LiveRamp Policy for Sharing of Online Match Data

Version 2.0 (effective as of November 26, 2018)

You must be transparent in how you handle online match data (e.g., cookie-based or mobile advertising ID-based login information provided by a user, collected about a user, and collected about a user’s use of the browser, app or device), including by disclosing the collection, use, and sharing of the data, and limiting your collection, use, and sharing of the data to the description in the disclosure.  

This policy establishes LiveRamp’s minimum privacy requirements for the provision of online match data to LiveRamp. You may need to comply with additional restrictions or procedures as set forth in your applicable license agreement with LiveRamp, and where required by an applicable law.

LiveRamp may, in its sole discretion, change this policy from time to time, and will provide notice to you in the event of a change in policy. You must monitor your compliance with these terms on a regular basis. If, at any time, you cannot meet these terms (or if there is a significant risk that you will not be able to meet them), you must immediately notify us by sending an email to privacyteam@liveramp.com and immediately either stop collecting and sharing online match data or take reasonable and appropriate steps to restore an adequate level of protection.

Approved geographies

Subject to the terms of this policy, your underlying license agreement with LiveRamp, and applicable law, you may transfer online match data from the following countries: Australia, Canada, France, United Kingdom, and United States.

Data collection and transfer

You will only provide LiveRamp with online match data for which you have a legal right and all necessary permissions required to share such data with LiveRamp under applicable privacy, data security, and data protection laws, directive, regulations, and rules.

You will not transmit to LiveRamp nor provide LiveRamp access to sensitive personal information, including but not limited to: (i) any data related to a data subject under the age of thirteen (13); (ii) a government-issued identification number (e.g., Social Security Number, driver’s license number, state identification number, or passport number); (iii) a financial or customer account number, including financial institution or bank account number or a credit or debit card number; (iv) information regarding an individual’s sexual orientation, religion, health or medical condition; (v) unique biometric data or digital representation of biometric data; (vi) an individual’s full date of birth; (vii) maiden name of the individual’s mother; (viii) individual’s digitized or other electronic signature; (ix) a user name, email address or other unique electronic identifier or routing code, which is sent in combination with a personal identification code, password, or security question and answer that would permit access to an online account, or (x) any additional data elements considered sensitive information under applicable law.

Consumer disclosure obligations

You will maintain a prominent link to your online privacy policy on your own website(s). Your privacy policy must include a full, accurate, and clear disclosure regarding the placement, use, and reading of cookies or other technologies, and the collection, use, and sharing of the data with third parties.  

Your privacy notice shall also include the following disclosures: (a) that you may collect and share user data with third parties; (b) that third parties may collect user data directly from you for their own use and subject to their own privacy policies; (c) that user data may be combined and linked with data from other sources; and, (d) a conspicuous link to an industry opt-out mechanism in which LiveRamp is listed, such as the DAA’s opt out page at http://www.aboutads.info/choices or http://www.aboutads.info/appchoices as applicable.

Depending on your collection methods, the following consumer disclosure obligations may also apply:

  • For online match data collected from web pages, you must maintain a prominent link to your online privacy notice on any webpages where you collect online match data that may be shared with LiveRamp.
  • For online match data collected through scripts or other code that deploys through emails, each such email shall include an active link to your privacy policy or your email partner’s privacy, and such linked policy shall satisfy the above terms and also state that such data may be collected via email.
  • For online match data collected from a mobile application, your privacy policy must, together with any in-app disclosures, comprehensively disclose how your app collects, uses, and shares user data. You shall also follow industry best practices and honor all applicable mobile advertising opt-outs set on the mobile device.
  • For online match data collected from any third parties, you must notify LiveRamp that you utilize third parties in the collection of online match data, and provide a list of the third parties and third party web sites from which you collect such information. You also agree that all applicable terms contained in this policy shall extend to online match data collected by third parties, and that you require that such third parties agree to abide by terms that are at least as restrictive as the applicable terms contained herein

Regional or country-specific terms

The following Regional or Country-Specific Terms will apply where online match data is collected from users in the following regions or countries and shared with LiveRamp. In the event of any conflicting provisions between the Regional or Country-Specific Terms and the Consumer Disclosure Obligations above, the terms of this section shall control and resolve the conflict, with country-specific terms taking precedence over regional terms.

Australia

You will comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules, including the Privacy Act 1988 (Cth), the Spam Act 2003 (Cth) and any amendments or successor legislation. You also shall not provide to nor cause LiveRamp to use: (a) sensitive information as that term is defined in the Privacy Act, including personal information concerning medical health (including both physical and mental disorders, pre-existing and current), ethnicity, religious beliefs (including matters concerning thought), criminal offences, sexual orientation, organized groups (including professional or trade associations or trade unions) or money schemes; (b) any information related to a person under the age of eighteen (18); or (c) telephone numbers identified as unlisted or unpublished.

Canada

You will comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules, including Personal Information Protection and Electronic Documents Act (PIPEDA), as may be amended from time to time, or any successor legislation, and any provincial laws which may apply based on location. You further acknowledge and agree that online match data is not sensitive data under PIPEDA nor applicable provincial laws, and will provide adequate notice regarding your collection, use, and sharing of online match data as required under PIPEDA and applicable provincial laws, including through inclusion of a prominent link to your privacy policy and/or description of data collection and usage practices at the time and location of collection and through notice that the online match data may be transferred to the United States.

European Union (including the United Kingdom)

To the extent that online match data provided by you comprises information that is considered personal data as defined by applicable EU and UK data protection law (“EU Personal Information”), then in relation to such data you shall: (a) comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules, including any provisions of the European Directive 95/46/EC of 24th October 1995 and all implementing legislation and successor statutes, laws, rules, regulations, and directives, including but not limited to the EU General Data Protection Regulation 2016/679 or its equivalent in the UK if it leaves the EU, as may be amended from time to time (the “EU Acts”); (b) collect, use, share or otherwise process EU Personal Information only for purposes that are consistent with the notice given to the individual to whom the EU Personal Information relates; (c) provide the same level of protection as is required by the Privacy Shield Principles; (d) ensure a valid legal basis is obtained under the EU Acts before such data is passed to LiveRamp for the purposes of its business; (e) provide reasonable assistance to enable LiveRamp to comply with data subject rights under the EU Acts such as providing proof of consent if applicable; and (f) not transmit to LiveRamp nor provide LiveRamp access to any data related to a data subject under the age of sixteen (16) nor any sensitive personal information as defined by the EU Acts, including but not limited to information regarding an individual’s political or trade union opinion and/or membership. You also acknowledge and agree that when you facilitate the placement and use of cookies and/or mobile advertising IDs and/or use of similar technologies by LiveRamp for the purposes of its business, they do not violate the applicable law of the member states of the European Union that implement the provisions of the Directive 2002/58/EC of the European Parliament and of the Council of 12th July 2002 on privacy and electronic communications, including all implementing legislation and successor statutes, laws, rules, regulations, and directives, such as the regulation that  repeals Directive 2002/58/EC or its equivalent in the UK, as may be amended from time to time.

New Zealand

You will comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules, including the Privacy Act 1993 (Reprint as at 1 October 2018) (“Privacy Act”) , Privacy Bill Government Bill 34-1 (“Privacy Bill”), and any other applicable laws.

You also shall not provide to nor cause LiveRamp to use: (a) biometric information as that term defined in the Privacy Bill, including fingerprints: a scan of the person’s irises; and electronic records of the personal information that is capable of being used for biometric matching; (b) identity information as that term defined in the Privacy Bill, including a photograph or visual image of the individual; details of the individual’s New Zealand travel document; details of any distinguishing features (tattoos and birthmarks);(c) any information related to a person under the age of eighteen 18; (d) telephone numbers identified as unlisted or unpublished.