Retargetly is an independent full stack data solution. We operate a technology platform consisting of two entities: a data unit and a consulting unit, providing data solutions and analysis for the benefit of publishers, advertisers and end users alike. We are committed to respecting all applicable privacy laws and ensuring your data is secure.
This Privacy Notice explains how Retargetly uses and protects personal information. Retargetly may change this Notice from time to time by updating this page. You should check back to ensure that you are up to date with any changes.
Retargetly does not hold any data that makes you directly contactable, such as names, addresses (physical or e-mail), payment or similar information.
Retargetly is a NAI (Network Advertising Initiative) member and we adhere to the NAI Code of Conduct.
If you have any additional questions and wish to contact our Compliance Department please send us an email at email@example.com.
The organization responsible for deciding why and how your personal information is handled – referred to as a “Data Controller” - is:
1201 N Orange St, Suite 700 #7352
Wilmington, DE 19801-1186
United States of America
The company’s Data Protection Officer is:
Retargetly provides services that assist data partners with access to large amounts of user data to fund their activities through advertising; and brands or advertising agency clients to tailor advertisements better to the anticipated interests and preferences of particular internet users. We do this by obtaining data from a variety of sources (please see Section 5 below), and using it to create audiences of what are likely to be similar groups of users e.g. that have common interests, a common age group or location.
We have two main activities, data segments and DMP. For data segments, we source data from publishers, clients, third parties, and we then create enriched data segments. For our DMP activity (data management platform), we either let clients manage their data sets or we white label it to other parties.
This allows us or our clients to show you advertising that is more relevant and interesting to you, on one or more devices that you use.
In order for us to receive and process your data, you will have already consented to accepting cookies or similar technologies from us or one of our data partners. You can always change your cookie preferences as set out in Section 10 below.
In addition, we will process data in order to measure the effectiveness of advertising (e.g. whether an ad was viewable, clicked on, or led to a purchase), controlling your experience (e.g. knowing how many times an ad was seen or limiting the number of times it’s shown on a particular device), detecting and combating fraud, testing and improving ad campaigns, and analyzing trends in e-commerce and web use.
We process information such as the following:
If we receive information that could be used to determine the identity of users (e.g. phone numbers, ID card numbers, email addresses), then this information is permanently hashed (or anonymized). So even though, under the laws of some places, the data we use is subject to the rules on personal data protection, we do not process personally identifiable information that can identify particular individuals.
Where applicable laws permit, we sometimes process special categories of data (such as inferences regarding people’s ethnic origin, or non-sensitive medical conditions; these are available in the following link). In the EU/EEA/UK we do not process special categories of data and we do not create audiences from these categories of data.
We do not knowingly process data relating to children under 18 years of age. If you are a parent or guardian and believe that we may have processed data relating to a child you are responsible for, please refer to the sections below on managing choices and legal rights.
We rely on various legal bases for our data processing:
When we are a data controller (data segments), our legal basis will be consent. Still we believe we also have a legitimate interest to collect and process personal data for the following purposes:
Where we apply the legitimate interest legal basis, we ensure that we take into account your expectations and rights, and that they do not override our business interests.
When we are a data processor (for example, when client data is managed in our DMP), we will rely on the legal basis of our clients.
Some of our data partners may rely on different legal bases. These should be explained to you before your data is collected.
Retargetly collects data directly on partner websites and apps using cookies, pixels or similar data identification tools. These partners could be clients, advertisers, agencies, publishers, third party data aggregators etc.
Data providers who also have many relationships with website and app publishers may also provide us with their data, and advertisers may already have data lists that they provide to us for provision of advertising services.
We also gather data from sources such as Equifax, Navent, and Almundo.com which may help give us a more complete picture of users’ interests.
Where we believe that we are seeing data relating to the same user or device, or different devices relating to the same user, we may combine these different data sources in order to make the results more complete and accurate.
We require all our data partners only to collect data in accordance with applicable laws and to ensure that proper information and choices are given to all users.
For our clients and data providers, we may provide analyses and insights in the form of aggregated data, which does not include any individual personal data. Still, some selected clients may receive complete exports of our data at a granular level (cookie IDs, device IDs, segment IDs…).
We also may provide data to third party platforms that provide technology for the purchasing of ad placements such as demand side platforms, data management platforms and ad networks.
We also work with selected external data processors, e.g. for audience measurement, secure hosting or data storage providers.
Certain clients may have access to our platform on a white label basis for the purposes of creating customized audiences or data analyses for their own clients.
We may also need to provide data to other entities in our group of companies (currently located in Argentina, USA, Mexico, Brazil) that provide technical or support services. We would rely on the appropriate transfer mechanisms.
Occasionally we may receive a request from a government, law enforcement agency or regulator requesting data from us, and we would normally comply with such request without having to notify you or other users.
Other companies in our corporate group and some of the technical service providers referred to above may be located outside of your country. In particular, where we send data originating from the EU/EEA/UK to other places, we put in place safeguards designed to ensure that data is processed in a way equivalent to the rules applicable in the EU/EEA/UK. These may include various transfer mechanisms such as for example the European Commission approved standard contract clauses for transfers outside the EU. A copy of these safeguards may be made available if we receive a valid request.
We retain audience data for up to 18 months for advertising purposes. Aggregated and anonymized or statistical data may be retained for 18 months for reporting.
A cookie is a small piece of data sent from a website and stored in a user’s web browser while the user is browsing that website. Every time the user loads the website, the browser sends cookie information back to the server to notify the website that it recognizes the user.
You can find more information about different types of cookies here.
We use persistent cookies that enable us to track and target the interests of our users to enhance the experience on our partners’ websites. Persistent cookies remain on your device for an extended period of time. You can remove or manage persistent cookies by following the directions provided below.
If you no longer want to allow us to use your data for personalized ads, you can manage this directly as explained here. Please note that this procedure will block ads that are displayed by Retargetly, and if you have accepted cookies from other advertising providers you may need to repeat the process in relation to those. Of course, most websites and apps contain advertising, so those non-tailored ads will not be affected by managing cookies.
Please manage your choices here: retargetly.com/opt-out
Managing choices in these ways sets a new cookie in your browser, which needs to be retained in your browser so that advertising providers recognize you as a visitor that has made this choice. If you clear that cookie from your browser, use a different web browser, or use a new device, you will need to repeat the process.
You can also remove cookies from your web browser by following the directions provided in your browser’s “help” section. Remember that some cookies are essential for using different features of certain websites, so if you clear all cookies then those features may not work as expected, or you may need to accept some cookies on your next visit.
For opting out in mobile devices please review your system privacy controls. For more information visit: https://www.networkadvertising.org/mobile-choice
If you are located in the EU/EEA/UK, the GDPR lists the following rights:
Concretely, this means you have many rights in relation to data relating to you e.g.:
If our data processing is based on your consent, then you can always withdraw that consent (but any processing that took place before withdrawal will still be legal).
If you request that data be erased, the usual method for this is to remove all personally identifying elements so that the data is permanently anonymized and cannot be traced back to you.
As we do not process contact or identification data such as names or emails we may not know whether or not we are processing any data relating to you, and may not always be able to meet specific requests, but we will always use reasonable efforts to do so.
In case of any issue, please contact us using the details in this Notice and we will help as far as we can. If you believe that we have not respected your rights then you also have a right to make a complaint to the Supervisory Authority in your country (e.g. in Spain, the Agencia Española de Protección de Datos).
Consumers who are resident in US states such as California, Colorado, Virginia, Connecticut, or Utah may have additional rights under state privacy legislation which defines personal information more broadly, ensures greater transparency and accountability and provides consumers with extended rights as to the collection and use of their personal information.
Your rights under US State Privacy Laws:
If you are resident in one of the states where specific privacy legislation is in effect then, depending on the particular provisions of applicable local laws, you may have some or all of the following rights:
Exercising your rights under US state laws:
If you want to make a request for exercise of any of the above rights, you (or your authorised agent) can write to privacy [at] retargetly.com or call us toll free at +1 800-207-6471 and we will respond within 45 days as per the law.
If you make such a request, including through an authorised agent, we reserve the right to verify your identity and the agent’s authorization.
However, we may not be able to respond to your request if it is not permitted or foreseen under applicable law.
(Please note that we do transfer personal information collected through our network of partners to third parties and as such are considered as having disclosed or sold or shared data over the past twelve months. Please see Section 16 below for more information).
Statistics of data subject requests for the year 2021 (CCPA):
The number of requests to know that the business received, complied with in whole or in part, and denied: 8
The number of requests to delete that the business received, complied with in whole or in part, and denied: 117
The number of requests to opt-out that the business received, complied with in whole or in part, and denied: 110
The median or mean number of days within which the business substantively responded to requests to know, requests to delete, and requests to opt-out: 5.29 days
The Lei Geral de Proteção de Dados Pessoais (LGPD) applies to any resident or any company (located in Brazil or abroad) collecting or/and processing data from Brazilian residents. A data protection authority will soon be established and will offer guidelines and guidance with regards to compliance. Retargetly collects data based on a valid legal basis such as consent (consentimento) or legitimate interests (interesses legítimos) as per article 7.1 of LGPD. Retargetly is in the process of appointing a Data Protection Officer ("Encarregado").
Data subjects have the following rights under the LGPD:
The Colombian Law on the Protection of Personal Data - Law 1581 of 2012 - is a law that protects individuals' rights to authorise the personal information that is stored in databases or files, as well as the rights of “hábeas data”, and further guiding principles of data protection, which Retargetly adheres to.
Data subjects have the following rights under Law 1581:
In order to exercise your rights under Law 1581, please contact us as set out in section 2 or send us an email to firstname.lastname@example.org and we will respond within the legally required deadlines.
In the unlikely event of a Data Breach that affects Colombian residents, Retargetly will notify the Superintendent for Industry and Commerce through the official channels provided in their website here: