Privacy Policy for Extreme Reach Ad Serving and Analytics

Extreme Reach, Inc.; Extreme Reach Talent, Inc; Extreme Reach Services Group, LLC; CMC Crew Services, Inc; and Extreme Reach Payroll Solutions, Inc.; Slate and Extreme Reach UK Limited (collectively “Extreme Reach”) are committed to respecting and protecting your privacy.

This Privacy Policy describes how we collect, use, disclose, store and otherwise process information collected through Extreme Reach AdBridge from ads served or tracked (the “Ad Serving Services”) on third-party websites, mobile applications, and other online media, including smart televisions, connected applications, and digital media streaming services and devices (collectively “Properties and Devices”). For information related to other Services, please see the relevant privacy policy link above.

Terms

Beacons and Tags: Beacons and tags enable online advertising companies to collect data and serve advertising on websites by allowing communication between a web browser and an ad server. A beacon (or web beacon) is a small transparent image that is placed on a web page. A tag is a small piece of computer code that is run by a web browser.

Cookie: A cookie is a small text file that is stored in a web browser by a website or ad server. By saving information in a cookie, websites and servers can remember preferences or recognize browsers from one visit to another or from one website to another.

End User: visitors and users of the Properties and Devices where Extreme Reach is serving advertisements.

Personally Identifiable Information (PII): Information that can be used on its own or with other information to identify, contact, or locate an individual, or to identify an individual in context.  In the context of these services, this will almost always be limited to IP Address, Device ID and/or other device technical information that we do not connect to any identified person’s name, physical address, or other personally identifying information.  However, PII does not include publicly available, deidentified, or aggregated consumer information.

Information We Collect

When we provide the Ad Serving Services on behalf of our customers (advertisers and their agencies), we typically use Beacons and Tags, Cookies, or similar technology to collect End User activity and viewership information related to how many people view the ad, clicks, conversions, and other information made available by the browser or device such as internet or network activity, and general (not precise) geolocation data.  As part of that interaction, we may also collect “identifiers,” such as IP address, user agent string, device ID, and/or advertising ID which are generally considered to be PII under GDPR, CCPA, and other data privacy legislation.

How Collected Data Is Used

Extreme Reach uses the collected data to track general advertising impression and response activities, so our customers can understand how their advertising campaigns perform (i.e. how many advertisements have been viewed, as well as which ad experiences are most relevant and resonant with audiences).

PII such as IP Address and Device ID can also sometimes be used to better personalize ad experiences for End Users, so they are more likely to see ads that are relevant to them and their interests.

Information Disclosed to Outside Parties

We generate advertising campaign analysis reports for our customers (and sometimes for the Property and Device publishers (for example, the owners of the websites that End Users visit where they see the ads we serve) using anonymized, aggregated, non-personally identifiable information.

Our customers may also sometimes request custom, log-level reports, with details at the impression level that may include PII such as IP Address.  Such log-level reports do not include data related to ads served outside of the United States.

Extreme Reach uses Google’s YouTube API Services in order to serve ads into the YouTube environment. The Google Privacy Policy can be found at: https://policies.google.com/privacy and the Google App Permissions page can be found at: https://myaccount.google.com/permissions. The YouTube Terms of Service (ToS) can be found at: https://www.youtube.com/t/terms.

We do not otherwise sell, trade, or transfer collected information to outside parties, except as discussed above for the limited purposes of Extreme Reach’s customer services. We may also release collected information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.

How We Protect Your Information

Security of all information is of the utmost importance for Extreme Reach. We use technical and physical safeguards to protect the security of your personal information from unauthorized disclosure. We also make all attempts to ensure that only necessary people and third parties have access to personal and confidential information.

We require that our third party service providers (1) use confidential information only to perform their obligations, and (2) otherwise maintain the confidentiality of such information. These third party service providers and channel partners are contractually obligated to maintain privacy and security protections that are consistent with Extreme Reach’s privacy and information security policies.  When we disclose PII for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that PII confidential and not use it for any purpose except performing the contract.

Transparency and Choice

Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may not have access to all features available through our services. For more information, visit the help page for your web browser.

Extreme Reach participates in the IAB CCPA Compliance Framework and the IAB Europe Transparency & Consent Framework (“TCF”) and complies with its Specifications and Policies. Extreme Reach’s identification number within the TCF is <Vendor ID>.  By participating in these frameworks, we honor privacy requests that are passed to us by participating web and app publishers.

Your Rights

Consumers and End Users have a variety of rights they may exercise with respect to their PII.  While legislation only requires that we honor certain requests from people who live in certain jurisdictions, we allow anyone from anywhere to exercise any of those same rights, and we will not discriminate in any way against anyone for doing so.  

As such, you can exercise the following rights with respect to your PII that we have: (1) access your information, (2) correct or update your information, (3) delete your information, (4) Do Not Sell directive, (5) receive, transfer or port your information to someone else, (6) find out who we’ve disclosed your information to, and (7) unsubscribe or opt-out. To exercise any of these rights, please click here

GDPR

Extreme Reach is committed to protecting your data in compliance with the General Data Protection Regulations (GDPR). Extreme Reach is a processor of data received via our Ad Serving Services. Should you have any issues with how we handle your data, we request that you contact us first so that we can make every effort to address your concerns. You also have the right to lodge a complaint with a local data supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at http://ico.org.uk/concerns/ or telephone: +44303-123-1113.

For further information on your rights under GDPR, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

CCPA

If you are a California resident, California law provides you with particular rights regarding our use of your personal information. To learn more about your California privacy rights, visit https://oag.ca.gov/privacy/privacy-laws. To exercise any such rights, please click the link above within the “Your Rights” section.

International Data Transfers

We receive data from End Users wherever they view ads we serve globally. We store and process data in the United States, Canada and the UK, depending on customer and End User location. Data accessed by customers internationally may be transferred by such customers.

Privacy Shield Compliance

Extreme Reach complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Extreme Reach has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In compliance with the Privacy Shield Principles, Extreme Reach commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Extreme Reach at [email protected].

Extreme Reach has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.

Extreme Reach is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to its use of your data. Under certain conditions, you may have the right to invoke binding arbitration regarding your privacy rights. If Extreme Reach wrongly transfers your private data to third parties, it may be liable to you for damages.

For more information on how we comply with Privacy Shield, see our Privacy Shield Supplemental Policy.

Children

Extreme Reach recognizes the importance of protecting the privacy and safety of children. Our services are primarily directed towards the advertising industry and are not directed towards children.

We have taken steps to avoid collection of any information from individuals under 13 years of age. During the onboarding process, web publishers notify Extreme Reach of any COPPA (Children’s Online Privacy Protection Act Compliance) compliant sites or properties, and we flag those so as not to track or store any cookie-level data.

Consumers may also take the extra precautions by exercising various rights by clicking the link above in the Your Rights section.

Data Retention

We retain PII collected via our Ad Serving Services for no more than two (2) years.

Changes to This Policy

Extreme Reach reserves the right to change, modify, add or remove portions of this Privacy Policy at any time without notice (except when legally obligated to provide notice). Any changes to this Privacy Policy will become effective when we post the revised version on our website.

Contact Information

You can contact [email protected] or 1-800-324-5672 if you have questions about this privacy policy, or for requests related to your privacy rights.

Last updated: April  14, 2021 to provide more information about your rights.