Privacy Policy

Updated February, 2024

1. Introduction

Retargetly is a technology company that works with Big Data focused on advertising, providing data management and audience solutions for various businesses. We are part of the Publicis Group, headquartered in France, with operations worldwide. Retargetly is a member of the Network Advertising Initiative (NAI) and IAB Brazil – Interactive Advertising Bureau.

This Privacy Policy ("Policy") explains how Retargetly processes and protects your Personal Data when providing our Services. We care about your privacy and want you to understand how we handle your Personal Data and what options you have regarding your Personal Data. We have taken the necessary steps to provide this information in the clearest and easiest way possible, but if you have any questions, please send a message to this email address.

2. What does Retargetly do?

When you visit digital properties such as websites and mobile apps, there are often third parties working behind the scenes to help provide a great digital experience – these companies offer Services like analytics, advertising, and fraud prevention. Retargetly is one of these companies, and we help deliver the advertising that keeps your favorite blogs free, your favorite businesses running, and your advertising experience more relevant.

Retargetly provides its clients with digital advertising and personalized content across the internet. To make some of these things possible and make smarter decisions, we need to use information that may be considered Personal Data.

Our main Services include:

  • Data Management Platform (DMP): Our clients can connect their proprietary data sources, create clusters, extract insights, or activate them as an audience in digital campaigns.
  • Data Segmentation: Identification of standard or custom target audiences, formed by probabilistic and/or deterministic data from categories such as (i) installed applications; (ii) geolocation; (iii) research panel; (iv) offline, affinity, purchase intent, and demographic data.

Considering the Services provided, Retargetly is subject to and respects all applicable Data Protection Laws. Retargetly is the controller of the Personal Data processed as described in this Privacy Policy.

By familiarizing yourself with this Policy, you have taken the first step in understanding how advertising companies, like ours, contribute to the internet's ability to remain a diverse ecosystem of free content while providing a better digital browsing experience.

3. Where do we collect data?

Retargetly only conducts direct data collection when you access our website. In other circumstances, Retargetly does not engage in direct data collection from you but rather processes data provided by third parties, clients, and partners.

Retargetly processes data from websites and mobile applications of clients and third-party partners using cookies, pixels, or similar data tracking tools. When you access a website or app from one of our clients or partners, your data may be collected and processed to personalize your advertising experience.

Retargetly also contracts with a number of suppliers and data partners (e.g., data providers, software vendors, communication channels, advertising agencies and similar categories of partners) to receive personal data in order to deliver our Services and make our operation viable. As a result, Retargetly may process personal data collected by these partners to the extent that such personal data is necessary for the provision of the Services. We always seek to carefully evaluate third-party partners and enter into contractual obligations with them for information security and protection of personal data in order to minimize risks. We also collect data from commercially accessible public sources, which can help us gain a more comprehensive understanding of the data subjects' interests.

Additionally, when you access our website, we may also collect your browsing information as detailed in this Policy.

We adhere to best practices to ensure that all our clients and partners only collect data in accordance with applicable Data Protection Laws and verify that proper information and options are provided to all data subjects.

4. What data is collected and/or processed?

Retargetly may collect data directly through its website or when providing Services to its clients (including through its clients’ websites and apps). This includes the following categories of data:

  • URL of accessed or searched pages;
  • Referrer (web page address);
  • Page title;
  • Visit timestamp;
  • User agent (from which we infer the browser name, browser version, operating system, operating system version, device name);
  • IP address (from which we infer the ISP provider);
  • Custom events in the application;
  • Browser language;
  • GA search keywords;
  • Latitude;
  • Longitude;
  • Altitude;
  • Wi-Fi name;
  • Declared demographic data;
  • Cookie identifications;
  • Device IDs (such as IP addresses);
  • Advertising IDs (such as mobile advertising identifiers);
  • Mobile device usage data (such as used apps);
  • Location data received from your device;
  • URLs (web pages) accessed or searched;
  • Interactions with ads (e.g., views, clicks, purchases);
  • Advertising offer requests; and
  • Demographic information such as age, gender, city/region, and language.

5. For what purposes we collect and/or process data?

Retargetly provides Services that help our clients collect data and better tailor ads and advertising campaigns to the interests and preferences of data subjects on the internet. The Services provided by Retargetly offer intelligent solutions for data processing, targeting, and evaluation of advertising served for our clients and third parties, both within and outside of our Services, directly or through various partners.

Thus, the data collected and/or processed by Retargetly, without prejudice to the above, have the purpose of facilitating the execution of the following activities:

  • Frequency measurement (counting the number of times ads were viewed): This is necessary to ensure that ads are not displayed to the same data subject more than a certain number of times.
  • Click-through counting (counting the number of times ads were clicked on): This is necessary to understand which creative formats generate interest and engagement and which do not.
  • Frequency capping: Ensuring that ads are not displayed to the same data subjects more than a certain number of times.
  • Understanding the browsing behaviors of added data subjects.
  • Ad testing.
  • Conversion tracking (counting the number of times data subjects who viewed ads purchased a product or service): This is necessary to understand the overall return on investment of the ad and whether the investment in that campaign is worthwhile.
  • Advertising effectiveness measurement, through viewability: Understanding whether data subjects made purchases after seeing the ads.
  • Detection of fraud.
  • Testing and improvement of advertising campaigns.
  • Analysis of trends in e-commerce and web usage.
  • Selection of basic ads.
  • Storage and access of information on a partner device.
  • Creation of personalized ad profiles.
  • Selection of personalized ads.
  • Market research to generate audience insights.
  • Development and improvement of products and services.
  • Ensuring security, preventing fraud, and debugging.
  • Providing ads or technical content.
  • Matching and combining offline data sources.
  • Compliance with contractual obligations with clients and third parties.
  • Defense of legitimate interests, including those of third parties (clients, partners, etc.).

We may also process or share data with a third party in the event of a major corporate transaction, including for example a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all our assets, or for purposes of due diligence connected with any such transaction.

6. How do we process the data?

All data processed by Retargetly is hashed. Even if provided by any client or partner as personally identifiable data, when it enters our systems and is processed, such data is hashed. Hashing is a function that converts one value to another (masks the original data with another value). Data hashing is a common practice in computer science used for various purposes, including encryption, compression, checksum generation, and data indexing. Retargetly performs data hashing to encrypt all identifiable data within its platform.

We perform cookie synchronizations with advertising exchanges, publishers, and other partners, meaning that we receive and share cookie IDs or other pseudonymized identifiers among them. This allows us to connect audience categories with synced platforms for audience activation.

Social Media: Sometimes, we engage social media platforms (e.g., Facebook and TikTok) to display direct marketing to you on their platforms. This involves uploading data to the respective social media platform (such as email addresses or other identifiers). The platform then matches the uploaded data with its own user base. Any user matching the uploaded list is added to a group that will receive the selected marketing message. We have contractual controls in place with social media platforms to ensure they protect the data. We are not responsible for the data practices of social media platforms, and we recommend that you always read their respective privacy policies.

7. Are there other data recipients?

We provide analysis and information services to our clients and partners in the form of aggregated data, which does not include any individual Personal Data. Nevertheless, some selected clients may receive complete exports of our data at a granular level (cookie IDs, device IDs, segment IDs). We also provide data to third-party platforms that provide technology for digital advertising buying, such as demand platforms, data management platforms, and social networks, and we work with selected external data processors, for example, for audience measurement, secure hosting, or data storage providers.

We share Personal Data with our Affiliates that assist us in providing our Services. For more information on how our Affiliates process Personal Data, please see Epsilon Privacy Policy for Services. Where appropriate and justified, Personal Data may be shared with entities of the Publicis Groupe and its affiliates in France and globally.

Certain clients may have access to a customized version of our platform for the purpose of creating custom audiences or data analysis for their own clients.

We may need to make data available to other entities (located in regions such as North América, Central America, South America, India), within or outside the Publicis Groupe, that provide technical or support services, using appropriate transfer mechanisms.

8. International data transfers

As noted above, other companies within our group and some technical service providers may be located outside the country in which the data was collected. If this occurs, we have established safeguards to ensure that the data is processed in compliance with the applicable Data Protection Laws.

9. How long do we keep the data?

We retain the Personal Data we process in accordance with our data retention and disposal policy, which follows Data Protection Laws. The retention period depends on each type of data we process and its respective purpose. For example, we retain data collected through pixels, SDKs and repositories for 90 days in hot storage in our systems and then 365 days in cold storage. After 365 all data is removed.

10. Cookies

As mentioned above, one of our main data collection sources is the use of cookies. A cookie is a small set of data sent from a website and stored in the web browser of a data subject while they browse that website. Each time you access our website, the browser sends cookie information to the server to inform the website that it recognizes the data subject.

10.1. How can you manage cookies and other technologies?

If you do not want us to use your data for personalized ads from our advertisers, you can manage your data by accessing retargetly.com/opt-out  or by sending an email to this email address. If you have accepted cookies from other websites and advertising vendors, you will need to repeat the process with respect to them. Most websites and apps contain advertising, so non-personalized ads will not be affected by cookie management.

You can also delete cookies from your web browser by following the instructions provided in the "help" section of your browser. Remember that some cookies are essential for using certain website functions, so if you choose to delete all cookies, these functions may not work as expected, or you may need to accept some cookies on your next visit.

To opt-out on mobile devices, check the privacy controls of your systems.

11. Security Measures

Retargetly employs various types of security measures to ensure the integrity of data, following industry information security standards when collecting and storing Personal Data.

We have implemented technical and organizational security measures to protect the Personal Data under our responsibility, both during transmission and upon receipt. This includes physical and technical security measures to protect our Personal Data against accidental or unlawful destruction, loss, or alteration, as well as against unauthorized disclosure or access. However, please note that no method of transmitting information over the internet is entirely secure.

Data may also be stored using cloud computing technology and other similar technologies, always aiming to improve and enhance our services and security. We treat the security of your data with the utmost care, using industry-adopted standards and best practices. We have a robust team that is highly qualified and responsible for ensuring that Retargetly adopts the best security practices, including: (i) multi-factor authentication for accessing information; (ii) security as code to enable automation and quick, efficient responses to security events in the technological environment; (iii) encryption for data at rest, in transit, and in use to ensure the integrity of information; (iv) continuous monitoring of the environment; (v) ongoing analysis and testing of information security in our systems by internal and external teams; (vi) regular audits.

12. Data subject rights

Applicable Data Protection Laws grants certain rights to the data subject. In particular, you can exercise the following rights before Retargetly:

  • Confirmation of processing: You can request that Retargetly confirms whether it processes your Personal Data.
  • Access: You can request that Retargetly inform and provide the Personal Data it has regarding you, allowing you to use it as you wish, including transferring it to another company.
  • Data rectification: If you find that your Personal Data is incomplete, inaccurate, or outdated, you can request correction from Retargetly.
  • Anonymization, blocking, or deletion: If any Personal Data is processed unnecessarily, in discordance with the intended purpose, or in violation of applicable law, you can request that Retargetly anonymize, block, or delete that data, provided that non-compliance with the law is effectively established.
  • Data deletion: If you have given consent for the processing of your Personal Data, you may request the deletion of this Personal Data collected directly by Retargetly through its own website.
  • Information about data sharing practices: You can request that Retargetly inform you with which third parties it has shared your Personal Data.
  • Withdrawal of consent: If you have given your consent for the processing of your Personal Data, you can request the withdrawal of this authorization. Revoking consent may result in the inability to use certain features of platforms, websites, and applications.

If you wish to exercise any of the above rights, or any other rights that you may have, please contact our Data Protection Officer (DPO) directly at this email address. To fulfill your rights, we may request proof of your identity as a security and fraud prevention measure.

In case you are not satisfied with the data processing performed by Retargetly or the assistance in exercising your rights, you have the possibility to file a complaint with the data protection agency in your country, as appropriate.

13. Contact Us

If you wish to exercise any of your rights or if you have any questions after reading this Policy, please contact our Data Protection Officer (DPO) directly at this email address. In order to fulfill your rights, we may request proof of your identity as a security and fraud prevention measure.

14. Changes to this Privacy Policy

We may make changes to this Privacy Policy occasionally. If this happens, we will take appropriate steps to inform you, according to the significance of the changes we make, and update the date indicated at the beginning of the Policy.

15. Definitions used in this Privacy Policy

The technical nature of our Services means that we need to continue referring to complex concepts. The capitalized words have the following meanings:

“Affiliates” means any corporation which controls, is controlled by, or is under common control with Retargetly, including Epsilon (Epsilon Data Management, LLC, Conversant LLC, Citrus Ad International, Inc., EPSL Data Mexico, S.A. de C.V. and MMS Brasil Comunicação Filial São Paulo – Epsilon Brasil.

"Data Protection Laws" refers to the applicable data protection laws in the Latin American region, including but not limited to (i) the Brazilian General Data Protection Law ("LGPD", Federal Law No. 13,709/2018); (ii) the Mexican Federal Law on the Protection of Personal Data Held by Private Parties, of 2010; (iii) the Argentine Personal Data Protection Law (Federal Law No. 25,326/2000); (iv) the Chilean Privacy Protection Law (Act No. 19,628/1999); (v) the Colombian Personal Data Protection Law (Act No. 1,581/2012); (vi) Peruvian Personal Data Protection Law (Act No. 29,733/2011); (vii) Ecuadorian Personal Data Protection Organic Law from 2021; (viii) Costa Rican Law for Protection in the Handling of the Personal Data of Individuals (Law No. 8968/2011); (ix) Uruguayan Personal Data Protection Law (Act No. 18,331/2008): (x) Nicaraguan Data Protection Law (Act No. 787); (xi) Panama Data Protection Law (Act No. 81/2019); (xii) any and all applicable US laws which regulate data processing activities; and (xiii) any and all applicable national data protection laws and regulations of the respective national data protection supervisory authorities; in each case, as they may be amended or replaced from time to time.

"Retargetly" refers to Dirichlet LLC, a private legal entity established in accordance with the laws of the state of Delaware, United States of America, registered under No. 35-2616521, located at 1201 North Orange St, Suite 700 #7352 - Wilmington, 19801-1186; Bethink SRL, a private legal entity established in accordance with the laws of the Argentine Republic, registered under No. 30-71429231-1, located at La Pampa 1391, piso 1, CABA. CP: 1428; Retargetly Brasil Sistemas Ltda., a private legal entity established in accordance with the laws of the Federative Republic of Brazil, registered with CNPJ/MF under No. 13,378,973/0001-00, located at Avenida Doutor Cardoso de Melo, No. 1855, suite 61, room 5, Vila Olímpia, São Paulo, State of São Paulo, Brazil, ZIP Code 04548-005. Retargetly is a technology company that works with Big Data, offering solutions for data management and audience targeting for various businesses. It acts as the controller of the Personal Data processed as described in this Privacy Policy.

"Personal Data" means any information related to an identified or identifiable natural person. Information such as name, identification number, location data, and online identifier are considered Personal Data.

"Services" means all the services we offer to our clients as set out in Section 2 above.

16. Ley De Protección De Datos Personales de Colombia (Law 1581)

The Colombian Law on the Protection of Personal Data - Law 1581 of 2012 - is a law that protects individuals' rights to authorise the personal information that is stored in databases or files, as well as the rights of “hábeas data”, and further guiding principles of data protection, which Retargetly adheres to.

Data subjects have the following rights under Law 1581:

  • Know, update, and rectify your personal data;
  • Request proof of your authorisation for the processing of your personal data;
  • Be informed of the use made of your personal data (please also see sections 3 and 4 above);
  • File complaints before the Superintendent of Industry and Commerce regarding any breach of your legal rights;
  • Revoke your authorization and/or request the deletion of your personal data from our databases or files; and
  • Access free of charge your personal data that has been processed.

In order to exercise your rights under Law 1581, please contact us as set out in section 2 or send us an email to [email protected] and we will respond within the legally required deadlines.

In the unlikely event of a Data Breach that affects Colombian residents, Retargetly will notify the Superintendent for Industry and Commerce through the official channels provided in their website here:

https://www.sic.gov.co/que-es-la-delegatura-datos-personales

17. List of our main data processor partners

Acxiom
https://www.acxiom.com/about-us/privacy/privacy-policy-www-acxiom-com/
Boa Vista SCPC
https://www.boavistaservicos.com.br/politica-de-privacidade/
E-Planning
https://www.e-planning.net/privacy-policy.php
Equifax
https://www.soluciones.equifax.com.ar/legal#politicasdeprivacidad
Experian Information Solutions, Inc.
https://www.serasaexperian.com.br/termos-uso-politicas-privacidade
Foursquare
https://foursquare.com/privacy/policies
Kantar Media
https://www.kantarmedia.com/global/privacy-statement
Navent Media
http://naventmedia.com/politicas.php
Share This
https://sharethis.com/privacy/
StartApp
https://www.startapp.com/privacy/
Tapad
https://www.tapad.com/privacy
TransUnion Brasil
https://www.transunion.com.br/resources/transunion-br/doc/about-us/reports-policies/politica-privacidade-e-protecao-de-dados.pdf