Privacy Notice

Effective Date: January 1, 2020

Xaxis is firmly committed to protecting user privacy and fostering user confidence in the Internet and digital advertising. We continually evaluate innovative ways to protect user privacy while also seeking to deliver relevant advertising and custom online experiences on behalf of our clients.

What is in this Privacy Notice?

This Privacy Notice describes the information Xaxis collects from web sites, applications, and other digital properties (we refer to all of these as “Sites”), and on the Xaxis corporate web site, www.xaxis.com (“Xaxis Web Site”). We explain how we use this information to provide “Services” to our clients. We also explain how you can manage your privacy choices and exercise your rights in relation to certain data about you that is collected and used by Xaxis.

For purposes of this Privacy Notice, “device” includes computers, smartphones, tablet computers, e-readers, connected television and/or over-the-top television devices (“OTT TV Devices”) and other digital devices capable of maintaining an Internet connection; and “mobile device” includes smartphones and tablet computers.

Who are we?

Xaxis is a business which operates globally as part of the GroupM media investment group. In the European Economic Area (“EEA”) and Switzerland, through its Xaxis EMEA division, the legal entity responsible for the data that Xaxis collects is GroupM UK Digital Ltd. Outside of the EEA and Switzerland the responsible legal entity is Xaxis, LLC. Except as expressly stated otherwise, the use of information by our non-Xaxis affiliates, our clients, our service providers, and other third parties is not covered by this Privacy Notice.

If you have any questions, including any request to exercise any of your legal rights outlined below, please see the “Contact Us” section at the bottom of this Privacy Notice.

Section 1: Xaxis Services

Xaxis Services

Xaxis does not provide its advertising-related services (“Services”) directly to consumers. Instead, our clients are corporate businesses, including advertisers and agencies. Our clients include other GroupM and WPP group companies, which in turn perform advertising-related services for their own clients.

Our clients use our Services, on their own behalf and/or on behalf of their own clients, to help them understand the advertising they deliver online (e.g. what sites it was delivered on, who saw it and whether or not anyone interacted with it) and to improve the effectiveness of that advertising. We also help them to try to deliver advertising to consumers who are more likely to be interested in their products and services.

When we help clients to select audiences to deliver their advertising to, we use certain demographic information (such as age, gender, education, income and household status (e.g., number of children)), geography (but not precise location), interests, activities, and similar information (“User Information”). We call this type of advertising "Interest-Based Advertising".

For example, if we think that a user is interested in mobile phone options, then our Services may help our clients deliver Interest-Based Advertisements to that user about a particular type of mobile phone product or service, as follows:

What Categories of Information Do We Collect Through Provision of Our Services

When you view and interact with Sites and with advertisements where our Services are utilized, we do not collect data that reveals your real-world identity, such as your name, address, phone number or other non-publicly available government-issued identifiers.

Rather, our Services are designed to collect and/or use information about the type of web pages you visit and about interactions you have with Sites and with our clients’ advertisements. We also collect information that identifies the browsers and devices of users who have viewed our clients’ advertising. This information includes the following categories of data:

Technical Identifiers

These can be used to identify a user’s browser, mobile advertising environment, and/or device. Technical Identifiers include:

Cookie IDs
Mobile advertising IDs (e.g., IDFAs and Google Advertising IDs)
OTT TV Device Identifiers for Advertising (a unique ID assigned by an OTT TV provider)
Our affiliate [m]PLATFORM’s “[mP]ID” (a randomly generated, unique pseudonymous ID that [m]PLATFORM associates with a user’s browser)

Additional Technical Information

Internet protocol address (“IP address”) and data derived from an IP address, such as non-precise geolocation data that indicates the country, region, city, and/or postal code of a device
Type of Internet browser, browser language, and operating system
Connection type (wired or Wi-Fi), network to which the device is connected, and mobile carrier (if available)
Longitude/latitude of a mobile device, which we truncate prior to storage in order to render it imprecise

Online Activity Information

Xaxis collects the information explained below about your online browsing activity to determine what types of activities, services and products you and other users may be interested in and how you and other users interact with certain advertisements. This information includes:

Internet domain level information and/or content topics about the Sites and pages viewed (i.e., in order to ascertain interests)
Site/page you came from before viewing an advertisement
Date and time of online activity
Frequency of visits to a Site
Search terms used on a Site
Interaction with an advertisement (e.g., whether you click on an advertisement)

How We Collect Information through Our Services

We collect information and receive information on behalf of our clients about you when you visit the online properties of the advertiser clients for whom Xaxis provides services or third-party publishers (e.g., news sites). In order to do this, we use cookies, advertising IDs, pixels, and other technologies. Here are some explanations of these terms:

Cookie	is a small alphanumeric text file that is stored in a browser by a web site or by a third-party ad server or other third party which allows that web site or third party to recognize that browser and remember User Information and other information. Xaxis utilizes third-party targeting cookies of its affiliate [m]PLATFORM, which are named “Mookie” and operate on the mookie1.com domain. Mookie cookies are persistent cookies that contain unique randomly-generated values that enable our Services to distinguish browsers and devices and are associated with User Information and other information. Mookie cookies, together with this associated information, are used in the performance of our Services, and in particular Interest-Based Advertising activities.
Advertising ID	is an alphanumeric identifier made available by a platform or operating system (such as Apple iOS or Google Android) that allows application developers and third parties to recognize a particular device in an application environment. It is associated with User Information and other information and, together with this associated information, is used in the performance of our Services, and in particular Interest-Based Advertising activities.
Pixel	is a line of code that is used by a Site or third party to assign online activities to a device or browser, or more specifically to the applicable cookie or advertising ID. The use of a pixel allows us to record, for example, that a device or browser has visited a particular Site or page.

The following chart provides information about the Mookie cookies, all of which are “persistent” cookies (meaning they are stored until they expire or are deleted/removed by a user) mapped to the mookie1.com domain:

Cookie Name	Cookie Behavior Capability			Information held in Cookie	Expiry from last refresh (days)
Cookie Name	Targeting (client data)	Targeting and Optimization (user data)	Reporting Attribution and Security	Information held in Cookie	Expiry from last refresh (days)
id	Y	Y	Y	Unique serial number	395 days
ov	N	N	Y	Unique identifier	395 days
mdata	Y	N	N	Unique serial number, Creation timestamp, cookie version	395 days
syncdata_<PARTNER>	Y	N	N	Unique serial number, Creation timestamp	10 days

Categories of Sources of the Information We Use User Information Received From Third Parties We receive both online and offline User Information collected by third parties, including our affiliate [m]PLATFORM, which may include demographic and interest information for use in our Services. The third parties include our clients and carefully selected partners and service providers. When we receive offline User Information, this information is provided to us via a partner or service provider in conjunction with a cookie ID, advertising ID, or similar user ID that identifies a user to us, the client, or partner/service provider (through a process called “cookie syncing”), but we do not receive users’ names, mailing addresses, phone numbers, email addresses or similar data that would enable identification of a particular individual connected with these IDs. How We Use This Information Xaxis processes the information it collects and receives for the purposes of providing the Services to clients as explained above, as well as for administrative, security and compliance purposes. Specifically, we carry out the following activities: Ad Selection, Delivery, Reporting We analyze the information collected when client advertising is delivered using our Services and information received from our partners. We organize this information into collections of IDs (which we call segments), based on various components of the User Information we explained above. For example, we may have segments of IDs that visit sports Sites. Our clients can then use our Services to use these segments to deliver Interest-Based Advertising on their own behalf or on behalf of their clients, using our partners and service providers. This advertising may be delivered across devices. We may also integrate (and use for the same purposes) User Information obtained from other carefully selected companies (including Site owners, data providers and data aggregators). We also make use of the internal identifier of our affiliate [m]PLATFORM, called “[mP]ID”. We use the [mP]ID to associate information relating to browsers, environments and/or devices that we, or [m]PLATFORM, reasonably believe belong to the same user. This helps us to provide more useful and relevant advertising to a specific user, regardless of the browser, environment or device they are using. While Xaxis does not knowingly create segments that are based upon what we consider to be sensitive information (e.g. we do not create segments based on sensitive health categories under the NAI Code or segments of EEA users based on personal data considered to be sensitive in the EEA, such as personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, personal data concerning your health, sex life or sexual orientation, or genetic or biometric data), our clients may use our Services to process some sensitive data, which may come from our clients’ Sites or our partners. We take steps designed to ensure that this is done in compliance with applicable laws and self-regulatory guidelines, including through our contracts and policies with our clients and partners. Personalization In order to provide our client-specific personalization Services, we:

collect information on each client’s Sites (this includes websites, apps, and other digital properties) – as described above in “How We Collect Information through Our Services”;
access or store this information on devices (via cookie IDs and advertising IDs, as applicable); and
analyze the information collected, sometimes with other information received from the client and organize it into segments of IDs, based on the various User Information.

Our clients can then use these segments to deliver, on their own behalf or on behalf of their clients, Interest-Based Advertising to users on their devices (this is through a variety of means). Where we are providing this client-specific personalization, the segments that we build for one client are logically segregated from the segments and data of other clients. Data collected in this way, and the segments produced, can only be used on behalf of that specific client. Measurement We process User Information to deliver advertisements and measure the delivery of these advertisements, to learn about what factors make advertising successful or unsuccessful for advertisers and to generate reports to understand and improve Service usage and advertising effectiveness. Storage and Access of Information In order to provide our Services, we store Mookie cookies on the browser(s) of individuals to whom we have delivered advertising and then recognize the Mookie cookies when that browser(s) is used to access websites of our clients and publishers we work with. Sites on which we are dropping and/or reading, or seek to drop and/or read, Mookie cookies should tell you about the use of third-party cookies (and, in particular, Mookie cookies specifically, where required by law), on those Sites. In the data feeds we receive from our partners in connection with the delivery of digital advertising in mobile application environments we also receive advertising IDs associated with users’ mobile device platforms/operating systems and recognize these advertising IDs. We use the information collected and received for Interest-Based Advertising, such as:

Matching Data to Offline Sources – as indicated above under “User Information Received From Third Parties”:
- We receive offline User Information, including demographic and interest information, from other companies, including our clients, partners and service providers, that is collected outside the Services and is provided to us for use in our Services. It is the responsibility of those companies collecting that data to do so in an appropriate and legal way, and to permit sharing that information with us for our purposes.
- When we receive offline User Information, this information is provided to us via a partner or service provider in conjunction with a cookie ID, advertising ID, or similar user ID that identifies a customer or consumer to the client or service provider.
- We do not receive any names, mailing addresses, phone numbers, email addresses or similar data that would enable identification of a particular individual connected with the IDs we receive.
Linking Devices – we make use of the internal [mP]ID identifier of our affiliate [m]PLATFORM to associate information relating to browsers, environments, and/or devices that [m]PLATFORM or we reasonably believe belong to the same user, in order to help provide more useful and relevant advertising regardless of browser, environment, or device.
Precise Geographic Location Data – when we have the necessary rights to do so, we may receive and/or use a user’s precise geographic location data for the purpose of bidding on and/or delivering “moment in time” advertising. Xaxis does not store or otherwise save precise geographic location data.

Disclosure of Information to Third Parties Xaxis shares information we collect about you (see “What Categories of Information Do We Collect Through Provision of Our Services” above), and information derived from it, to our clients, affiliates, partners and service providers that perform services and functions on our behalf and/or on behalf of our clients, such as companies that are responsible for the actual delivery of Interest-Based Advertising – including demand-side platforms, advertising networks, advertising exchanges, and ad servers - and has done so in the preceding 12 months. We do not collect users’ names, mailing addresses, phone numbers, email addresses or similar data that would enable identification of a particular individual through our Services. However, if you decide to provide data that would enable identification of a particular individual via one of our clients’ advertisements or Sites, then that information will be received by that client and will be subject to that client’s privacy policy. Our service providers are generally not permitted to use non-aggregated information we disclose to them for any purpose other than providing services to us or our clients. If we reasonably believe we are obliged by law or legal process to disclose information to a third party (including law enforcement), then we will do so. In addition, we may disclose information to a third party (including an auditor or other service provider). Our affiliate [m]PLATFORM operates and maintains a proprietary data management platform that we and other affiliates may use in order to provide services. The information we disclose to [m]PLATFORM may be used by mPlatform and such other affiliates not only to provide our services to us and our clients, but also to provide services to those affiliates and their respective clients. Xaxis does not engage in the sale of personal information. Opt-Out/Right to Withdraw Consent You may opt out of Xaxis Interest-Based Advertising through several mechanisms. If you opt out, you will still see ads, but those ads are less likely to have anything to do with products or services you care about. With Interest-Based Advertising, you receive ads and offers that are more likely to be of interest to you. You may choose not to receive customized third-party advertisements via Mookie targeting cookies on the browser you are using by clicking below. If you do this, your third-party Mookie targeting cookie will be replaced with a set “opt-out” cookies. Any Interest-Based Advertising data linked to the replaced third-party Mookie targeting cookie will not be used for Interest-Based Advertising on that device or browser. If you use multiple browsers or devices and wish to limit the data that Xaxis collects and do not wish to receive Xaxis Interest-Based Advertising on any of them, you must opt out from each browser and device individually.

Our opt-out cookies are programmed to expire ten years after they are initially issued. If you buy a new device, upgrade or change web browsers or clear your cookies (i.e. delete these opt-out cookies), you will need to perform the opt-out process again. In order for the opt-out process to work, your browser must be set to accept third-party cookies. If cookies are not enabled in your browser, including if third-party cookies are disabled, or if you use certain ad-blocking tools, our opt-out mechanism may not work properly.

In browser environments, you may also refuse or remove cookies from both Xaxis and other service providers via the following methods:

Adjusting your browser settings to refuse or remove cookies, which would result in the elimination of Interest-Based Advertising via cookies from Xaxis and from other providers. However, by doing so, you may not be able to use certain features on certain web sites you visit or take full advantage of all web site offerings and Interest-Based Advertising. You may refuse or remove cookies by following the directions provided in your browser settings. Further information about cookies is available ataboutcookies.org, www.youronlinechoices.com and http://www.aboutads.info/consumers#cookies.

Adjusting the cookie settings at the level of the web site owner where you granted us your consent to our cookie usage; cookie settings options may vary by web site owner.
Opting out of Interest-Based Advertising via Mookie targeting cookies, as well as the targeting cookies of other service providers, at the following Sites:

- networkadvertising.org/choices/
- http://www.aboutads.info/choices/
- http://youradchoices.ca/choices/
- youronlinechoices.com(by clicking the “Your ad choices” link after selecting the appropriate country)

You may also limit ad tracking in mobile and OTT TV Device app environments. For the most effective and up-to-date methods for doing so, you should consult instructions provided by those device manufacturers. The following information is solely for informational purposes, and we cannot guarantee that the methods below are the most current:

Going to the privacy setting on your mobile device as well as on your OTT TV Device and selecting “Limit Ad Tracking” via your device settings, which will result in the elimination of Interest-Based Advertising via the applicable advertising ID from Xaxis and from other providers in addition to Xaxis:
Opting out of Interest-Based Advertising via the applicable advertising ID from Xaxis and/or other providers via the AppChoices app. Please note that, in order for the AppChoices app to function properly, your “Limit Ad Tracking” device setting must not be selected. Interest-Based Advertising data previously collected or received in association with the replaced advertising ID will not be used via Xaxis for Interest-Based Advertising on any other device or browser that we have reasonably linked to the mobile app environment where the information was collected. Additional information regarding the AppChoices app is available at http://youradchoices.com/appchoices.

Additional information regarding user choice in application environments is available at www.networkadvertising.org/mobile-choices.

Memberships

Network Advertising Initiative

We are a member of the Network Advertising Initiative (NAI) and adhere to the NAI Code of Conduct in those markets where these self-regulatory frameworks apply and are in effect. In accordance with the Code of Conduct, we require our Xaxis Marketplace (formerly Xaxis Publisher Network and 24/7 Access) clients to inform users about their privacy and information collection practices via their privacy policies and to include in their privacy policies information regarding the use of third-party advertising technology and services on their Sites, the types of data collected through these services, the use and distribution of that data, and a link to an industry standard opt-out from Interest-Based Advertising. We periodically monitor the Sites of our clients to determine whether they are adequately disclosing and updating their privacy statements.

We fully support the digital advertising industry’s efforts to increase transparency in the area of Interest-Based Advertising and health segments. For more information on standard interest segments based on health-related information or interests that we may use for Interest-Based Advertising purposes, please click here.

You can also click here to reach the Network Advertising Initiative site, a central location for information about Interest-Based Advertising and the choices available to you, and to opt out of receiving third-party Interest-Based Advertising via cookies from us and other NAI member companies.

Digital Advertising Alliance, European Interactive Digital Advertising Alliance, and Digital Advertising Alliance of Canada

We are a member of the Digital Advertising Alliance (DAA), the European Interactive Digital Advertising Alliance (EDAA), and the Digital Advertising Alliance of Canada (DAAC) and, in connection with these memberships, adhere to the DAA Self-Regulatory Principles, the IAB Europe EU Framework for Online Behavioural Advertising, and the DAAC’s Canadian Self-Regulatory Principles for Online Behavioural Advertising, respectively, in those markets where the applicable self-regulatory framework applies.

Enhanced Notice

Xaxis supports deployment of the Advertising Option icons (AdChoices and, where available, AppChoices) as part of its participation in the DAA’s self-regulatory framework (in the United States), the IAB Europe OBA Framework for Online Behavioral Advertising (in Europe), and the DAAC’s Canadian Self-Regulatory Principles for Online Behavioural Advertising (in Canada). Advertisements that are provided by organizations that participate in these frameworks will display the icon displayed below when technologically feasible. Clicking on the icon provides you with information about Interest-Based Advertising.

You can click here to reach the DAA site, which has additional information about Interest-Based Advertising and the DAA’s self-regulatory framework, as well as a mechanism to opt out of receiving third-party Interest-Based Advertising via cookies from us and other DAA member companies.

Children’s Privacy

Neither the Services nor the Xaxis Web Site is developed for, or directed at, children (as defined by applicable law) or at Sites primarily directed to children. We do not knowingly collect information from children (determined in accordance with the age requirements for the applicable country) nor do we sell the personal information of children under the age of 16 years of age. If you believe a child has provided us with personal information and you would like to have the information removed, please contact us using any of the methods set forth below in the “Contact Us” section.

Transfer of Data in the Event of Acquisition

In the event that another company acquires all or substantially all of the assets of our business through a consolidation, merger, asset purchase, corporate reorganization, or other transaction, we reserve the right to transfer all information (including any information a user may have provided through our “Contact”/“Contact Us” page on the Xaxis Web Site) that is in our possession or under our control to the acquiring party.

Information Security and Global Data Transfers

We follow generally accepted online advertising industry standards to protect against unauthorized access to, unlawful processing of, unauthorized retention of, and unauthorized disclosure of data. These standards include undertaking necessary physical, electronic, and management activities required to protect data integrity, access, and use. Please keep in mind, however, that despite these efforts to protect data on our servers, no method of transmission over the Internet is guaranteed to be secure.

Xaxis Services are used globally, and therefore we may transfer data to countries around the world, including countries outside of your country. We will, where necessary, put in place appropriate safeguards to ensure this data is protected. When we transfer personal data from the EEA or Switzerland to an affiliate outside the EEA or Switzerland, we enter into standard (“model”) contractual clauses, with the recipient in order to ensure an appropriate level of data protection. When we transfer personal data from the EEA or Switzerland to an unaffiliated entity (such as a service provider performing services on our behalf) outside the EEA or Switzerland, we either enter into standard (“model”) contractual clauses, or ensure that the transfer is pursuant to another valid mechanism, such as the service provider being certified under the EU-U.S. Privacy Shield Framework.

Data Retention

We maintain the information we collect through our Services in non-aggregated form for a period of not more than 13 months, and we retain much of this data for shorter periods of time. This data includes domain level information, content topics, ad interactions, browser type and language settings. We maintain this information for the 13-month period to enable our clients to perform year-over-year analyses. For example, a retailer may wish to compare the effectiveness of its online advertising activities at Christmas for the current year vs. the effectiveness in the prior year. A 13-month retention period enables that client to perform such comparison.

We maintain information we collect through our Services in an aggregated form for a period longer than 13 months.

Section 2: Xaxis Web Site

How Information is Used and Shared on the Xaxis Web Site

We respect the privacy of users of the Xaxis Web Site, and recognize that when you choose to provide us with information about yourself, you trust us to act in a responsible manner with that information. This section contains important information about how we use information collected via the Xaxis Web Site and how you can manage your privacy choices and exercise your rights in relation to certain data about you that is collected via the Xaxis Web Site.

What Information Do We Collect and Use?

When you use the Xaxis Web Site, we may collect and use the following information:

Information (which may include personal information such as name, address, email address, and telephone number) provided by you when you submit your CV or a job application to us or request information from us; and/or
Technical identifiers that can be used to identify an individual’s browser, mobile advertising environment, and/or device, which may include IP address and/or cookie IDs.

If you provide us information through our “Contact”/“Contact Us” page on the Xaxis Web Site, we may keep a record of the information you provide, including your email address and any other personal information you provide, solely for the purposes of responding to your inquiry or providing you with relevant material and, where you have consented, with marketing communications about our products and services. We may disclose this personal information to third party marketing automation service providers solely for those purposes; those service providers are not permitted to use this information for any purpose other than providing services to us.

How Do We Use the Information We Collect on the Xaxis Web Site?

Xaxis uses this information in the following ways:

To provide you with information that you have requested;
To respond to specific queries you may raise regarding Xaxis, its business, the services it provides to clients, including its group companies;
To improve the content, speed, and security of the Xaxis Web Site; and/or
To process and consider your CV and/or job application

Do We Pass Your Information to Third Parties?

We may send your information (including your personal data) to our affiliate GroupM, service providers and other third parties (as set out in Section 1, Disclosure of Information to Third Parties) to help us process that information for the purposes set out in this Section 2. In addition, in the event that another company acquires all or substantially all of the assets of our business through a consolidation, merger, purchase, or other transaction, we reserve the right to transfer your information (including your personal data) to the acquiring party.

We also may disclose your information (including your personal data) to third parties, including law enforcement, when we reasonably believe we are required to do so by law, and in order to investigate, prevent, or take action regarding suspected or actual unlawful or otherwise prohibited activities, including, but not limited to, fraud and situations involving potential threats to the physical safety of any person.

How Do We Use Your Information for Marketing?

We will only provide you with marketing information that you have requested.

Where Do We Send Your Information?

We are a global company and therefore we may transfer your information (including your personal data) to countries around the world, including countries outside of your country. We will, where necessary, put in place appropriate safeguards to ensure your information is protected. When we transfer personal data from the EEA or Switzerland to an affiliate outside the EEA or Switzerland, we enter into standard (“model”) contractual clauses with the recipient in order to ensure an appropriate level of data protection. When we transfer personal data from the EEA or Switzerland to an unaffiliated entity (such as a service provider performing services on our behalf) outside the EEA or Switzerland, we either enter into standard (“model”) contractual clauses, or ensure that the transfer is pursuant to another valid mechanism, such as the service provider being certified under the EU-U.S. Privacy Shield Framework.

How Do We Keep and Protect Your Information?

We will keep your information that we collect on the Xaxis Web Site for a reasonable period for the purposes set out above in this Section 2. We follow generally accepted online advertising industry standards to ensure that your personal data disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. These standards include undertaking necessary physical, electronic, and management activities required to protect data integrity, access, and use. Please keep in mind, however, that despite these efforts to protect data on our servers, no method of transmission over the Internet is guaranteed to be secure.

Linking to Other Sites

The Xaxis Web Site links to third-party Sites. A link from any of our own Sites to another Site does not imply our endorsement of that Site. We do not control the Sites to which we link and are not responsible for their content or their privacy policies or practices. These Sites may use cookies, pixels, and other technology, and collect your information in accordance with their own privacy policies. Therefore, you should carefully review the privacy policies that apply to any Sites you access from the Xaxis Web Site.

Use of Cookies on the Xaxis Web Site

A cookie is a small alphanumeric text file that is stored in a browser by a website or third-party ad server or other third party which allows that website or third party to recognize that browser and remember User Information and other information. (For more information on cookies, please see Section 1 above.) We use cookies on the Xaxis Web Site to improve the content, speed, and security of the Xaxis Web Site, and to allow you to share pages with social networks.

Managing Cookies

For information on how to opt out from, or manage, Xaxis cookies and/or cookies from both Xaxis and other service providers, please see the “Opt-Out/Right to Withdraw Consent” subsection in Section 1 above.

SECTION 3: STATE AND COUNTRY-SPECIFIC INFORMATION; CONTACTING US

EEA and Switzerland

Legal Bases for Processing Information

We collect, use, share, and/or transfer personal data of individuals in the EEA and Switzerland only when we have a lawful basis for doing so, which typically entails user consent or our legitimate interests.

Where required by applicable law we only deliver Interest-Based Advertising to individuals who have provided consent for that activity.

To the extent we rely on your consent, which may be provided either directly to us or via a third party, to use your information in certain ways, we will process your personal data within the scope of that consent.

In our capacity as a data controller we intend to rely on consent as a lawful basis for all “Purposes” under the IAB Europe’s Transparency & Consent Framework other than “Measurement” (which Purpose includes measurement, analysis, and reporting with respect to the applicable personal data). In connection with such Purpose, when we process data for measuring the delivery of advertising or analyzing its effectiveness we have a legitimate interest in understanding that our suppliers have delivered the advertising that they have contracted to deliver. In addition, we believe that advertising clients have a legitimate interest in understanding whether or not their advertising is delivered and whether it is effective. We believe these activities are fundamental to online advertising but do not result in any decisions which affect individuals.

If you are in the European Union, you have the right to object to any of this processing. If you want to object, please click here.

Rights of Individuals in the EEA and Switzerland

Individuals in the EEA and Switzerland have a number of rights with regard to their personal data, including the right to access their information. For these users, in many cases where we process your personal data, you may also have a right to restrict or limit the ways in which we use that personal data.

In certain circumstances – for example, where we process your personal data for directing marketing purposes or pursuant to our legitimate interests – you also have the right to object to the processing of your personal data by us, and you can also request that we delete your personal data. You also have a right to obtain a copy of your personal data in an easily accessible format, and in certain circumstances, you may also request to transfer personal data about you to third parties. We don’t retain and store your actual browsing activity history in association with a Mookie cookie ID or a mobile advertising ID. Instead, we use an “aggregate scoring” methodology that categorizes the Sites you browse and then use combinations of these categorizations to create segments and deliver Interest-Based Advertising. As a consequence, we are unable technically to offer the ability for you to change individual elements of data that lead to the segment allocation simply because we do not retain them. If you believe that we hold or have used inaccurate personal data elements about you, please note that you have the right to withdraw your consent to our processing of your personal data at any time.

If you have questions about any of these rights, please contact us. You should also contact us if your personal data or preferences change, if you don’t want us to send you the information you previously requested, or if you have any queries about how we use your personal data.

Without limiting any other rights you may have, you also have the right to lodge a complaint against us with a supervisory authority in the EU Member State where you are based or in which we are based. Click here to find your local supervisory authority.

Information Received from Market Research Companies in the Netherlands

If you have provided consent to market research companies in the Netherlands to disclose your panel data to Xaxis, then, based on the scope of such consent: we may receive User Information and other information, including panel IDs, from such companies; and we may use this information only for purposes of research and analysis, campaign optimization, advertising customization, and reporting on the effectiveness of online advertising campaigns.

California

Section 1798.83100 of the California Civil Code provides residents of California with additional rights with regard to their personal information. If you are a California resident, you may exercise the following rights regarding your personal information, subject to certain exceptions and limitations:

The right to know about the personal information which we collect, use, disclose and/or sell	You have the right to request that we disclose to you the categories and specific pieces of personal information we collect, use, disclose, and sell about you, the categories of sources from which we collected your personal information, our purposes for collecting or selling your personal information, the categories of your personal information that we have either sold or disclosed for a business purpose, and the categories of third parties with which we have shared personal information.
The right to delete personal information which we have collected from you (subject to certain exceptions)	You have the right to request the deletion of personal information that we collect or maintain about you.
The right not to receive discriminatory treatment for the exercise of CCPA rights	Xaxis does not discriminate against you if you choose to exercise your CCPA rights.

How to Exercise Your CCPA Rights

To submit a request to exercise any of these rights, please contact us by email at privacy@xaxis.com or by mail to Xaxis, 175 Greenwich Street, 3 WTC, 30th Floor, New York, NY 10007, USA, Attn: Privacy/Legal Department. In any request you submit, you should include clear instructions regarding the information and/or actions you are requesting.

In order to process your request, we may need you to provide additional information to allow us to verify your identity or the authority of any third party submitting the request on your behalf. We do this as a security precaution and to ensure that we do not disclose personal data to the wrong person.

Direct Marketing

Pursuant to Section 1798.83 of the California Civil Code, residents of California can obtain certain information about the types of “personal information” that companies with whom they have an established business relationship have shared with third parties for direct marketing purposes during the preceding calendar year. To request a list of companies, if any, to which Xaxis has provided personal information for its own marketing purposes, please contact us through email at privacy@xaxis.com or by mail at Xaxis, 175 Greenwich Street, 3 WTC, 30^th Floor, New York, NY 10007, USA, Attn: Legal Department. Please allow 30 days for a response.

Do Not Track

California law requires us to disclose how we respond to browser “Do Not Track” signals or other choice mechanisms relating to Interest-Based Advertising. We have not yet developed a response to browser “Do Not Track” signals, and do not change any of our data collection practices when we receive such signals. We will continue to evaluate potential responses to “Do Not Track” signals in light of industry developments or legal changes.

For more information on opting-out of Interest-Based Advertising, please see the “Opt-Out/Right to Withdraw Consent” subsection of Section 1 above.

Changes to this Privacy Notice

Please note that because of the changing nature of privacy laws and regulations, digital technologies, and our business, we may modify this Privacy Notice from time to time. Please review this Privacy Notice periodically to become aware of any changes that may have occurred (we will update the effective date at the top of the page to help you know when changes have been made).

About Us

Other than when acting at the direction of a client or other third party, Xaxis is a data controller responsible for your personal data (as this term or similar term is defined by applicable law) when you interact with our Services.

Contact Us

Europe (Xaxis EMEA, a division of GroupM UK Digital Ltd.)

DPO@GroupM.com

LEGAL - Central Saint Giles, 1 St Giles High St, 7th Floor, London, WC2H 8AG, UL

Worldwide (Xaxis, LLC)

privacy@xaxis.com

LEGAL - Xaxis, 175 Greenwich Street, 3 WTC, 30th Floor, New York, NY 10007, USA