LiveRamp Policy for Sharing of Online Match Data

Version 1.0 (effective as of July 21, 2017)

You must be transparent in how you handle online match data (e.g., cookie-based or mobile advertising ID-based login information provided by a user, collected about a user, and collected about a user’s use of the browser, app or device), including by disclosing the collection, use, and sharing of the data, and limiting your collection, use, and sharing of the data to the description in the disclosure.

This policy establishes LiveRamp’s minimum privacy requirements for the provision of online match data to LiveRamp. You may need to comply with additional restrictions or procedures as set forth in your applicable license agreement with LiveRamp, and where required by an applicable law.

LiveRamp may, in its sole discretion, change this policy from time to time, and will provide notice to you in the event of a change in policy. You must monitor your compliance with these terms on a regular basis. If, at any time, you cannot meet these terms (or if there is a significant risk that you will not be able to meet them), you must immediately notify us by sending an email to privacyteam@liveramp.com and immediately either stop collecting and sharing online match data or take reasonable and appropriate steps to restore an adequate level of protection.

Approved geographies.

Subject to the terms of this policy, your underlying license agreement with LiveRamp, and applicable law, you may transfer online match data from the following countries: Canada, France, United Kingdom, and United States.

Data collection and transfer.

You will only provide LiveRamp with online match data for which you have a legal right and all necessary permissions required to share such data with LiveRamp under applicable privacy, data security, and data protection laws, directive, regulations, and rules.
You will not transmit to LiveRamp nor provide LiveRamp access to sensitive personal information, including but not limited to: (i) any data related to a data subject under the age of thirteen (13); (ii) a government-issued identification number (e.g., Social Security Number, driver’s license number, state identification number, or passport number); (iii) a financial or customer account number, including financial institution or bank account number or a credit or debit card number; (iv) information regarding an individual’s sexual orientation, religion, health or medical condition; (v) unique biometric data or digital representation of biometric data; (vi) an individual’s full date of birth; (vii) maiden name of the individual’s mother; (viii) individual’s digitized or other electronic signature; (ix) a user name, email address or other unique electronic identifier or routing code, which is sent in combination with a personal identification code, password, or security question and answer that would permit access to an online account, or (x) any additional data elements considered sensitive information under applicable law.

Consumer disclosure obligations.

You will maintain a prominent link to your online privacy policy on your own website(s). Your privacy policy must include a full, accurate, and clear disclosure regarding the placement, use, and reading of cookies or other technologies, and the collection, use, and sharing of the data with third parties.
Your privacy notice shall also include the following disclosures: (a) that you may collect and share user data with third parties; (b) that third parties may collect user data directly from you for their own use and subject to their own privacy policies; (c) that user data may be combined and linked with data from other sources; and, (d) a conspicuous link to an industry opt-out mechanism in which LiveRamp is listed, such as the DAA’s opt out page at http://www.aboutads.info/choices or http://www.aboutads.info/appchoices as applicable.
Depending on your collection methods, the following consumer disclosure obligations may also apply:

  • For online match data collected from web pages, you must maintain a prominent link to your online privacy notice on any webpages where you collect online match data that may be shared with LiveRamp.
  • For online match data collected through scripts or other code that deploys through emails, each such email shall include an active link to your privacy policy or your email partner’s privacy, and such linked policy shall satisfy the above terms and also state that such data may be collected via email.
  • For online match data collected from a mobile application, your privacy policy must, together with any in-app disclosures, comprehensively disclose how your app collects, uses, and shares user data. You shall also follow industry best practices and honor all applicable mobile advertising opt-outs set on the mobile device.
  • For online match data collected from any third parties, you must notify LiveRamp that you utilize third parties in the collection of online match data, and provide a list of the third parties and third party web sites from which you collect such information. You also agree that all applicable terms contained in this policy shall extend to online match data collected by third parties, and that you require that such third parties agree to abide by terms that are at least as restrictive as the applicable terms contained herein.

Regional or country-specific terms.

The following Regional or Country-Specific Terms will apply where online match data is collected from users in the following regions or countries and shared with LiveRamp. In the event of any conflicting provisions between the Regional or Country-Specific Terms and the Consumer Disclosure Obligations above, the terms of this section shall control and resolve the conflict, with country-specific terms taking precedence over regional terms.

Canada

You will comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules, including Personal Information Protection and Electronic Documents Act (PIPEDA), as may be amended from time to time, or any successor legislation, and any provincial laws which may apply based on location. You further acknowledge and agree that online match data is not sensitive data under PIPEDA nor applicable provincial laws, and will provide adequate notice regarding your collection, use, and sharing of online match data as required by under PIPEDA and applicable provincial laws, including through inclusion of a prominent link to your privacy policy and/or description of data collection and usage practices at the time and location of collection and through notice that the online match data may be transferred to the United States.

European Union (including the United Kingdom)

To the extent that online match data provided by you comprises personal information that directly or indirectly identifies an individual and that originated in the European Union (“EU Personal Information”), then you shall: (a) comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules, including any provisions of the European Directive 95/46/EC of 24th October 1995 and all implementing legislation and successor statutes, laws, rules, regulations, and directives, as may be amended from time to time (the “EU Acts”); (b) collect, use or process EU Personal Information only for purposes that are consistent with the notice given to the individual to whom the EU Personal Information relates; (c) provide the same level of protection as is required by the Privacy Shield Principles; (d) ensure a valid legal basis is obtained under the EU Acts before such data is passed to LiveRamp for the purposes of its business; and (e) not transmit to LiveRamp nor provide LiveRamp access to any data related to a data subject under the age of sixteen (16) nor any sensitive personal information as defined by the EU Acts, including but not limited to information regarding an individual’s political or trade union opinion and/or membership. You also acknowledge and agree that when you facilitate the placement and use of cookies and/or mobile advertising IDs and/or use of similar technologies by LiveRamp for the purposes of its business, they do not violate the applicable law of the member states of the European Union that implement the provisions of the Directive 2002/58/EC of the European Parliament and of the Council of 12th July 2002 on privacy and electronic communications, including all implementing legislation and successor statutes, laws, rules, regulations, and directives, as may be amended from time to time.