Last modified: October 24, 2019
Archived versions may be accessed here.
AppNexus, a Xandr company(“AppNexus”) is a New York-headquartered advertising technology company. When our technology is used by companies running websites, apps and other internet-connected properties, it helps those companies generate revenue by assisting them in showing advertisements to their users. When our technology is used by marketers and other advertisers, it helps them show advertisements to individuals online who may be interested in their products or services.
If you are interested in learning about how we collect, use, and disclose information through our digital advertising technology Platform, you have come to the right place.
If you are interested in learning how we collect, use, and disclose information through other corporate activities, such as on our corporate website, AppNexus.com, please click here.
WHAT IS THIS DOCUMENT?
This document provides information about our digital advertising technology services and then describes how we collect, use, share and otherwise process data.
Our goal is to be transparent about our business by describing our technology and services in simple terms so that you can understand our practices.
We know this is complicated, so if you have any questions about this information, please contact us here. We also created an Online Advertising and Ad Tech Glossary if you want to learn more about our technology, our services and more generally about the advertising technology ecosystem.
You’ll find the following information in this document:
- Background Information:
- What is the AppNexus Platform?
- What do we mean by Platform Data?
- For EEA Internet Users, the meaning of “Personal Data” under the General Data Protection Regulation and what this means for Platform Data
- Glossary of Basic Terms
- Cookie use by the Platform
- The AppNexus Platform Privacy Statement:
- What information does AppNexus collect and use?
- What information do our clients, partners and vendors collect and use?
- How do we collect information?
- How do we use the information we collect?
- Legal basis for processing Personal Data (EEA Internet users only)
- How and why do we share the information we collect?
- How is information stored and how long is it kept?
- What are your choices?
- IAB Europe Transparency and Consent Framework
- Opt Out
- What are your personal data rights?
- European Data Subject Rights
- Privacy Shield related rights
- Industry Self-Regulation
- Data Transfers for Internet Users in the EEA and the EU-US and Swiss-US Privacy Shield Framework
- What Happens if this Privacy Statement is Changed?
- Contact Us
- Data Controller
What is the AppNexus Platform (or the “Platform”)?
AppNexus is not an ad network or a data broker. AppNexus is a digital advertising technology platform. We do not own digital properties on which we advertise and we partake in advertising in a limited manner for our own recruiting purposes and to advertise to other businesses (not to consumers). By “Platform,” we mean we provide technology that websites, mobile apps and publishers of other internet-connected properties (such as internet-connected TV’s), our sellers, use to sell ad space on their websites, mobile apps and other digital media properties (which we collectively refer to as “Digital Properties”) and that advertisers or companies on the advertiser’s behalf, our buyers, use to purchase that ad space in the most efficient way possible. Sellers want their ads to be relevant to their readers, which helps them to offer content for no cost or lower cost. Buyers want to use their advertising dollars efficiently by reaching the right audiences, and by measuring the effectiveness of their ads. To accomplish these goals, buyers and sellers and their partners use our Platform to engage in a variety of techniques, including interest-based advertising, real-time (or programmatic) advertising, contextual, and location-based advertising.
The Platform also provides buyers and sellers other tools, like the ability to measure the effectiveness of their ads, to help prevent malware or other bad activity, and similar functions designed to make the buying and selling of ad space seamless, efficient, and effective.
Buyers, sellers, and other companies may also use our Platform to buy and sell data to help make the ads that end users see more relevant.
What do we mean by Platform Data?
The Platform is designed to use certain types of data, that all together we call Platform Data, which includes:
- Data sent to or uploaded to our Platform by our clients and partners which may include information about you, such as IP address, unique device identifiers, and the latitude and longitude of your device when you view a website that wants to show you an ad
- Data sent to or uploaded to our Platform by our clients and partners that ties unique device identifier(s) to perceived interests and behavior (e.g., women, ages 40-59), which may include information about you
See “What Information we collect and use” for more details on the type of data we include in Platform Data.
Some of this information (including for example IP addresses and certain unique device identifiers), may identify a particular computer or device, and may be considered “Personal Data” in some jurisdictions, including the European Union (see below on the meaning of “Personal Data”). This data allows us to recognize a particular computer or device over time.
We do not allow data that by itself identifies an individual in the “real world”, such as name, address, phone number, email address, or government identifier, to be used on the Platform. We also do not allow data that directly identifies an individual to be collected or used in connection with use of our Platform.
For EEA Internet Users, the meaning of “Personal Data” under the General Data Protection Regulation (“GDPR”), and what this means for Platform Data
“Personal Data” is defined as any data relating to a living individual who can be identified directly from that data, or indirectly in conjunction with other information. It can take the form of a name or address, and can extend to unique identifiers, IP addresses and other identifiers which do not tell us who an Internet user is in the “real world” but may, when combined with other information, allow the identification of a living individual.
We do not collect personal data that identifies you as an individual in the “real world.” When you (an Internet user) visit a Digital Property that has integrated our technology or that use technology that integrates with our Platform, we do not know your name or email address or other information that directly identifies you. We take care to ensure that we do not collect any information that tells us who you are.
Instead, when you first visit a Digital Property that has integrated our technology, this triggers a request to our Platform to fill ad space or measure information about an ad shown to that Internet User. When this occurs, we assign a random unique identifier (a Digital Identifier) an “AppNexus ID,” to your browser or device, which allows the Platform to automatically recognize your browser or device the next time it visits another Digital Property that has integrated our technology. This type of “pseudonymous data” is defined as “Personal Data” under the GDPR.
This allows our clients and partners to sync their own Digital Identifiers against this AppNexus ID (see ID Synching below) so that our clients and partners can use their own data on the Platform that they may have associated with their own Digital Identifiers.
We use Platform Data both as an independent controller and as a data processor.
Glossary of basic terms
Ad Server: An ad server, in its simplest form, is the computer responsible for delivering an ad to be shown in a web page or a mobile app. Today, communications may be sent to several servers in the process of selecting and delivering an ad. This occurs in a matter of milliseconds (thousandths of a second).
Beacons, Pixels, Tags, and SDKs: Beacons (also sometimes referred to as web beacons or pixels) and tags are elements included in web pages to enable companies to collect data, serve advertising, and provide related services, such as measuring ad effectiveness or preventing fake ad traffic. They do this by allowing communication between a web browser and a server. A beacon is a small transparent image that is placed on a web page. A tag is a small piece of website code that is run by the web browser. An SDK is a piece of computer code that developers include in their mobile applications.
Browser: A browser or web browser is the user interface or application through which you view Digital Properties. Examples of prominent browsers are Microsoft’s Internet Explorer, Google’s Chrome, Apple’s Safari, and Mozilla’s Firefox.
Cookie: A cookie is a small text file that is stored in a web browser by a website or Ad Server. By saving information in a cookie, websites and servers can remember preferences or recognize web browsers from one visit to another or from one website to another.
Cross-Device Mapping: Cross-device mapping is the process of making inferences that certain devices are related to each other, i.e. they belong to the same user or household. This is done using either “statistical” or “deterministic” methods (or a combination). “Statistical” refers to using mathematical techniques to make intelligent guesses that certain devices are related. “Deterministic” means using known relationships, for example logins that use the same email address or other personal information, to link multiple devices to a single user. When this method is used companies typically mask the actual email address.
Device Identifiers: Cookies, Mobile Advertising Identifiers or other identifiers that do not identify an individual but identify a specific device.
ID Synching: ID synching (sometimes also referred to as cookie syncing) is a common and long-standing process in the digital advertising industry. It enables advertisers to link up data from multiple advertising platforms. (In other words, it helps advertisers buy ads in more than one place.)
Here’s an example of how it works. Let’s say you sell a product on your website. A customer visits your site. Your website stores a cookie to identify that customer’s browser, and the cookie contains an ID of 12345. You then associate that ID with information about what the customer shopped for on your site.
If you want to then use that information to advertise to that user, you might go to an online advertising marketplace to buy ad space. In order to buy the right ad space to show your ads to the right user, you’ll need to match your ID, which is 12345 to the ID that the marketplace has assigned to the same customer (which let’s say for this example is ABCDE).
The result is a record that says ID 12345 = Marketplace ID ABCDE. That way, when the marketplace offers to sell you ad space to show you’re ad to to ABCDE, your system will know that ABCDE is the same as 12345, and you can pick the right ad to show the customer.
Interest-Based Advertising: Interest-based advertising uses information collected across multiple web sites or mobile apps to predict users' preferences and to show ads that are most likely to be of interest to them. For example, if a user visits a travel site or uses a travel app, she might see travel-related ads on another site or app and the ads may be about the destinations or kinds of trip the user has looked at. Advertisers may also use other information they have or can acquire about users’ interests and demographic information like age group and approximately where a user lives. Users have choices with respect to this type of advertising, as discussed below.
Mobile Advertising Identifiers: Mobile advertising IDs (e.g., Apple’s iOs Identifier for Advertising (IDFA) or Google’s Android Advertising ID (AAID)) are unique IDs that are similar to cookies, but instead of being stored on your web browser, they are associated with individual mobile devices.Mobile Advertising Identifiers do not reveal a user’s real world identity. They usually are user-resettable. Mobile Advertising Identifiers are used in connection with apps on your mobile device as opposed to websites that you access through a browser.
Non-Cookie Technology: Companies sometimes use alternative methods that perform functions similar to cookies in order to identify unique browsers or devices. For example, some platforms, such as Apple’s iOS and Google’s Play Services for Android, provide unique IDs to be used for advertising. Additionally, mathematical or statistical techniques are sometimes used to try to identify devices. These "Statistical Identifiers" are not 100% accurate.
Precise Geographic Location: Your device may be capable of sharing your precise geographic location with the apps or web pages you visit using that device. Devices use one or more methods to determine your location, including GPS coordinates and information about wifi networks in your vicinity. (Geographic location determined from IP address is typically not considered to be “precise.”) Devices such as iPhone or Android phones typically ask for users’ consent before installing or using an app that accesses the device’s precise geographic location. The app, in turn, may make this information available to third-party advertising companies in order to make the ads you see more relevant.
Real-Time Transactions (Also called Real-Time Bidding, Real-Time Advertising or Programmatic Advertising): Advertising buyers are able to bid in "real time" for the opportunity to show an online advertisement when a web page is loaded or an app is used. The winning bidder gets to show its ad.
Of course, the explanations above are simplified. There are many resources available on the web to learn more about these concepts and online advertising in general. Although we have no responsibility for the content of these sites, we offer the following as good places to learn more:
- OnGuardOnline.gov: onguardonline.gov
- All About Cookies: www.allaboutcookies.org
- Wikipedia: en.wikipedia.org/wiki/Online_advertising
- AboutAds.info, For Consumers page: www.aboutads.info/consumers
- The Network Advertising Initiative: networkadvertising.org/managing/learn_more.asp
- In the EU: www.youronlinechoices.com
- About web browser cookie settings: — Internet Explorer: http://windows.microsoft.com/en-US/internet-explorer/delete-manage-cookies#ie=ie-11 — Firefox: support.mozilla.com/en-US/kb/Cookies — Chrome: www.google.com/support/chrome — Safari: http://support.apple.com/kb/PH19214?viewlocale=en_US&locale=en_US
Cookie use by the Platform
- The Platform uses unique cookies to distinguish between unique web browsers, and to store data for advertising purposes, including interest-based advertising.
- The Platform uses unique cookies to store ad delivery and reporting data for clients, such as, for example, which ad was shown, the number of times a particular ad has been shown, and how recently an ad was shown to a particular web browser.
- The Platform uses unique cookies to enable ad buyers to track users’ responses (i.e. whether a user clicked on an ad, visited a website or bought something after seeing an ad) to ads purchased on the platform.
- The Platform uses non-unique cookies to store users’ opt-out choices.
- The Platform may also use some Non-Cookie Technologies for these purposes (as defined above and as detailed below).
- Cookies play a role in Cross-Device linking in that cookies from different browsers or devices might be associated with each other.
- Some browsers or other software may be configured to block 3rd party cookies by default.
THE APPNEXUS PLATFORM PRIVACY STATEMENT
Last Modified: 10/24/2019 (view archived versions)
This privacy statement describes how AppNexus collects, uses, shares or otherwise processes Platform Data. It may describe how AppNexus enables or allows clients and third-party providers to use Platform Data, but otherwise does not apply to our clients’ or other third parties’ practices.
Companies using the Platform own their own data, and AppNexus retains limited rights to use Platform Data to run the Platform and provide and improve our advertising technology services. That’s part of what makes it a Platform.
What information do we collect and use?
The Platform is designed to collect and use only Platform Data as described in this document. Details.
How do we collect information?
For what purposes do we use the collected information?
AppNexus uses the information collected on the Platform to provide, operate, manage, maintain, and enhance the Platform and allow our clients to use our Platform. This means facilitating: serving of ads, including interest-based advertising by our clients and partners; facilitating serving of ads based on Precise Geographic Location information; reporting on ad delivery and conversions; providing frequency capping and recency measurement; using information for fraud detection and the prevention and detection of malicious behavior and maintaining and enhancing our services including through the use of information for machine learning, optimization and statistical analysis. Details.
On what legal basis do we process Personal Data
Where you are located in the European Economic Area (the “EEA”) and where AppNexus is a controller of personal data, AppNexus’ legal basis for collecting and using the personal data described below depends on the data concerned and the specific context in which we collect or use it. We normally rely on our legitimate interests to collect and use personal data, except where our interests are overridden by your data protection interests or fundamental rights and freedoms. Our legitimate interests are described in more detail below (see “How do we use the information we collect”) and include the operation of our Platform and business and the provision of our online advertising technology services to our clients as required by our agreements with them. In some cases, we may rely on your consent which is obtained for us by the operator of the Digital Properties that use our technology or use technology that interacts with our Platform. Additionally, we may have a legal obligation to collect personal data. Details.
What information do we share with third parties?
Where permitted, we provide clients and third-party providers access to their Platform Data that they collect, acquire, or use on the Platform, and typically they may remove it from the Platform for their own use. For a current list of third party providers who may, subject to our clients’ permission, receive your data, see here. AppNexus may also provide Platform Data to partners and service providers for the purpose of operating, managing, maintaining, or enhancing our services, including for the safety and security of the Platform and the online industry, or as required by law. AppNexus does not share the information collected on the Platform with other third parties, unless legally required. Details.
How is the information stored and how long is it kept?
Platform Data is stored using generally accepted security standards. It is usually aggregated or deleted within 3-60 days, but may be retained in the Platform for up to 18 months from the date of collection before aggregation or deletion. Details.
What are your choices?
For EEA users, we are registered as a vendor with, and support, the IAB Europe Transparency and Consent Framework (the “Industry Framework”). As a Platform, various clients and providers using our Platform may be accessing your device or collecting, using and sharing your personal data as independent controllers for different uses and based on different legal bases or as processors on behalf of other independent controllers. When you visit a Digital Property, the Industry Framework is designed to allow Digital Properties the means to choose which third parties they wish to allow to access your device and collect, use and share your personal data and provide dynamic transparency and choice to you about each of these third parties (either an opportunity for you to consent or opt out) in connection with your visit to the Digital Property, depending on that third-party’s use of your personal data and legal basis.
Web browser users may opt out of the use of the Platform for interest-based advertising in their web browser. Mobile app users have access to choices provided by certain apps or in their device system software. Details.
What happens if this privacy statement is changed?
Check this policy for changes. The date of the last update can be found at the top of this Policy. Material changes will not be applied to previously collected Platform Data. Details.
Send a message here.
What Information Do We Collect and Use?
When you visit a Digital Property (i.e. a site) that uses our technology (or that uses technology that transacts with third parties using our Platform) we collect or receive certain information about you and your device including:
- Information about your browser including:
- the type of browser
- browser language
- browser settings
- cookie information
- Information about your device including:
- information about the device’s operating system including its version and connection type
- device make, device model
- Device Identifiers such as your IDFA or AAID
- Precise Geographic Location data when location services have been enabled for an app on your device that has integrated our technology or that sends that information to our Platform
- the IP address from which the device accesses a client’s Digital Property
- Information about your activity on a Digital Property including web pages or apps visited or used and the time those web pages or apps were visited or used. Note this information is only collected and received in connection with requests to us initiated by Digital Properties using our technology to show ads to you or to track your activity in connection with the delivery of an ad or to place Digital Identifiers associated with your browser or device into interest-based segments. This means we do not passively track your activity but only receive information about your activity in connection with requests specifically made to our Platform to serve you an ad, measure your interaction with an ad or to place you into an interest-based category for future use by a client to help make the ads they show to you more relevant.
- Information about ads served, viewed or clicked on, including the type of ad, where the ad was served, whether you clicked on it and whether you visited the advertiser’s website or downloaded the advertiser’s app.
- Information about you or inferences about your interests that a seller, buyer or third-party has collected about you and shared with us such as information about your interests or demographic information (your age or gender) or to help make the ads served to you more relevant. For clarity, we do not independently collect information about your interests or demographic information for use within our Platform, but we do allow our clients and partners to utilize their own data or third-party data they have access to in connection with the Services.
- Information about your Internet service including information about which Internet Service Provider (ISP) is used by you.
Data from Third-Party Sources
The Platform allows clients to use information about you such as demographic information (e.g. your age or gender) or information about your interests provided by third-party sources such as third-party data providers and our clients’ data management platforms in order to show more relevant ads to you.
Clients, data providers and data management platforms may use ID Synching to enable the use of this information through the Platform.
Information Our Clients and Vendors Collect
Our clients, our vendors, and our clients’ vendors, who use our technology, may use their own tags, pixels, cookies, or other similar technology (or those of their other affiliates) within their advertisements and on certain Digital Properties. We are not responsible for our clients, vendors and/or our clients’ vendors use of such tracking technologies or for their privacy practices.
How Do We Collect Information?
- The Platforms also receives data from Clients and Third-Party Sources (as set out above)
How do we use the information we collect?
- For our legitimate business interests to provide services to our clients, including:
- Providing and Operating our Services which includes:
- Compiling statistics about the advertising transactions occurring through our Platform and conducting research and development for our own internal business purposes, such as analyzing campaign forecasting including conducting machine learning to better help our clients’ sale of ad space and our clients’ delivery of ads to you
- Analyzing and reporting on campaign and ad performance (such as reporting to buyers about when and how you have been exposed to ads or clicked on ads and reporting to sellers information about when and how ads were shown on their Digital Properties and whether they were clicked on)
- Investigating, protecting against and deterring malicious activity, fake traffic or fraudulent, unauthorized or illegal activity on the Platform and on the internet
- Providing and Operating our Services which includes:
- Hands on Help: The Platform enables AppNexus’ clients to collect, buy, and sell data and to use Platform Data to buy and sell online advertising. Sometime AppNexus staff give “hands-on” help to clients using the Platform for these purposes, for example by configuring advertising campaigns for clients to best meet their objectives.
- Allowing our Clients to use Platform Data for the following advertising-related purposes:
- Interested Based Advertising: Using Platform Data to infer what you may be interested in and to serve ads to you based on these inferred interests. Our clients may use their Platform Data to create interest profiles about you but AppNexus does not create or use interest profiles about you. Any interest profile used on our Platform is created by or for a client to be used by that client or by another client or clients (as permissioned by the client that created the interest profile).
- Frequency Capping: Limiting the number of times you see an ad so you don’t see the same ad or type of ad too many times
- Showing ads in a particular sequence: Showing you ads in a particular order to provide a better user experience
- Geo-Targeting: Customizing ads shown to you based on your current or prior location
- Contextual Ads: Showing ads to you based on the content you are viewing
- Ad Measurement: Understanding how users respond to ads (e.g., clicking on the ad)
- Aggregated Statistics: Reporting aggregated statistics regarding, for example, the effectiveness of online advertising campaigns
- Cross-Device Mapping: Enabling Cross-Device Mapping in order to serve or measure advertising on related devices on behalf of our clients.
Typically, companies using the AppNexus Platform own the data that they provide to and get from the Platform. While we take care to obtain assurances from our clients and partners that their use of data collected through the use of our technology will comply with applicable laws, when clients remove their data from the Platform, their use of that data is governed by their own privacy policies and applicable laws, rules, or regulations.
Legal Basis for Processing Personal Data (EEA Internet users only)
If you are located in the EEA, where we are the controller of personal data, our legal basis for processing the personal data described above under “What Information do we Collect and Use” will depend on the data concerned and the specific context in which we collect or use it.
However, we normally rely on our legitimate interest to collect personal data, except where such interests are overridden by an Internet user’s data protection interests or fundamental rights and freedoms. Our legitimate interests are the operation of our platform and business and the provision of online advertising services to our clients as required by our agreements with them. In some cases, we may rely on the user’s consent obtained by the operator of the Digital Properties that use our technology or have a legal obligation to collect User Information, or use Platform Data, or may otherwise need the Platform Data. Where we rely on our legitimate interests to process an Internet User’s User Information, they include the interests described in the section titled “How do we use the information we collect?”
In some cases, we may rely on our consent which Digital Properties using our technology obtain from you. We may also have a legal obligation to collect personal data from you. If we rely on consent to process your data, we will obtain such consent in compliance with applicable laws.
If you have questions about or need further information concerning the legal basis on which we process personal data, please contact us [here].
How and why do we share the information we collect?
AppNexus shares Platform Data with third parties in the following cases:
- Clients and Third Party Providers
- When you visit a Digital Property (i.e. a site) and that Digital Property wants to show you ads, in order to show you those ads, the Digital Property must let certain third parties access your device or receive and use the information noted above under “What Information do we collect and use.”
- Depending on how those third parties collect and use that information, those parties may be:
- independently making decisions about how your data is used in different ways, for different reasons based on different legal bases
- using your data strictly at the instructions of another party solely on behalf of that party
- As such, at the instruction of our clients, we share information with clients and third party providers:
- so that they can decide whether to bid on ad inventory or serve an advertisement and choose the best ad for you using their data and our and our partners’ technology
- so that certain of them can create demographic and interest profiles to help our clients choose the best ad for you using our and our partners’ technology
- so that they can improve their products and services for use by us and others across the broader online advertising ecosystem (e.g. your Device Identifier may be used to improve fraud detection services)
- When our clients integrate our technology in order to show you ads and enable us to collect your data, other than for the reasons noted below, we do not decide which third parties may receive your data.
- For users located within the EEA, we provide our clients with various controls to choose the third parties with whom we share your data that we collect through each client’s use of our Platform including:
- IAB Europe Transparency and Consent Framework:
- We are registered as a vendor with, and support, the IAB Europe Transparency and Consent Framework (the “Industry Framework”)
- When you visit a Digital Property, the Industry Framework is designed to allow a Digital Property to choose which third parties (vendors) they wish to allow to access your device and use your personal data and provide dynamic transparency and choice to you about each of these vendors (either an opportunity for you to consent or opt out) in connection with your visit to the Digital Property, depending on that third-party’s use of your data and legal basis.
- Information about Third Parties operating through our Platform and Platform Controls:
- Information about third parties operating through our Platform for disclosure purposes and whitelisting capabilities – essentially creating lists of approved companies – to control which third parties may receive and use your data
- IAB Europe Transparency and Consent Framework:
- For users located outside of the EEA, we provide our clients with Platform Controls, including our whitelisting capabilities, to control which third parties may receive your data.
- Legal Rights and Compliance with Law: We may also disclose Platform Data in the event that we reasonably suspect malicious activity or fake traffic or when we reasonably believe it is required by law, subpoena or other legal process, including to meet national security or law enforcement requirements.
- Business Transfers: We may transfer Platform Data to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change.
- Aggregated Data: We may also share aggregated data derived from the Platform, including, for example, statistics about Platform activity.
How is Platform Data Stored and How Long is it Kept?
- AppNexus uses generally accepted industry security standards to protect information transmitted over or stored on the Platform.
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
- We restrict access to information to employees, contractors and agents who need the information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
- Please note, however, that no transmission or storage of information can ever be guaranteed to be completely secure. Once we receive Platform Data, we will use strict procedures and security features to try to prevent unauthorized access. Please also be mindful that we are not responsible for the security measures of third parties.
- We never store any information longer than we need it. Platform Data is usually aggregated or deleted within 3-60 days, but may be retained in the Platform for up to 18 months for specific clients and for security and the detection and prevention of fraud and invalid traffic from the date of collection before aggregation or deletion. When we no longer need the information we collect, it is deleted or aggregated.
- Aggregated information is used for reporting and analysis, and may be stored in the Platform for up to 2 additional years.
- When partners receive information through us or clients remove their information from the Platform, their storage and retention of the removed information is governed by their own privacy policies and applicable laws, rules, or regulations.
What are your choices?
IAB Europe Transparency and Consent Framework: If you are located in the EEA and visiting a Digital Property, we are registered as a vendor with, support and encourage our clients to use the IAB Europe Transparency and Consent Framework (the “Industry Framework”) to provide you with dynamic transparency into and choice about the various third parties our clients use to serve you ads, including ourselves. When you visit a Digital Property, the Industry Framework is designed to allow a Digital Property the means to choose which vendors they wish to allow to access your device and process your personal data and provide dynamic transparency and choice to you about each of these vendors (either an opportunity for you to consent to the vendor or opt out of data processing by the vendor depending on that vendor’s legal basis and processing activities).
Opt Out of Interest-Based Advertising: You can opt out of interest-based advertising.
AppNexus Web Browser Opt Out: You can click below to opt out of having the Platform used to select ads for your browser based on your online web browsing behavior. When you opt out, an opt out cookie (from adnxs.com) will be stored in your web browser. The Platform will know the choice you have made when it sees your opt out cookie, and will apply your choice to all companies' using the Platform. If you block or delete the opt out cookie, you will not be opted out and will need to allow cookies from AppNexus and renew your opt-out choice.
Important things to note about the opt out:
- Blocked cookies: The opt out cookie may not work if your browser is configured to block third-party cookies.
- Deleting or protecting opt outs: If you delete your cookies, you will need to opt out again. There are browser plugins to help you preserve your opt out cookies. For more information, please visit http://www.aboutads.info/PMC.
- Only this browser: The opt out only applies to the browser profile in which you set it. For example, if you set the opt out while using Firefox, but then use Chrome, the opt out will not be active in Chrome. To opt out in Chrome, you will need to repeat the opt out process. This is because the cookies cannot be read between different browsers or browser profiles.
- Learn More: To learn more about interest-based advertising, and to access the opt outs of other online advertising companies, visit the Network Advertising Initiative opt out page, the DAA’s WebChoices tool or the DAAC’s WebChoices tool.
AppNexus Mobile App Opt Out: Mobile device system software such as Apple iOS or Google Play Services provide mechanisms that allow users to opt out of the use of information about their usage of mobile apps to deliver targeted ads to their mobile device. For more information, or to opt out using these mechanisms, consult your device settings (“Opt out of Interest-Based Ads” on Android devices and “Limit Ad Tracking” on iOS devices).
Location: Most mobile devices offer you the ability to stop the collection of location information at any time by changing the preferences on your device. You may also be able to stop the collection of location information by particular apps by adjusting the settings for individual apps or following the standard uninstall process to remove specific mobile apps from your device. Note when location services have not been enabled in any of your apps, we will still infer data about your location based on your IP address.
What are your personal data access rights?
We collect the minimum amount of personal data about you that is necessary to provide our services. Because we do not collect and we prohibit clients from storing information that directly identifies an individual on the Platform, it is generally not feasible for us to provide individuals information that is tied to their identities.
European Data Subject Rights
If you are a resident of a country in the EEA, you have certain rights and protections under the law regarding the collection, processing, and use of information about you. As stated above, the information we collect about you when you visit Digital Properties that use our advertising technology may include certain identifiers that are considered “Personal Data” under European law. We process this data as necessary to further the legitimate interests of our customers, who rely on the ability to deliver, to you and other users, advertisements (including targeted advertisements) in order to fund the online content they deliver to you.
As a resident of a country in the EEA, you have the right to: (i) to request access and obtain a copy of your personal data, (ii) to request rectification or, in certain circumstances, and subject to some specific legal reasons where we may need to retain data, erasure; (iii) to restrict the processing of your personal data; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal data.
If you are interested in exercising any of these rights, please see our Data Subject Rights policy here.
Finally, as a resident of the EEA, you have the right to lodge a complaint about our processing of personal data with a European Data Protection Authority in particular, the Member State of your residence, place of work or alleged infringement of the GDPR. For contact details of your relevant local Data Protection Authority, please see here.
Privacy Shield related rights
If you believe that AppNexus holds information that would allow us to correct, amend or delete inaccurate information about you or that information about you has been processed in violation of the EU-US Privacy Shield’s Principles, please contact us here. We will seek to provide access to such data, but will not be able to do so when the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
AppNexus supports industry self-regulation, and endorses best practices and self-regulatory requirements that apply to the Platform. AppNexus is a member in good standing of the Network Advertising Initiative (NAI) and adheres to the NAI Code of Conduct for Web and Mobile. AppNexus also follows the industry self-regulatory guidelines of the Digital Advertising Alliance (DAA) and the Digital Advertising Alliance of Canada (DAAC).
Additionally, the following industry sites provide useful information about industry self-regulation of interest-based advertising:
- US: www.networkadvertising.org and www.aboutads.info
- EU: www.youronlinechoices.com
- Canada: www.youradchoices.ca
Global Operations and Privacy Shield
AppNexus is a global company headquartered in the United States with data centers located in the United States, Europe and Asia. If you access any of the Digital Properties that use our technology, please be aware that your information may be transferred to, stored and processed by us and our affiliates in our facilities in the United States and other countries (including in Singapore, Japan, Australia and Brazil where our global affiliates have offices) and by those third parties with whom we may share your information.
These countries (including the United States) may not provide an adequate level of data protection for your information (as determined by the European Commission) or have data protection or other laws as comprehensive as those in your country. We will, however, ensure that where AppNexus group companies or third-party service providers receive information outside of the EEA, appropriate protections are in place under European data protection legislation (which includes either Model Clauses or Privacy Shield compliance).
For example, in order to ensure that your information is adequately protected when transferred outside of the EEA, AppNexus has entered into inter-company “model clause” agreements and other adequacy arrangements with other various entities located outside the EEA with whom we share your information. A copy of such agreements is available on request.
Additionally, if we transfer personal information from the European Union to the United States or Switzerland to the United States, we comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. AppNexus has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
For any questions or complaints regarding our compliance with either the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework, please contact us here. If AppNexus does not resolve your complaint, you may submit your complaint free of charge to ICDR/AAA, AppNexus’ designated independent dispute resolution provider. Under certain conditions specified by the principles of the EU-US and the Swiss-US Privacy Shield Frameworks, respectively, you may also be able to invoke binding arbitration to resolve your complaint. AppNexus is subject to the investigatory and enforcement powers of the FTC. If AppNexus shares the personal data of an individual located in the EU or Switzerland with a third-party service provider that processes the data solely on AppNexus’ behalf, then AppNexus will be liable for that third-party’s processing of that data in violation of the Principles, unless AppNexus can prove that it is not responsible for the event giving rise to the damage.
What Happens if this Privacy Statement is Changed?
Check this page for changes. We may change this privacy statement at any time.
If we make changes that, in our sole discretion, are material, those changes will not be applied to information collected prior to the date the changes went into effect.
If you have questions about privacy on the AppNexus Platform, you can send us a message here.
If you are located in the EEA, you can confidentially contact our Data Protection Officer here.
You can also contact us by post using the details provided below:
Attn: Chief Privacy Counsel
28 West 23rd Street
New York, NY 10010
Important Note: Where AppNexus is the data controller of EEA residents’ personal data, the data controller is AppNexus Inc. As previously noted, the data controller of Platform Data will vary depending on how it is collected and by whom. At the point of collection, this information should be made available to you by or on behalf of any other data controller.