Version 3.0 (effective as of February 12, 2019)
You must be transparent in how you handle online match data (e.g., cookie-based or mobile advertising ID-based login information provided by a user, collected about a user, and collected about a user’s use of the browser, app or device), including by disclosing the collection, use, and sharing of the data, and limiting your collection, use, and sharing of the data to the description in the disclosure.
This policy establishes LiveRamp’s minimum privacy requirements for the provision of online match data to LiveRamp. You may need to comply with additional restrictions or procedures as set forth in your applicable license agreement with LiveRamp, and where required by an applicable law.
LiveRamp may, in its sole discretion, change this policy from time to time, and will provide notice to you in the event of a change in policy. You must monitor your compliance with these terms on a regular basis. If, at any time, you cannot meet these terms (or if there is a significant risk that you will not be able to meet them), you must immediately notify us by sending an email to firstname.lastname@example.org and immediately either stop collecting and sharing online match data or take reasonable and appropriate steps to restore an adequate level of protection.
Subject to the terms of this policy, your underlying license agreement with LiveRamp, and applicable law, you may transfer online match data from the following countries: Brazil, New Zealand, Australia, Canada, France, United Kingdom, and United States.
Data collection and transfer
You will only provide LiveRamp with online match data for which you have a legal right and all necessary permissions required to share such data with LiveRamp under applicable privacy, data security, and data protection laws, directive, regulations, and rules.
You will not transmit to LiveRamp nor provide LiveRamp access to sensitive personal information, including but not limited to: (i) any data related to a data subject under the age of thirteen (13); (ii) a government-issued identification number (e.g., Social Security Number, driver’s license number, state identification number, or passport number); (iii) a financial or customer account number, including financial institution or bank account number or a credit or debit card number; (iv) information regarding an individual’s sexual orientation, religion, health or medical condition; (v) unique biometric data or digital representation of biometric data; (vi) an individual’s full date of birth; (vii) maiden name of the individual’s mother; (viii) individual’s digitized or other electronic signature; (ix) a user name, email address or other unique electronic identifier or routing code, which is sent in combination with a personal identification code, password, or security question and answer that would permit access to an online account, or (x) any additional data elements considered sensitive information under applicable law.
Consumer disclosure obligations
Your privacy notice shall also include the following disclosures: (a) that you may collect and share user data with third parties; (b) that third parties may collect user data directly from you for their own use and subject to their own privacy policies; (c) that user data may be combined and linked with data from other sources; and, (d) a conspicuous link to an industry opt-out mechanism in which LiveRamp is listed, such as the DAA’s opt out page at http://www.aboutads.info/choices or http://www.aboutads.info/appchoices as applicable.
Depending on your collection methods, the following consumer disclosure obligations may also apply:
- For online match data collected from web pages, you must maintain a prominent link to your online privacy notice on any webpages where you collect online match data that may be shared with LiveRamp.
- For online match data collected from any third parties, you must notify LiveRamp that you utilize third parties in the collection of online match data, and provide a list of the third parties and third party web sites from which you collect such information. You also agree that all applicable terms contained in this policy shall extend to online match data collected by third parties, and that you require that such third parties agree to abide by terms that are at least as restrictive as the applicable terms contained herein.
Regional or country-specific terms
The following Regional or Country-Specific Terms will apply where online match data is collected from users in the following regions or countries and shared with LiveRamp. In the event of any conflicting provisions between the Regional or Country-Specific Terms and the Consumer Disclosure Obligations above, the terms of this section shall control and resolve the conflict, with country-specific terms taking precedence over regional terms.
You will comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules, including the Privacy Act 1988 (Cth), the Spam Act 2003(Cth) and any amendments or successor legislation. You also shall not provide to nor cause LiveRamp to use: (a) sensitive information as that term is defined in the Privacy Act, including personal information concerning medical health (including both physical and mental disorders, pre-existing and current), ethnicity, religious beliefs (including matters concerning thought), criminal offenses, sexual orientation, organized groups (including professional or trade associations or trade unions) or money schemes; (b) any information related to a person under the age of eighteen (18); or (c) telephone numbers identified as unlisted or unpublished.
European Union (including the United Kingdom)
You will comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules, including the Privacy Act 1993 (Reprint as at 1 October 2018) (“Privacy Act”) , Privacy Bill Government Bill 34-1 (“Privacy Bill”), and any other applicable laws.
You also shall not provide to nor cause LiveRamp to use: (a) biometric information as that term defined in the Privacy Bill, including fingerprints: a scan of the person’s irises; and electronic records of the personal information that is capable of being used for biometric matching; (b) identity information as that term defined in the Privacy Bill, including a photograph or visual image of the individual; details of the individual’s New Zealand travel document; details of any distinguishing features (tattoos and birthmarks);(c) any information related to a person under the age of eighteen 18; (d) telephone numbers identified as unlisted or unpublished.
You will comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules, including (i) the Federal Constitution, of October 5, 1988; (ii) Law No. 8,078, of September 11, 1990 (“Brazilian Consumer Code” or “CDC”); and (iii) Law No. 12,965, of April 23, 2014 (“Internet Legal Framework” or “MCI”) and any amendments or successor legislation. You also shall not provide to nor cause LiveRamp to use: (a) sensitive information including personal information concerning medical health (including both physical and mental disorders, pre-existing and current), race or ethnic origin, philosophical, moral or political opinions, or affiliation to a union or a religious, philosophical or political organization, criminal offenses, sexual orientation or activity, genetic or biometric data; (b) any information related to a person under the age of eighteen (18); or (c) telephone numbers identified as unlisted or unpublished.