鶹ýAV

Responsible Advertising & Data Governance

Maintain strong governance and oversight processes to deliver optimal outcomes for stakeholders and limit the risks associated with online advertising and data use.

Our Approach

Publishers rely on 鶹ýAV’s technology to sell advertising inventory across a variety of channels and formats, including desktop, mobile, and CTV. We help the world’s leading agencies and brands reach millions of consumers in a transparent, efficient, and brand safe manner, while respecting end user privacy.

Responsible Advertising

鶹ýAV operates its platforms in a transparent and fair manner by actively working to identify and eliminate fraudulent transactions, non-human traffic, malware, abusive content, harmful disinformation, and brand unsafe inventory violations. We have developed a number of guidelines relating to inventory quality and advertising quality standards covering all of our platforms and across all formats.

Our inventory quality guidelines address inventory authorization, legal compliance (e.g. respecting laws and sanctions in originating countries), intellectual property infringements, transparency, viewability, performance characteristics and acceptable content standards. We also utilize a tapestry of industry, proprietary, and third-party technology to identify and eliminate machine, bot, and other non-human generated traffic in real-time. These guidelines ensure only high quality inventory is available for sale through 鶹ýAV platforms, while also ensuring that all parties are compensated fairly for any transaction over the 鶹ýAV platforms and protected from fraud. 鶹ýAV also maintains processes, and third-party technology for sellers with concerns about any undesired and/or malicious ad serving on their media.

Our advertisement quality guidelines provide direction and baseline requirements on the types of creatives permitted through our platforms. These guidelines cover legal compliance (including laws, and standards set by industry organizations such as the NAI), ad and landing page behaviors, acceptable content, and bid response requirements. 鶹ýAV works closely with buyers to address concerns about any ad serving against undesired and/or malicious content. We also reserve the right to reject, suspend, or remove from our platforms any ad in our sole discretion.

鶹ýAV’s policies and guidelines relating to inventory quality, ad quality and privacy are available to the public and can be found here.

Privacy & Data Governance

鶹ýAV is committed to processing personal data in a manner that is responsible and compliant with applicable – and evolving – data protection legislation and best practices, which we regularly review to ensure we adhere to the highest standards. As part of this commitment, it is important to note, 鶹ýAV does not process any raw or clear text personal information for the provisioning of our services. This means 鶹ýAV does not process, as an example, a user’s name, email address, phone number, or postal address to perform our services or for our services to work. The types of data we collect include IP addresses, cookie identifiers, device identifiers, and other device-related information such as web page URL, browser or app where a user is viewing content. Any information 鶹ýAV processes in delivery of its services is limited to a pseudonymized identifier.

鶹ýAV recognizes its obligations associated with data processing to all stakeholders, including stockholders, clients, employees, and suppliers. To demonstrate 鶹ýAV’s stance and responsible practices towards processing personal data, 鶹ýAV has implemented a Privacy Program that is governed by a framework aligning with privacy principles outlined in the Fair Information Practice Principles and data protection laws around the world such as the General Data Protection Regulation, and the California Consumer Privacy Act. These principles outline that:

  • Personal data is processed lawfully, fairly, and in a transparent manner;
  • Personal data collected or processed is done so only for the limited purposes disclosed;
  • Personal data is processed only as needed, for data minimization;
  • Storage limitations and retention periods are established for personal data;
  • 鶹ýAV ensures the accuracy, integrity, confidentiality, and security of personal data it processes;
  • 鶹ýAV maintains accountability over its processing activities and these principles.

鶹ýAV’s Privacy Program and Privacy Governance Manual outline how we comply with these principles when processing personal data. These programs are led by 鶹ýAV’s chief privacy officer and monitored by our appointed data protection officer. The 鶹ýAV Privacy Governance Manual documents the organizational approach and policy to processing of personal data, data privacy, and data protection management of personal data. The manual details how personal data processing will be governed, managed and secured in order to meet the privacy standards of 鶹ýAV and legal regulatory requirements. This manual applies to all personal data processing conducted by 鶹ýAV, either in the provision of services to its clients, customers, or partners, or in the management of its own employees or contractors.

Furthermore, 鶹ýAV employees are required to complete annual training related to data privacy and data protection to ensure that they are constantly apprised of the company’s evolving practices and standards.

Privacy by Design

In addition to assessing risk and maintaining compliance with data protection regulations, the Privacy Program and Governance Manual help 鶹ýAV foster a culture of privacy by design as a necessary component for processing personal data by 鶹ýAV entities, and to ensure business strategies and development take the processing of personal data into account by building in privacy features to new products and services. Privacy by Design enables 鶹ýAV to ensure compliance with data protection regulations, and to keep data privacy and data protection best practices at the focus of new products and services.

Memberships

As part of 鶹ýAV’s cohesive privacy framework and governance program, 鶹ýAV prides itself on membership in and compliance with self-regulatory groups within the advertising industry, including the Digital Advertising Alliance (DAA), the European Interactive Digital Advertising Alliance (EDAA), the Network Advertising Initiative (NAI), and the Interactive Advertising Bureau (IAB). Based on our membership, 鶹ýAV is required to adhere to set frameworks, principles and regulations with respect to how personal data is used for behavioral marketing, and other types of digital marketing. These codes focus on transparency and user choice as critical functions that must be provided to consumers or end users. 鶹ýAV not only provides its own choice mechanisms, but also participates in the self-regulatory regime for user choice.

Find all of 鶹ýAV’s policies relating to data and privacy here.

Security Measures

Cybersecurity is a critical aspect of our business. As the world’s largest independent omni-channel sell-side advertising platform, we face a multitude of cybersecurity threats, and our customers rely on us to safeguard their data. These challenges make it imperative that we take information security seriously, and we expend considerable resources on cybersecurity.

鶹ýAV has a range of technical and organizational security measures and controls to protect personal data and ensure the ongoing confidentiality, integrity and availability of 鶹ýAV’s solutions and services. These include:

  • Programs and policies – including an independent information security program and various data policies – all of which are regularly reviewed, reported on and, when necessary, improved upon.
  • Processes and controls for configuration, monitoring, maintenance and disposal of technology and information systems according to prescribed internal and adopted industry standards. This also includes vulnerability testing to evaluate and protect against threats to 鶹ýAV’s technology; transmission controls to protect information in transit; and access restrictions of key data, systems and facilities.
  • Reviews of third-party software and service vendors, software development processes, as well as keeping an inventory of systems, applications and operating systems.
  • Procedures such as incident response plans, business resiliency/continuity for key infrastructure.
  • Regular training for employees around data security and privacy as well as employing a Data Protection Officer.

Please refer to our latest 10-K for additional information regarding our Cybersecurity practices.