ID5 Platform Privacy Policy

What is the ID5 Platform (or the "Platform")?

ID5 operates an identity platform for the digital advertising industry. By "Platform", we mean that we provide technology that websites, mobile apps and publishers of other internet-connected properties (such as internet-connected TV's), use to recognize users on their websites, mobile apps and other digital media properties (which we collectively refer to as "Digital Properties"), and that advertisers, or companies on an advertiser's behalf, use to target advertising to users in the most efficient way possible. Digital publishers and other "sellers" want their ads to be relevant to their readers, which helps them to offer content for no cost or lower cost. Advertisers, advertising agencies, and other "buyers" want to use their advertising dollars efficiently by reaching the right audiences, and by measuring the effectiveness of their ads. To accomplish these goals, our clients – including digital publishers and advertising technology platforms and service providers – use our Platform to more efficiently and effectively recognize their users and/or to enable their own clients to do so. ID5 is not an ad network, a media buyer or seller, or a data broker. We do not own digital properties on which we advertise, and we engage in advertising only in a limited manner for our own recruiting purposes and to advertise to other businesses (not to consumers).

What do we mean by Platform Data?

The Platform is designed to use certain types of information, that collectively we call "Platform Data". This includes information collected by our technology, products and services on the Digital Properties ("Collected Data"), which may include such information as IP address, unique browser or device identifiers, and the latitude and longitude of your device when you view a website that may want to show you an ad; (ii) information provided or uploaded to us or our Platform by our clients ("Client Data"), which typically includes a "hashed" copy of your email address ("hashing" prevents us from seeing the actual email address); and (iii) "ID5 IDs" (described below), which are random unique identifiers that we create and connect to Collected Data and/or Client Data. See "What Information Do We Collect?" below for more details on the type of information that may be included in Platform Data.

Some Platform Data (for example, cookie IDs, mobile advertising identifiers, ID5 IDs, and IP addresses) may identify a particular computer or device, and may be considered "Personal Data" or "personal information" (or another term with a substantially similar definition and obligations) in some jurisdictions, including the European Economic Area (see below on the meaning of "Personal Data" under the EU General Data Protection Regulation) and certain U.S. states. This data - which we call "Personal Data" - allows us to recognize a particular computer or device over time. We call cookie IDs, mobile advertising IDs, ID5 IDs, and other random unique identifiers "Digital Identifiers".

Our Platform is not designed to utilize information that by itself identifies an individual in the "real world", such as "un-hashed" (i.e., actual) name, address, phone number, email address, or government identifier. Instead, it is designed to utilize only Digital Identifiers that enable the recognition of a specific device or browser.

For European Jurisdiction data subjects, what is the meaning of "Personal Data" under the EU General Data Protection Regulation ("GDPR"), and what does this mean for Platform Data?

Under GDPR, "Personal Data" means any data relating to an individual who can be identified, directly or indirectly, from that data. It can take the form of a name or address, and can also extend to unique identifiers that do not tell us who an Internet user is in the "real world" but may, when combined with other information, allow the identification of an individual.

Our Platform does not rely on Personal Data that identifies you as an individual in the "real world", such as your actual, un-hashed name, email address, or phone number. When you (an Internet user) first visit a Digital Property that has integrated our technology, this triggers a request to our Platform. When this occurs, we assign an "ID5 ID" to your browser or device, which allows the Platform to recognize your browser or device the next time it visits another Digital Property that has integrated our technology. Such Digital Identifiers are considered "Personal Data" under the GDPR.

This allows our clients and certain other third parties selected by our clients to sync their own Digital Identifiers against this ID5 ID (see "ID Syncing" below) so that our clients can use their own data on other platforms that they may have associated with their own Digital Identifiers.

Glossary of Certain Terms

Browser: A browser, or web browser, is the user interface or application through which you view web Digital Properties. Examples of prominent browsers are Microsoft's Internet Explorer, Google's Chrome, Apple's Safari, and Mozilla's Firefox.

Cookie: A cookie is a small text file that is stored in a web browser by a website or Ad Server. By saving information in a cookie, websites and servers can remember preferences or recognize web browsers from one visit to another or from one website to another. Cookie IDs are Digital Identifiers.

ID Syncing: ID syncing (sometimes also referred to as cookie syncing) is a common and long-standing process in the digital advertising industry that enables advertisers to link up data from multiple advertising platforms. (In other words, it helps advertisers buy ads in more than one place and on more than one service.)

Here's an example of how ID syncing works. Let's say you sell a product on your website. A customer visits your site. Your website stores a cookie to recognize that customer's browser, and the cookie contains an ID of 12345. You then associate that ID with information about what the customer shopped for on your site. If you want to then use that information to advertise to that user, you might go to an online advertising marketplace to buy ad space. In order to buy the right ad space to show your ads to the right user, you'll need to match your ID, which is 12345, to the ID that the marketplace has assigned to the same customer (which let's say for this example is ABCDE).

The result is a record that says ID 12345 = Marketplace ID ABCDE. That way, when the marketplace offers to sell you ad space to show your ad to ABCDE, your system will know that ABCDE is the same as 12345, and you can pick the right ad to show the customer.

Interest-Based Advertising: Interest-based advertising associates a user’s activity and interest information, demographic information, geographic information, and similar information with a browser cookie or other online identifier in order to provide more useful and relevant advertising. It is sometimes also called "online behavioral advertising", "targeted advertising", "cross-context behavioral advertising" or "tailored advertising".

Mobile Advertising Identifiers: Mobile advertising identifiers (e.g., Apple's iOS Identifier for Advertising (IDFA) or Google's Android Advertising ID (AAID)) are unique IDs that are similar to cookies, but, instead of being stored on your web browser, are associated with individual mobile devices. They usually are user-resettable. Like other Digital Identifiers, Mobile advertising identifiers do not tell us who an Internet user is in the "real world", but may, when combined with other information, allow the identification of an individual. Mobile advertising identifiers are used in connection with apps on your mobile device as opposed to websites that you access through a browser.

Although the specific cookies employed on the ID5 Platform may change from time to time, this describes how and why the ID5 Platform uses cookies. These cookies enable our clients to recognize users and to see users' consent choices (including opt-out choices).

  • The Platform uses unique cookies to distinguish between unique web browsers.
  • The Platform uses cookies with non-unique values for server load-balancing and similar technical purposes.
  • The Platform uses non-unique cookies to store users’ opt-out choices.

Some browsers or other software may be configured to block third-party cookies by default.

THE ID5 PLATFORM PRIVACY STATEMENT

Last Modified: October 10, 2023

Overview

This ID5 Platform Privacy Statement (this "Privacy Statement") describes how ID5 collects, uses, shares and otherwise processes Platform Data. It describes how ID5 may enable or allow clients and third-party providers to use Platform Data, but otherwise does not apply to our clients' or other third parties' practices. If you are interested in our website privacy policy, please click here.

What information do we collect and use? The Platform is designed to collect and use only Platform Data (i.e., Collected Data, Client Data, and ID5 IDs) as described in this Privacy Statement. Details.
How do we collect information? The Platform may use cookies, pixels, tags, mobile SDKs, and similar technologies to collect and store Platform Data about web browsers and devices across websites and apps and over time. Details.
For what purposes do we use the collected information? ID5 uses the information collected on the Platform to provide, operate, manage, maintain, and enhance the Platform and allow our clients to use our Platform. This means facilitating user identification; using information for fraud detection and the prevention and detection of malicious behavior and maintaining and enhancing our products and services (including our Platform), including using information for machine learning, optimization and statistical analysis. Details.
In European Jurisdictions, on what legal basis do we process Personal Data? Where (i) you are a European Economic Area ("EEA"), United Kingdom or Switzerland (such countries, collectively with the EEA, "European Jurisdictions") data subject and (ii) ID5 is acting as a "controller" of Personal Data relating to you, ID5's legal basis for collecting and using such Personal depends on the data concerned and the specific context in which we collect or use it. With respect to Collected Data that is Personal Data in a European Jurisdiction, we generally rely on consent obtained for us by the operators of the Digital Properties that use our technology or use technology that interacts with our Platform; with respect to Client Data that is Personal Data, we rely on consent obtained by or on behalf of the particular client that provides it to us or our Platform. Details.
What information do we share with third parties? Where permitted, we provide clients access to their Platform Data that they collect, acquire, or use on the Platform, and typically they may remove it from the Platform for their own use. ID5 may also provide Platform Data to our clients and service providers for the purpose of operating, managing, maintaining, or enhancing our products and services, (including our Platform), including for the safety and security of the Platform and the online advertising industry, or as required by law. ID5 does not share the information collected via the Platform with other third parties, unless legally required. Details.
How is the information stored and how long is it kept? Platform Data is stored using generally accepted security standards. It is usually aggregated or deleted within 30-90 days, but may be retained in the Platform for up to 18 months from the date of collection before aggregation or deletion. Details.
What are your choices?

For European Jurisdiction data subjects, we are registered as a vendor with, and support, the IAB Europe Transparency and Consent Framework (the "TCF Framework"). When you visit a Digital Property, the TCF Framework is designed to enable Digital Properties - which may include our clients - to (i) choose which third parties they wish to allow to access your device and collect, use and share your Personal Data and (ii) provide dynamic transparency and choice to you about each of these third parties (e.g., an opportunity for you to consent) in connection with such Digital Property, depending on that third-party's use of your Personal Data and legal basis.

Various clients and third-party providers using our Platform may be accessing your device or collecting, using and sharing your Personal Data as independent controllers for different uses and based on different legal bases or as processors on behalf of other independent controllers.

Web browser users may opt out of the use of the Platform for interest-based advertising in their web browser. Mobile app users have access to choices provided by certain apps or in their device system software. Details.

What happens if this Privacy Statement is changed? Please check this Privacy Statement for changes. The date of the last update can be found at the top of this Privacy Statement. Material changes will not be applied to previously collected Platform Data. Details.
Questions? Please email us at privacy@id5.io.

What Information Do We Collect?

Collected Data When you visit a Digital Property (e.g., a website) that uses our technology (or that uses technology that transacts with parties using our Platform), we collect certain information about you and your device, including:

  • Information about your browser, including:
    • the type of browser
    • browser language
    • browser settings
    • cookie information
  • Information about your device, including:
    • information about the device's operating system including its version and connection type
    • device make, device model
    • mobile advertising identifiers, such as your Apple IDFA or Google AAID
    • the IP address from which the device accesses a client's Digital Property
  • Information about the Digital Properties you visit, including web pages or apps visited or used and the time those web pages or apps were visited or used.
  • Information about your Internet service, including information about which Internet Service Provider (ISP) you use.

Client Data Our clients may provide or upload to us or our Platform "Client Data", which typically includes a "hashed" email address ("hashing" prevents us from seeing the actual email address). Our clients and vendors, and our clients' third-party clients and vendors, may use their own tags, pixels, cookies, or other similar technology (or those of their other affiliates) within their advertisements and on certain Digital Properties. We are not responsible for our clients, vendors and/or our clients' third-party providers for their privacy practices, including their collection, use, and/or sharing of data and/or their use of technology on their Digital Properties or in their advertisements.

How Do We Collect Information?

  • The Platform uses cookies, pixels, tags, mobile SDKs, and similar technologies to collect data associated with particular web browsers or devices
  • We and the Platform also receive data from our clients and other third parties

How Do We Use the Information We Collect?

  • To provide products and services (including our Platform) to our clients, including in connection with ID5 IDs
  • To develop, maintain, and improve our products and services (including our Platform), including:
    • Conducting research and development, such as conducting machine learning to better optimize the efficiency of our products and services
    • Investigating, protecting against and deterring malicious activity, fake traffic or fraudulent, unauthorized or illegal activity on the Platform and on the internet
  • To compile statistics about the activities occurring on or through our Platform, including for reporting and marketing purposes

If (i) you are a data subject of a European Jurisdiction and (ii) we are acting as the controller of "Personal Data" relating to you, our legal basis for processing such Personal Data (see "What Information Do We Collect?" above) will depend on the data concerned and the specific context in which we collect or use it. With respect to Collected Data that is Personal Data of a European Jurisdiction data subject, we generally rely on consent obtained for us by the operators of the Digital Properties that use our technology or use technology that interacts with our Platform; with respect to Client Data that is Personal Data of a European Jurisdiction data subject, we rely on consent obtained by or on behalf of the particular client that provides it to us or our Platform.

If you have questions about or need further information concerning the legal basis on which we process Personal Data, please contact us at privacy@id5.io.

How and Why Do We Share the Information We Collect?

ID5 shares Platform Data with the following third parties:

  • Clients and their third-party vendors We provide ID5 IDs to our clients and, if and as elected by our clients (including, if applicable, pursuant to your choices on their Digital Properties), our clients’ third-party vendors.
    • For European Jurisdiction data subjects, our clients may utilize multiple controls to choose the third parties with whom we share your information that we collect through our clients' use of our Platform including:
      • IAB Europe Transparency and Consent Framework (the "TCF Framework"):
        • We are registered as a vendor with, and support, the TCF Framework.
        • When you visit a Digital Property on which the TCF Framework is utilized, the TCF Framework is designed to (i) allow the Digital Property to choose which third parties (e.g., vendors) they wish to allow to access your device and/or collect, use and share your Personal Data and (ii) provide dynamic transparency and choice to you about each of these vendors (e.g., an opportunity for you to consent) in connection with your visit to the Digital Property, depending on that third-party’s use of your data and legal basis.
      • Platform-provided "controls" ("Platform Controls") with respect to about third parties operating through our Platform:
        • Our Platform provides our clients with information about the other clients operating through our Platform, providing transparency for disclosure purposes and "allow-listing" capabilities – to create lists of approved companies – to control which third parties may receive, use and share your information
    • For users who are not European Jurisdiction data subjects, we provide our clients with Platform Controls, including our allow-listing capabilities, to control which third parties may receive, use, and share your information.
  • Vendors We share Platform Data with, and enable the collection of Platform Data by, our vendors (including data center providers, hosting providers, data analytics providers, and anti-fraud, technology and security providers), so that they can provide services to us, including to detect and prevent malicious activity or fake traffic and to provide analytics and reporting about our products and services. Our vendors are subject to obligations consistent with this Privacy Statement and appropriate confidentiality and security measures.
  • Legal Rights and Compliance with Law We may also disclose Platform Data in the event that we reasonably suspect malicious activity or fake traffic or when we reasonably believe it is required by law, subpoena or other legal process, including to meet national security or law enforcement requirements.
  • ID5 Affiliates We share Platform Data with other companies in the ID5 group of companies to use for any of the purposes described in this Privacy Statement.
  • Business Transfers We may transfer Platform Data to a successor entity in connection with a corporate merger; consolidation; sale of assets, equity, or business; bankruptcy; or other corporate change.

How Is Platform Data Stored, and How Long Is It Kept?

Security

  • ID5 uses generally accepted industry security standards to protect information transmitted over or stored on the Platform.
  • We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
  • We restrict access to information to employees, contractors and agents who need the information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
  • Please note, however, that no transmission or storage of information can ever be guaranteed to be completely secure. Once we receive Platform Data, we will use strict procedures and security features to try to prevent unauthorized access. Please also be mindful that we are not responsible for the security measures of third parties.

Retention

  • We never store any information longer than we need it. Platform Data is usually aggregated or deleted within 30-90 days, but may be retained in the Platform for up to 18 months for specific clients and for use for security and the detection and prevention of fraud and invalid traffic from the date of collection before aggregation or deletion. When we no longer need the information we collect, it is deleted or aggregated.
  • Aggregated anonymized information is used for reporting and analysis, and may be stored in the Platform indefinitely.
  • When third-party vendors receive information through us or clients remove their information from the Platform, their storage and retention of the removed information is governed by their own privacy policies and applicable laws, rules, and/or regulations.

What Are Your Choices?

IAB Europe Transparency and Consent Framework: We are registered as a vendor with, support, and encourage our clients to use, the TCF Framework, which is designed to provide European Jurisdiction data subjects with dynamic transparency into and choice about the various third parties used on Digital Properties on which the TCF Framework is utilized. If you are a European Jurisdiction data subject, the TCF Framework is designed to enable Digital Properties – which may include our clients – to (i) choose which third parties (which may include ID5) they wish to allow to access your device and collect, use and share your personal data and (ii) provide dynamic transparency and choice to you about each of these third parties (e.g., an opportunity for you to consent) in connection with such Digital Property, depending on that third-party's use of your Personal Data and legal basis for such usage.

ID5 Web Browser Opt Out: If you have not already chosen to do so, you may visit https://id5-sync.com/privacy to opt out of having the Platform used to enable our clients to more efficiently serve you relevant ads. When you opt out, an opt-out cookie (from id5-sync.com) will be stored in your web browser. The Platform will know the choice you have made when it sees your opt-out cookie, and will apply your choice to all companies using the Platform. If you block or delete the ID5 opt-out cookie, you will cease to be opted out with respect to the Platform and will need to perform the opt-out process again.

ID5 Web Browser Opt In: If you have previously chosen to opt out, but would now like to opt in, you may visit https://id5-sync.com/privacy to opt in to having the Platform used to enable our clients to more efficiently serve you relevant ads. This does not overwrite any consent settings you may select on a given Digital Property.

Important things to note about the ID5 web browser opt out:

  • Blocked cookies The opt-out cookie may not work if your browser is configured to block third-party cookies.
  • Deleting or protecting opt outs If you delete your cookies, you will need to opt out again. There are browser plugins to help you preserve your opt-out cookies. For more information, please visit https://www.aboutads.info.
  • Only this browser The opt out only applies to the browser profile in which you set it. For example, if you set the opt out while using Firefox, but then use Chrome, the opt out will not be active in Chrome. To opt out in Chrome, you will need to repeat the opt-out process. This is because the cookies cannot be read between different browsers or browser profiles.
  • The opt out does not block or delete cookies It also does not prevent the use of cookies or other technologies for purposes other than interest-based advertising. If you opt out, data may still be collected about your web browsing activities and you will still see advertising. Ads may be selected, for example, based on the content of the web page in which they are shown. If you wish to block or delete cookies altogether, you can use web browser settings to do so.

To access the opt outs of other online advertising companies, visit the consumer choice pages of such organizations, as follows:

Mobile App Opt Out: Mobile device system software such as Apple iOS or Google Play Services provide mechanisms that allow users to opt out of the use of information about their usage of mobile apps to deliver targeted ads to their mobile device. For more information, or to opt out using these mechanisms, consult your device settings ("Opt out of Interest-Based Ads" on Android devices and "Limit Ad Tracking" on iOS devices).

European Jurisdiction Data Subject Rights

If you are a data subject of a European Jurisdiction, you have certain rights and protections under the law regarding the collection, processing, and use of information about you. As stated above, the information we collect about you when you visit Digital Properties that use our technology may include certain identifiers that are considered "Personal Data" under European law.

If you are a data subject of a European Jurisdiction and certain requirements are fulfilled and/or under certain circumstances, you have the right: (i) to access and obtain a copy of your Personal Data; (ii) to erasure of your Personal Data; (iii) to rectification or updating of your Personal Data; (iv) to object to the processing of your Personal Data; (v) to restrict the processing of your Personal Data; and (vi) to data portability (i.e., to be provided with a copy of your Personal Data in a structured, commonly-used, and machine-readable format, and/or to have such a copy provided to a third party). If you are interested in exercising any of these rights, you may do so via our privacy web form (available by clicking here) or you may email us at privacy@id5.io. Please note that, as the process we currently use to verify/authenticate and process "Requests to Know/Access", "Requests to Delete", "Requests to Correct", and "Requests for Data Portability" requires us to recognize an online identifier, if you submit such a "Request to Know/Access" by email, it generally will require more time and at least one more step than submitting your request via the privacy web form.

In addition, you also have the right to withdraw your consent at any time. If you wish to exercise such right with respect to interest-based advertising, you can do so through the mechanisms and methods set forth above under object to the processing of your Personal Data.

Our Platform is designed to collect the minimum amount of Personal Data about you that we believe is necessary to provide our products and services. Because our Platform is not designed to collect information that directly identifies an individual, sometimes it is not feasible for us to provide individuals with information that is tied to their identities.

Also, as a data subject of a European Jurisdiction, you have the right to lodge a complaint about our processing of Personal Data with a European Data Protection Authority, in particular the Member State of your residence, place of work or alleged infringement of the GDPR. For contact details of your relevant local Data Protection Authority, please click here.

Your Rights under Certain U.S. State General Privacy Laws

Consumer Rights

If you are a resident of a U.S. state with an effective general privacy law (such as California under the California Consumer Privacy Act, including as amended by the California Privacy Rights Act (as amended, "CCPA"), and Virginia under the Virginia Consumer Data Protection Act) (each such law, a "US State Privacy Law"), you have some or all of the following rights with respect to your Personal Data, as set forth in the applicable US State Privacy Law:

  • Right to Delete: the right to request that a "business"/"controller" (each, as defined by the applicable US State Privacy Law) delete, following your verifiable/authenticated consumer request, the specific pieces of Personal Data such business/controller has collected from you.
  • Right to Know/Access: the right to request that a business/controller disclose to you, following your verifiable/authenticated consumer request, some or all of the following (based on your applicable US State Privacy Law):
    • The categories of Personal Data the business/controller has collected about you
    • The categories of sources from which the Personal Data is collected
    • The business or commercial purpose for collecting, selling, or (under CCPA) "sharing" Personal Data
    • The categories of third parties with which the business/controller shares Personal Data
    • The specific pieces of Personal Data the business/controller has collected about you
    • The categories of Personal Data about you that the business/controller disclosed for a business purpose
    • If the business/controller sells or (under CPRA) "shares" your Personal Data:
      • The categories of Personal Data that the business/controller sold or (under CCPA) shared about you
      • The categories of third parties to which your Personal Data was sold or (under CCPA) shared, by category or categories of Personal Data for each category of third parties to which the Personal Data was sold
      • The business or commercial purpose for selling or (under CCPA) sharing Personal Data
  • Right to Correct the right to request that the business/controller correct any inaccurate Personal Data that it has collected about you
  • Right to Data Portability the right to be provided with a copy of the Personal Data about you that the business/controller processes by automated means in a portable and, to the extent technically feasible, readily usable format that allows you to transmit it to another party
  • Right to Opt Out: based on the applicable US State Privacy Law, some or all of the following rights:
    • The right to direct a business /controller (as defined by the applicable US State Privacy Law) not to sell (as defined by the applicable US State Privacy Law) or (under CCPA) "share" your Personal Data.
    • The right to opt out of "targeted advertising" (as defined by the applicable US State Privacy Law), which is a type of interest-based advertising
    These opt-out rights are different from the opt-outs described above under the header "What Are Your Choices?" and does not require us to cease processing your unique ID5 ID. However, we currently effect elections to opt out of the "sale" or "sharing" of Personal Data and/or to opt out of "targeted advertising" by performing our browser opt-out process (please see below under the header "Methods of Submitting Requests").
  • Right to Non-Discrimination: the right not to be discriminated against by a business because you exercise any of your rights under your applicable US State Privacy Law, including by:
    • Denying goods or services to you
    • Charging you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties
    • Providing a different level or quality of goods or services to you
    • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services

Personal Data

To provide and operate our products and services (including our Platform), we utilize (i) Personal Data collected by our products and services on the Digital Properties ("Collected Personal Data"), (ii) Personal Data provided to us by or on behalf of our clients ("Client Personal Data"), and (iii) our ID5 IDs, which are Digital Identifiers (see table below). Even though Client Personal Data is provided to us, we may be considered to have "collected" such data under US State Privacy Laws.

We collect (and during the last 12 months have collected) the following categories of personal information, from the following categories of Personal Data, and for the following business or commercial purposes:

Categories of Personal Data Categories of Sources Business / Commercial Purposes
Identifiers (such as an online identifier (e.g., a cookie ID, a mobile advertising ID, or an ID5 ID) or an IP address)

Collected Personal Data: we collect such information from consumers via their visits to and/or interactions with the Digital Properties

Client Personal Data: we receive such information from our clients or partners

Collected Personal Data: we use such information to provide, operate, maintain, improve, and develop our products and services (including our Platform), including to create and reconcile ID5 IDs

Client Personal Information: we use such information to provide, operate, maintain, improve, and develop our products and services (including our Platform), including to create and reconcile ID5 IDs

Internet or other electronic network activity information (such as browsing history, user agent or timestamp)

Collected Personal Data: we collect such information from consumers via their visits to and/or interactions with the Digital Properties

Client Personal Data: we receive such information from our clients or partners

Collected Personal Data: we use such information to provide, operate, maintain, improve, and develop our products and services (including our Platform), including to create and reconcile ID5 IDs

Client Personal Data: we use such information to provide, operate, maintain, improve, and develop our products and services (including our Platform), including to create and reconcile ID5 IDs

With respect to Collected Personal Data, we believe that we are a "controller" or "third party" (each, as defined by the applicable US State Privacy Law) that collects such data via consumers’ visits to and/or interactions with the Digital Properties. With respect to Client Personal Data, we believe that we are a "third party", as we collect such information only from our clients and do not collect it from consumers.

We do not knowingly collect, use, or disclose sensitive Personal Data through our Platform, products, or services.

For information on how long we intend to retain each category of Personal Data, please see "How Is Platform Data Stored, and How Long Is It Kept? – Retention" above.

Disclosure of Personal Data

For purposes of applicable US State Privacy Laws:

  • "Sales"/"Sharing": we "sell" (as defined by the applicable US State Privacy Law) and/or "share" (as defined by CCPA) (and, during the 12 months prior to the "Last Modified" date at the top of this Privacy Statement, have sold and/or shared) "identifiers" (a category of Personal Data) that we derive from each of the above categories of Personal Data to our clients in connection with their (and their respective clients’) advertising activities, including cross-context behavioral advertising and targeted advertising (each, as defined by the applicable US State Privacy Law); however, we do not knowingly sell or share the Personal Data of children under the age of 16 without required affirmative authorization; and
  • "Disclosures for a Business Purpose": we disclose (and have disclosed during the 12 months prior to the "Last Modified" date at the top of this Privacy Statement) each of the above categories of Personal Data for a "business purpose" (as defined by CCPA) to "service providers"/"processors" (each, as defined by the applicable US State Privacy Law) that perform certain services on our behalf, such as data center providers, hosting service providers, and data analytics providers, and anti-fraud, technology and security providers.

Methods of Submitting Requests

If you are a resident of a U.S. state with an effective US State Privacy Law, you may submit requests to exercise your "Right to Know/Access", your "Right to Delete", your "Right to Correct", and/or your "Right to Data Portability" via any of the following methods:

Please note the following:

  • As the process we currently use to verify/authenticate and process "Requests to Know/Access", "Requests to Delete", "Requests to Correct", and "Requests for Data Portability" requires us to recognize an online identifier, if you submit such a "Request to Know/Access" via the telephone number listed above, it generally will require more time and at least one more step than submitting your request via the web form.
  • If you are opted out of interest-based advertising on the applicable web browser, we may not be able to verify/authenticate or process your "Request to Delete", your "Request to Know/Access", your "Request to Correct", or your "Request for Data Portability", since we may have no reasonable method of connecting your request with the Personal Data we previously collected about you.
  • If we notify you that we were unable to verify/authenticate your "Request to Delete", your "Request to Know/Access", your "Request to Correct", or your "Request for Data Portability", you may appeal our determination by emailing us at privacy@id5.io and indicating why you disagree with our determination (including by providing additional information to support your request).
  • Because (i) our Platform is designed to collect the minimum amount of Personal Data about you that we believe is necessary to provide our products and services and (ii) our Platform is not designed to collect information that directly identifies an individual, it is generally not feasible for us to provide individuals information that is tied to their identities.
  • If we utilize "de-identification" to comply with a "Request to Delete" or similar obligation with respect to Personal Data, we will maintain and use such data in de-identified form and will not attempt to re-identify such de-identified data.

If you are a resident of a U.S. state with an effective US State Privacy Law, you may exercise your applicable US State Privacy Law "Right(s) to Opt Out" via the following method(s):

  • By web form, available by clicking here
  • Via the "Global Privacy Control" user-enabled "universal opt-out mechanism", if such a universal opt-out mechanism is legally required as a method of opting out by the applicable US State Privacy Law (for more information regarding Global Privacy Control, please visit the Global Privacy Control website: https://globalprivacycontrol.org/)

Please note that we currently affect US State Privacy Law opt-out rights elections by performing our web browser opt-out process, which results in an opt-out cookie (from id5-sync.com) being stored in your web browser. Such elections – including through the Global Privacy Control user-enabled "universal opt-out mechanism" – will be processed only with respect to the applicable web browser. For more information about such opt-out, please see "What Are Your Choices? – Important things to note about the ID5 web browser opt out" above.

Authorized Agents

If you are a resident of a US state with an effective US State Privacy Law, if and as required by that US State Privacy Law, you may use an "authorized agent" to submit requests to exercise your "right to know/access", your "right to delete", your "right to correct", your "right to data portability", and/or your US State Privacy Law "right(s) to opt-out" (as applicable) on your behalf under that US State Privacy Law. Your authorized agent will need to provide us with a copy of a written permission that is signed by you and indicates that you have provided such authorization.

"Do Not Track"

ID5 has not yet developed a response to browser "Do Not Track" signals, and we do not change any of our data collection practices when we receive such signals. We will continue to evaluate potential responses to "Do Not Track" signals in light of industry developments or legal changes.

While we do not support "Do Not Track" signals, we do honor opt-out preference signals received from Global Privacy Control as the applicable California consumer’s election to opt out of the sale and/or sharing (each, as defined by CCPA) of their Personal Data, to the extent technically feasible.

For more information on your privacy choices, please see "What are your choices?" above and also above in this "Your Rights under Certain U.S. State General Privacy Laws" section.

Advertising Industry Self-Regulation

ID5 supports advertising industry self-regulation, and endorses best practices and self-regulatory requirements that apply to the advertising industry. To learn more about interest-based advertising and industry self-regulation, please visit any of the following organizations:

Global Operations and Personal Data Transfers outside the EEA

ID5 is a global company headquartered in the United Kingdom with data centers located in the EEA. If you are a European Jurisdiction data subject and access any of the Digital Properties that use our technology, please be aware that your Personal Data may be transferred to, stored and processed by us and our affiliates in our facilities in the EEA, the United Kingdom and other countries, and by those third parties with whom we may share your information.

Countries outside the EEA may not be deemed by the European Commission to provide an adequate level of data protection for your Personal Data or to have data protection or other laws as comprehensive as those in EEA countries. We will, however, ensure that where ID5 group companies receive Personal Data of EEA data subjects outside the EEA, or provide Personal Data to third-party service providers outside of the EEA, appropriate data protection safeguards are in place (such as "standard contractual clauses").

What Happens if this Privacy Statement is Changed?

Please check this page for changes, as we may change this Privacy Statement at any time. If we make changes that we believe are material, those changes will not be applied to information collected prior to the date the changes went into effect.

Contact Information

If you have any questions about this Privacy Statement or our data protection practices, or if you would like to contact our data protection representative, please feel free to contact us by email to privacy@id5.io or by postal mail to the following address: ID5 Technology Ltd, 15 Bishopsgate, London EC2N 3AR, United Kingdom.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

ID5 Platform Privacy Policy v3.0