

The types of data we use are also the same across all our services:

(1) Data you have provided directly either to Zeta, our client (an advertiser), or another company that you authorized to share data for marketing purposes. This data generally includes an email address, but may also include other information, such as your name, street address, and/or the answers to survey questions.

(2) Data collected indirectly from you using cookies or other online or mobile technologies that allow us to identify certain sites that you visit or apps that you use online. Included is information about when and where you gave your permission to receive commercial email, your IP address, the visits you made to certain websites or apps, and in some cases whether you put an item in a shopping cart or completed a purchase. We log these visits to help infer your interests in order to determine what sort of products or services might appeal to you. This data typically does not include direct identifiers (like name and address), but it can still be linked back to you via unique identifiers like a cookie ID, mobile ad ID, or an encrypted version of your email address. We only log your visits to certain websites where our pixels are present—we do not track every page you view across the Internet.

(3) Data we have obtained from third-party data brokers or data partners. This may include data obtained from public records (like your street address, age, and gender), data about physical locations you have visited in the past (we do not collect real-time precise geolocation data), as well as data relating to purchases, interests, or likely interests that is derived from a wide variety of sources including payment card issuers, loyalty card programs, publishers, app developers, and consumer products companies.

Specifically, we collect, use, and have shared in the past 12 months the following categories of data for the purposes described in this privacy policy:

Where we can reasonably infer that a particular computer and mobile device belong to the same user or household, we may extend our advertising campaigns across those devices, serving advertising across multiple browsers or devices. We also work with third-party data companies that help us tailor ads. These activities constitute cross-context behavioral advertising.

When you visit one of our advertiser’s websites or mobile applications (“apps”), or the websites or apps where we display advertisements, we collect information about your activity on that site (such as the page viewed or the advertising that you clicked on) in order to show you relevant advertising (e.g., for local events) or control how many times you may see the same advertisement, in addition to providing advertisers aggregate metrics that help them pay publishers for displaying this advertising. To learn about the marketing offers you might like or dislike, we may also ask you questions directly—for example, we may provide a survey via an online ad that asks about which ads, products, or brands you like or dislike.

We collect information about your device, such as a unique device identifier, browser type and language, and about your connectivity, such as the IP address, the server your computer is logged into, and the operating system information. We collect information such as the URLs you visit, the date, time, and duration of your visit to each page, and certain commercially relevant keywords pertaining to the searches you conduct (e.g. “shoes”). When we provide Optimization and Analytics Services to our customers, we also collect information about your activities on our customers’ websites.

We may also predict whether different identifiers associated with different browsers and different devices, like a laptop, a phone or a tablet, may belong to one person or household, and then link the activity we see across those devices into a common profile. We call this a “device graph.” We believe this helps us serve you better advertisements, control how many times you may see the same ad and provide better service to our advertisers. We make these predictions based on the device and cookie identifiers and associated interest and intent information that we receive from our third-party partners.

We collect information about our partners’ interactions with you—for example, by placing pixels on an advertiser’s web page that let us know if you ultimately purchased an item after we ran an advertising campaign that showed you an offer for that item. We obtain data from other companies that also use cookie or device identifiers to share similar information that they have collected about you with us. For example, we may partner with other companies to learn the kinds of products you like to buy online.

As part of our Optimization and Analytics Services and our Audience Management Services, we may collect names, email addresses and postal addresses as part of an online lead generation campaign or an email marketing campaign on behalf of one of our clients. We don’t make independent use of that data when performing these services, but use it only as directed by our client. But, as described below, our Intelligent Retargeting service may match online data with an email or postal address from the Zeta Data Cloud (see below) for purposes of sending you email or direct mail advertisements.

Sensitive Data

Some privacy laws define certain categories of data as “Sensitive Data.” Depending on the specific law, this category can include government-issued identification numbers, (such as a Social Security Numbers or a driver’s license number or a passport number), precise geolocation data, biometric information, genetic data, neural data, race/ethnicity, religion, sexual orientation, data about health conditions, trade union membership, or other data that can either be used to commit financial crimes or to expose sensitive details about an individual (e.g., financial account information). Zeta collects and uses race / ethnicity data to build multicultural audiences for advertisers. We also build audiences around interests in specific health conditions, religion, or LGBTQ+ that may constitute Sensitive Data. These types of audiences are built from people who have visited web pages with related content where the Zeta pixel is in use. Some privacy laws require prior consent to collect Sensitive Data (e.g., the European Union, and certain U.S. states, Virginia, Connecticut, Colorado, and Texas). Zeta does not collect this type of data from residents who live in places with these laws. Anyone may opt out of our use of this data at any time by visiting our Privacy Choices page.

Particular types of sensitive data we may use and share include:

Political Data. We do not have information about how you voted. We infer political interests from the sites your browser or device visits and the ads you interact with, and we can combine this with general geolocation data obtained from your IP address to determine, for instance, that you are a likely voter for a particular party in a particular congressional district, based on publicly available voter registration data. (Click here for a list of our political segments.)

Health Data. We do not use data about you from your health care providers or insurers unless you have consented for them to use your data to advertise to you. We may infer certain non-sensitive health related interests from the sites you visit and the ads you interact with. We do not collect data associated with specific medical conditions in states like Washington, Virginia, Connecticut, Nevada, or Colorado where collection of this data requires prior consent, however.

Geolocation Data. Zeta does not collect precise geolocation data (e.g., geolocation data that can pinpoint your current or historical location) itself, however, we obtain precise geolocation data from our partner PlaceIQ, which obtains it with opt-in consent without your opt-in consent.

OUR DATA SOURCES

We collect the data described above from the following sources, for the purposes described in this Policy:

WHO WE SHARE DATA WITH

We share, and have shared, data for the purposes described in this policy over the past 12 months, with:

You will find more details in the sections below describing each of our services.

LEGAL BASES

We rely on the following legal bases to collect, process, and share your personal data:

OUR USE OF YOUR DATA IN SERVICES WHERE ZETA ACTS ONLY AS A SERVICE PROVIDER

Where we perform services exclusively as a service provider or data processor, the data that we handle belongs to our advertiser client. In most cases this data will be put in Zeta’s care by the advertiser in order to use our marketing software and tools. Advertisers may also ask us to collect data on their behalf through various means, including direct collection from individuals, at a web page that we host for the advertiser, via cookies or other online tracking mechanisms, or via third-party sources like data brokers. When we collect data as a service, all of the data we collect belongs to our client and is governed by the client’s privacy policy.

Who are Zeta’s Clients? Our clients are companies you interact with every day. Consumer products brands, retailers, financial institutions, travel, dining, and hospitality providers, education providers, healthcare, political advertisers, and others. Sometimes we work with them directly, sometimes we work with advertising agencies who represent many clients of their own. In either case our mission, and the purpose for which we collect, use, and share personal data, is to help these companies use their marketing resources more efficiently by matching offers to the people who are most likely to be interested in them.

Database Services. Zeta performs services for some clients that include database setup, structuring, formatting, migration, and maintenance. In some cases, Zeta maintains a “database of record” for a client, meaning that the client has outsourced the maintenance of its primary customer database to Zeta. In such cases, Zeta may collect data directly from individuals, but handles the associated personal data exclusively as a service provider and does not do anything with the data outside the scope of the specific services that we have been hired to perform.

Email Services. Clients may engage Zeta to send email to their existing customers on their behalf. For instance, if you have given a retailer your email address, we might send commercial or transactional messages from that retailer, such as an emailed receipt for a purchase, a reminder that you have items in your shopping cart, or to deliver an updated client privacy policy. We may also send you advertisements from that retailer, for instance offering discounts, new products, or sales. When we perform these services, we are acting on the advertiser’s behalf, and everything we do is at the advertiser’s direction and subject to the terms of its privacy policy.

Call Center Services. Clients may engage Zeta to receive calls on their behalf, or to make telemarketing calls on the client’s behalf. When we perform these activities as a service provider, we use client-owned data and perform our services in line with the terms of the client’s privacy policy. Zeta does not maintain its own call centers and so uses service providers to perform these services.

CRM Services. We use our software, data and know-how to help our clients better organize and manage their own customer data, in order to determine which offers to send to which customers at which times.

Website Personalization. We use pixels, cookies, and other online data collection techniques to help personalize a user’s website experience. For instance, we may use data collected at an advertiser’s website to determine which language is used, what content and ads are displayed, and to remember settings like font size, page display, or the content you engaged with on your last visit.

Audience Management Services. We use cookies and pixels to help collect and store data such as IP addresses, logfile data, ad impression data, mobile advertising identifiers (e.g., Apple mobile advertising ID or Android advertising ID) and other pseudonymous identifiers. In providing the Audience Management Services, Zeta acts as a service provider for our clients and processes data under their specific instructions. Our clients, not Zeta, own the data used for this service. As such, the use of the data contained in the Zeta Audience Console is subject to the respective advertiser’s privacy policy.

Optimization and Analytics Services. These services help our clients manage their digital marketing programs. For example, we help these businesses customize your experience when you visit their website, generate leads and manage their keyword search advertising programs. We also use the information we collect to measure the effectiveness of ads on behalf of our advertisers and publishers. Where we can reasonably infer that a particular computer or mobile device belongs to the same user or household, we may extend our Optimization and Analytics Services across those devices. We undertake these activities on behalf of our customers and subject to their respective privacy policies.

OUR USE OF DATA IN SERVICES WHERE ZETA COLLECTS AND USES DATA ON ITS OWN BEHALF

The Zeta Data Cloud is what we call the data related to consumers that Zeta collects or obtains and uses on its own behalf. The Zeta Data Cloud consists of several databases where we store data that we have obtained from the different sources described above. It also includes connections to other third-party sources of data (data brokers and data sharing partners) so that we can get data at or near real time in order to inform specific ad placements. This approach means that we are using the freshest, most up-to-date data we can obtain, and it also reduces the amount of data we need to gather into one place in order to provide our services. Our proprietary software, machine learning, and AI tie all these sources of data together which enables us to make very complex decisions about which person is most likely to respond to a specific offer at any given time and deliver that offer to that person.

Fully identifiable personal data (such as email address, name, or postal address) in the Zeta Data Cloud is collected in the first instance when an individual consents to have their data used for marketing purposes. This permission is generally provided at a web page where an individual provides an email address and/or a phone number or other data and checks a box authorizing their data to be used for marketing purposes, transferred to third parties, and augmented with other data obtained from other sources. This consent may be obtained directly by Zeta, or by a partner who we contract with. Once we have obtained this consent (of which we maintain a record), we supplement the data initially provided by the individual with additional online and offline data. Our goal is to obtain the most up-to-date picture we can of the interests and purchase intent of individual consumers so that we can make the best possible decisions about which offer to show to which person at which time. At the same time, the data we collect and use is limited to data that is relevant to consumer advertising, and much of the data we collect has a limited lifespan of a few months before it is deleted as “stale.” Some data, like your name or email address, is persistent and is kept in our systems as long as your profile is maintained. But data like the fact that you are planning a vacation is not.

In addition to providing services to our advertiser clients, we also use data from the Zeta Data Cloud on a temporary, limited basis to evaluate potential data sharing partners, meaning that we might share your data as part of a sample of our data for a limited time to be used in a test environment with another company to evaluate the effectiveness of the other company’s services. When we do one of these evaluations, it is subject to appropriate contractual terms that include that the company we are evaluating may not do anything else with the data and must delete any data that we share with them at the end of the evaluation period.

All of the services described below may be accessed by our advertiser clients via our proprietary platform known as the Zeta Marketing Platform (ZMP).

Personal data in the Zeta Data Cloud is used for the following services:

Acquisition Email. For this service, we send client advertising by email to people who have consented to receive commercial email. These emails all comply with applicable laws (including the U.S. federal CAN SPAM Act) pertaining to the sending of commercial email and include opt-out links so that recipients can request not to receive future emails. This service does not include selling data to our clients. Our clients obtain data when someone to whom we have sent an ad responds to the offer or makes a purchase. Then we will provide the client data on a limited basis showing that we advertised to that person, solely to validate that we played a part in bringing a new customer or a new sale to the advertiser.

Acquisition Email services for a particular client usually begin with an analysis of a sample of that client’s existing data in order to create a profile of individual attributes that are correlated with an openness to respond to a particular offer. We then look to the Zeta Data Cloud to find people who share those attributes but who are not already existing customers of our client and send offers or advertisements to those people.

Data Cloud CRM Services. This service consists of loading a Zeta client’s customer data onto a secure Zeta-controlled server and then using our software to compare the client’s data with data in the Zeta Data Cloud. In most cases, we have more current data points about an advertiser’s customers than the advertiser has. We can use that data to generate insights that the advertiser could not produce on their own, like which existing customers would be most likely to respond to a particular offer. We may sell any of the types of data we collect to an advertiser as part of this service. This service is also an example of cross-context behavioral advertising.

Online/Cross-Context Behavioral Advertising. The data we use for Online/Cross-Context Behavioral Advertising is tied to a cookie ID, a mobile advertising ID, or other data related to a specific device, like a computer, smartphone or smart TV, or to a browser on that device. In many cases Zeta is able, by means of matching cookie IDs and other unique identifiers, to link OBA data to other, fully identifiable data.

When you visit different sites on the internet, different companies place cookies on your browser, and use these to collect information about the sites you visit, the ads you respond to, and the online purchases you make. Through a process known as “cookie matching” different companies (data sharing partners) can sell or exchange different bits of this data. By stitching together bits of data from lots of different sources, we are able to create a rich and up-to-date data set that enables us to make predictions about which of an available choice of offers is most likely to appeal to a specific person, or which people are most likely to respond to a specific offer. Zeta performs cookie-matching between the data used for OBA and the Zeta Data Cloud to enable users of our Data Cloud to leverage the interest and purchase intent data generated on the OBA side of our business. This cookie-matching means that data used for OBA is in some cases linked to fully identifiable data. One service, known as “Intelligent Retargeting” uses cookie matching specifically in order to link an anonymous website visitor to an email address or postal address, so that the individual will receive email or direct mail relating to the company whose website they visited.

We offer some more focused services within the broad sphere of OBA, including operating a “demand side platform,” (“DSP”) which is a means of matching specific users to specific ads, personalizing content on a website to a users’ interests, and placing online ads across a range of websites.

Supply Side Platform (SSP) Zeta operates a SSP, which is basically a marketplace where website publishers can sell open ad space to advertisers (or their agencies) to fill with ads via automated online auctions. This service uses minimal personal data, such as cookie IDs, IP addresses (and derived approximate geolocation) for the purpose of conducting these auctions, placing ads, and verifying and auditing these transactions.

YOUR PRIVACY RIGHTS AND OPTIONS

Privacy laws around the world give individuals different versions of the rights described below. Zeta allows any person to exercise the following rights no matter where they live. Zeta will not discriminate against you for exercising your privacy rights. Prior to fulfilling a request for a copy of data, Zeta is required to reasonably verify your identity, which we generally do by sending a verification link to the email address associated with your data, or by reading a cookie directly from your browser. Under applicable laws, you can use an authorized agent to make a request on your behalf, but that agent must be able to complete our verification process in order to demonstrate that they have been authorized to make the request. For data in our Data Cloud, verification will require access to the email address that is submitted with your request. For data that is linked to cookies but not integrated into our Data Cloud, access can only be provided to the browser where that cookie is present.

To exercise your rights with respect to data associated with your email in the Zeta Data Cloud either by you or your authorized agent click here. California residents may also call 1.866.709.0840. To view, access or delete data associated with cookies that Zeta uses for Online Behavioral Advertising, click here. You may also use the opt-out link included in any commercial email we send you, or respond STOP to any SMS marketing message we send. If you have any problems using these mechanisms you can contact [email protected] for more help. In the very unlikely case that we refuse your request, you can appeal that decision by contacting [email protected] for a review of your case.

If you make a rights request, we will normally respond within 30 days if you live in Europe or Canada, or 45 days if you live elsewhere. However, if we are experiencing a high volume of requests, we may take up to 90 days to respond. You can access (or delete) data used for Online Behavioral Advertising in real time here.

You have the right in many countries to contact a privacy or data protection authority if you believe we are not complying with privacy laws, and we have not been able to resolve the situation to your satisfaction. Many countries have a dedicated privacy / data protection authority; in the United States you can make a complaint to the U.S. Federal Trade Commission or your state Attorney General.

Statistics on Exercise of Privacy Rights during 2024

We are required by certain state laws to publish statistics on how many people exercised their privacy rights in the previous year. Because our mechanism for honoring privacy rights with respect to cookie-linked data operates in real time as an automated conversation between your browser and our server, we are not able to provide statistics on the number of people who use it. The following statistics are for people who made requests relating to their fully identifiable data contained in the Zeta Data Cloud during the year ending December 31, 2024. These statistics cover all requests received from individuals around the world.

Opting-out of Online Behavioral Advertising and Data Collection by Our Cookies

In addition to your rights under state, national, or local privacy laws, you also have the ability to opt out of online behavioral advertising and tracking via our cookies. We describe your options in the sections below.

Click here to see whether our cookies, and information associated with them are on this browser. You can also download a copy of this data, or delete it. Our cookies are called “rfihub,” “zeta,” “zync,” “disqus,” “boomtrain,” or “netmng,” and you can find them if you search for cookies in your browser settings.

To learn more about OBA/cross-context behavioral advertising, analytics services and your choices, including how to opt out of some interest based advertising, visit https://www.youronlinechoices.com, https://youronlinechoices.eu/, the DAA Consumer Opt-Out Page, NAI Consumer Opt-Out Page and Google’s information page.

You can also refuse or disable cookies already stored on your browser as follows:

For Edge, click here
For Internet Explorer, click here

For Mozilla Firefox, click here
For Google Chrome, click here
For Safari, click here

Below are links to information about managing your cookie preferences in common browsers:

Opting Out of Personalized Advertisements

To opt out of interest-based advertising from Zeta go to https://zetaglobal.com/rights-request/ or to opt out of other personalized advertising via the DAA’s opt-out page go to https://optout.aboutads.info/?lang=EN&c=2 .

If you opt out of interest-based advertising, then we will opt you out for all the identifiers or devices that we have associated with you at the time of the opt out request. We use a predictive process to associate identifiers and devices and do not know definitively all devices or browsers that you may use, so that process is not guaranteed to be error free. If you want to be completely thorough, we recommend that you use this opt out process for each device and browser you use.

Zeta DSP complies with the Self-Regulatory Principles for Online Behavioral Advertising as managed by the Digital Advertising Alliance (DAA). You may opt out of receiving personalized advertisements by DAA members via the DAA website here. Zeta is also a member of the DAA of Canada (DAAC) and the European DAA (EDAA) and follows their self-regulatory codes as well.

Zeta DSP is integrated with the DAA’s AppChoices program, which allows consumers to download and manage their privacy preferences in a mobile environment. You may download DAA’s AppChoices mobile app on your iOS or Android device in order to exercise choice regarding the collection of application activity for interest-based advertising. Links to those applications are below:

What happens when I opt out?

If you opt out of interest-based advertising, you’ll still see ads from us online, but they may not be tailored to your interests. Note that we’ll still maintain some “opt out cookies” on your computer to note the fact that you’ve opted out. Each opt-out cookie is associated with a particular computer and browser. So, for example, if you get a new computer, install a new browser, or clear your cookies, you’ll need to opt out again if you still do not want interest-based advertising. Our opt-out cookies never expire. If you change your mind, click here to opt back in.

Do Not Track / Global Privacy Control (“GPC”)

We recognize and process Global Privacy Control (GPC) signals and other universal opt-out preference signals as valid requests to opt out of the sale and sharing of personal information. When we detect these signals from your browser or device, we will automatically opt you out of the sale/sharing of your personal information associated with that browser or device. We process these signals automatically without requiring account creation or additional verification.

WHERE WE PROCESS DATA

Zeta is headquartered in the United States, and the majority of our services are performed in the United States with . We may also rely on staff in other locations to process your data. When you provide data to Zeta, you consent to its processing in the U.S., India, or any of our other locations around the world. Zeta has executed internal data transfer agreements that include the EU’s Standard Contractual Clauses (as well as the UK equivalent) as our basis for enabling EU data to be accessed lawfully in non-EU countries and to transfer between different Zeta entities in different countries.

Our online services may potentially collect data relating to residents of any country, but the majority of the data in the Zeta Data Cloud relates to residents of the United States. We may also handle as a service provider client-owned data that originates from any country. In these cases we rely on EU and/or UK Standard Contractual Clauses to provide a lawful basis for processing.

HOW LONG WE KEEP DATA

We keep data only for the period of time needed in order to achieve our stated purposes—i.e. to match people with marketing offers that interest them. Different data is therefore needed for different lengths of time. If you have given us data and permission to market through one of our websites or a partner website, we may continue to use some version of your data for marketing purposes until you revoke your consent / opt out. Certain data, like your contact information, we will keep as long as it is current. Data linked to a device like a smartphone will be maintained for as long as we detect that device on websites or using mobile apps on a regular basis. But data relating to your interests and purchase intent needs to be current to be useful to us, so we are constantly refreshing such data and rely only on the past several months’ data to inform our marketing choices. Data that is years old is generally not useful to us because it is a poor indicator of what you are currently interested in or shopping for.

The Zeta DSP deletes user profiles in our database after 90 days of inactivity. This means that if we have not had an opportunity to show a consumer an ad, observed a visit from a consumer to a website that includes a Zeta DSP pixel, or received new information from one of our partners about a consumer, we will delete the user ID associated with that consumer. We see activity from a broad range of places on the Internet, and the 90-day period restarts every time we have an interaction with you. So as a practical matter, if you want to opt out of our cookie and device-based data collection, you should follow the steps to opt out described above.

Data that we compile for purposes like reporting, attribution and fraud detection will be retained for up to 30 months.

DATA SECURITY and PRIVACY BY DESIGN

Zeta uses commercially reasonable, industry standard practices to protect data. These include technical, physical, and organizational controls designed to prevent loss or unauthorized access to data. Our security measures are audited every year by an independent third party, and we are constantly evolving our approach to security to keep pace with emerging threats.

Zeta also follows the practice of “Privacy by Design,” meaning that we consider the privacy implications of our products and services and ensure that they are built to standards that align to privacy requirements and enable privacy rights around the world. The Zeta Privacy office is headed by a Chief Privacy Officer (who also acts as Zeta’s Data Protection Officer for GDPR purposes) and includes legal and non-legal resources with significant experience in the field. These professionals provide advice and guidance to Zeta’s product designers, engineers, human resource professionals, and other businesspeople on a regular basis.

OUR POLICY REGARDING CHILDREN’S DATA

Zeta does not knowingly collect or solicit information from anyone under 18 years of age. Our services are directed to businesses – advertisers and their agencies – and are not directed to children under 18. If we learn that we have collected personal information of a child under 18 without parental consent, we will delete such information. We prohibit targeted advertising to known children, and provide parents and guardians with enhanced rights to access, delete, and control their children’s information. If you believe that we might have any information from a child younger than 18, please contact us as set forth below.

TEXAS DATA BROKER DISCLOSURE

The entity maintaining this website is a data broker under Texas law. To conduct business in Texas, a data broker must register with the Texas Secretary of State (Texas SOS). Information about data broker registrants is available on the Texas SOS website.

TRANSPARENCY AND CONSENT FRAMEWORK PARTICIPATION

Zeta Global participates in the IAB Europe Transparency and Consent Framework (“TCF”) and complies with its Specifications and Policies as outlined in TCF v2.2. Zeta Global’s vendor identification number within the framework is 469. More information about TCF is available on the IAB Europe website.

INDUSTRY MEMBERSHIPS AND CERTIFICATIONS

Zeta has been audited and certified GDPR-compliant by ePrivacy, an independent auditor based in Germany. See here: https://www.eprivacy.eu/en/customers/awarded-seals/company/zeta-global-corp/.

Zeta’s Demand Side Platform is a member of, and complies with the following self-regulatory programs:

HOW TO CONTACT ZETA GLOBAL AND ITS PRIVACY OFFICER

You can reach Zeta, including our Privacy Officer, by writing: Privacy, Zeta Global, 3 Park Ave., New York, NY 10016, or emailing [email protected].

CHANGES TO THIS POLICY STATEMENT

We reserve the right to amend this policy statement from time to time. The effective date of the current version will be posted at the top of this page.