Privacy and The Trade Desk Platform
Adbrain is now a part of the Trade Desk Platform.
Last updated: 04 October 2018
The Trade Desk offers what is known in the industry as a Demand Side Platform (DSP). In simple terms this means we provide technology that helps advertisers and their advertising agencies manage digital advertising campaigns across many channels, such as websites, apps, audio, smart tvs, and other video. The ads our clients buy help pay for the content you enjoy.
We, and our clients, collect and use data both to help ensure that the ads you see are relevant and to measure and report on their effectiveness .
Our AdBrain product, which is part of our Platform, uses data to produce a mapping of devices that might be related to each other, meaning that they might be used by the same person or by people in the same household. This helps advertisers better target and measure their campaigns, as well as to try to limit the number of times the same person or household sees an ad.
Data that is in our Platform is pseudonymous, which means that it does not directly identify people. So, our Platform doesn’t have names, email addresses, phone numbers, or the like, and we prohibit clients and partners from putting that kind of data into our Platform. Our clients and partners may, outside of our Platform, have access to information that directly identifies you, and they may combine that information with information that they collected from our Platform, but if they do, that data is governed by their legal requirements, privacy policies, contracts, or other terms that they have in place.
By the term “Platform”, we mean The Trade Desk’s own advertising technology platform and systems.Our references to our Platform do not include the technology or systems of clients or partners that use, or integrate with us. They are bound by our policies when they use our Platform..
The Trade Desk follows the industry self-regulatory guidelines of the Network Advertising Initiative (http://www.networkadvertising.org), the Digital Advertising Alliance (http://aboutads.info), the Digital Advertising Alliance of Canada (https://youradchoices.ca), and the European Digital Advertising Alliance ( http://youronlinechoices.com).
The Trade Desk also implements and adheres to the policies of the IAB EU Transparency & Consent Framework as part of our compliance with EU data protection law. See http://advertisingconsent.eu for more information.
If you want to go directly to our Data Access and Opt Out Page to view personal data that is associated with your browser and/or device on our Platform or to use our cookie-based opt out, please visit http://www.adsrvr.org.
At A Glance
Read the table for a quick overview. See below the table for detailed information.
Who we are:
The Trade Desk, Inc.
Global and US Privacy Office
Global Data Protection Officer (DPO)
What we do:
Advertising technology platform for managing digital advertising campaigns.
The data our Platform collects and processes:
Pseudonymous data such as:
How the Platform collects data:
Some of the ways the Platform collects data include:
The purposes for which the Platform processes data:
The Platform processes data both on our behalf and on behalf of clients and partners for advertising purposes such as:
Sharing and transfer:
We share data with other parties such as:
In addition, a lot of the data collected on the Platform belongs to our clients and partners. They, of course, are able to remove such data from the Platform.
We may transfer data from the country of origin to the US or other countries. We do so under a valid legal framework, such as Privacy Shield.
Security and Data Retention:
We maintain generally accepted security methods to protect data on the Platform.
We retain pseudonymous data up to 18 months before we aggregate it.
Your rights and choices:
You have rights and choices with respect to the personal data on the Platform.
Below, we explain in detail the type of data we collect, how we collect it, how we use it, and how we disclose it, as well as the choices available to you. Please keep in mind that the digital advertising industry is extremely complex, so we can’t present every technical detail. If, after reading this policy, you still have questions, please feel free to contact us at email@example.com.
The Platform allows advertisers and advertising agencies to manage digital advertising campaigns. It is a Demand Side Platform because we represent the demand side of the digital advertising marketplace, in which advertisers and agencies with ads to display are the “demand” and publishers with space for such ads on web pages, apps, smart TVs and other properties are the “supply”.
Digital advertising uses data to make ads more effective and to measure their effectiveness. Without data we wouldn’t know, for example, if 100 different users each saw an ad, or if one user saw the same ad 100 times. This data is crucial to online and mobile content. Without data like this, advertisers would pay publishers much less, forcing publishers to either show more ads or make users pay for their content.
Advertisers and their agencies collect and use data on the Platform in different ways. They bring their own data to the Platform. They collect data using the Platform. And they can remove their data from the Platform. We contractually prohibit them from bringing or collecting data that directly identifies individuals, such as names, email addresses, phone numbers, and the like. Instead, data on the Platform is what we call pseudonymous, as described further below.
The Platform collects and processes pseudonymous – i.e. not directly identifying – data about users, devices, and ads and where they’re shown. This includes:
- unique cookie identifiers
- mobile device advertising identifiers
- IP addresses
- interest information stored and/or used on the platform by clients and partners
- interest information we create
- other information about browsers and devices, such as type, version and settings
- location information based on IP address or latitude/longitude coordinates, if provided to us
- information about ads that are shown, such as which ads are shown to a device or user, where (which web page or app) they are shown, and at what time
The Platform receives data in several ways, including the following:
- Bid requests, which are sets of information that describe an ad space that is available to be filled. We get these requests from the “supply” side of the advertising ecosystem, meaning websites, apps, smart televisions, and others, as well as their agents. The requests contain information about the ad space, the device, and sometimes the user. They also usually have an ID that enables us to match the request with information we may already have.
- Pixels and cookies, which allow us to recognize web browsers across sites and over time, and therefore to record information about them over time.
- Mobile SDKs are bits of code that some of our partners enable to be placed in mobile apps. This enables our partners to send us data about the mobile app and device in association with the mobile device ID.
Our cookie domain is adsrvr.org. Cookies help us by enabling us to distinguish between, recognize, and store data about unique web browsers and devices, and to store data on our servers for the advertising purposes described here. We also use non-unique cookies to store cookie-based opt-out choices, when users opt out.
In order to be able to transmit requests for ads, and other data about users or devices, between sellers and buyers, and to help show you ads that match your likely interests, we engage in cookie syncing, meaning that we match our cookie IDs to clients’ and partners’ cookie IDs.
The Platform processes data both on our own behalf and on behalf of clients and partners for purposes related to the targeting, delivering, and measuring of and reporting on advertising.
- Personalizing ads makes sure they are relevant and effective.
- Delivering ads includes, for example, making sure the ad gets shown, keeping track of how many times it’s shown, as well as where and when.
- Measurement and analytics includes tracking how well ads perform, such as whether users clicked or went to a client’s store after their ad campaign was shown.
- Reporting on ad campaigns includes compilations of measurement, attribution, and other data to report on the performance and success of campaigns, as well as transaction reporting and verification.
- Clicks and conversions measure actions taken by a user with respect to a particular ad, i.e., a click on an ad, or a download of an app.
- Attribution means attributing particular ad views to actions by a user. For example, a car advertiser might be able to see that someone who saw an ad for a car four times, purchased that car. This would be done by stitching together data collected from our Platform with the advertiser’s own data and data from other companies. When this is done, we don’t get any data that directly identifies the purchaser of the car.
- Cross device graphing uses algorithms to associate devices that might be related to each other, such as devices used by the same person or in the same household.
- Malicious or invalid activity can be a problem for companies and users. We process information to try to identify and prevent, for example, purveyors of malware or bots that try to take advertising dollars for ads that aren’t shown to real users or that try to harm users’ devices.
Sometimes, as part of our Platform, we create and use user profiles associated with unique IDs. This means that we look at the information associated with the IDs, and with the requests for ads, such as the content in which the ad is shown, the time, the geographic location, and the type of device. Sometimes we also use information about whether or how users responded to ads to find other users who would respond to ads. We apply various computational methods on this information to find groupings of IDs that may have certain interests or characteristics, such as “clothing,” “sports,” “travel,” “male,” “25-54,” and so on. Our Platform also enables data suppliers to bring data to the Platform that our clients can use on the Platform to improve their ad campaigns.
Clients can bring their own data to the Platform for their own personalisation. Their sources and methods for acquiring this data vary, and are subject to our clients’ own policies and legal obligations, but we do contractually prohibit certain types of data from being introduced onto the Platform, such as directly identifying data or sensitive data.
As required under the NAI Code, The Trade Desk discloses standard interest segments that are based on health related information or interests that it makes available in the Platform where permitted by law and self-regulatory rules.
We do not collect or use, nor do we contractually allow on our Platform, data that would be considered sensitive. We also do not contractually permit data from or about users that we know, or a client knows, are children.
Under the definitions of “Controller” and “Processor” in EU law, we are in some cases a Controller of data and in some cases a Processor. We are a Controller, for example, over our personalised user interest segments that we create when we have appropriate permissions.
When we collect data for personalisation from requests for ads that we receive as described above, under EU law, we will ensure that we have data subject consent to do so.
We process data for other purposes when we have a legitimate interest in doing so and that interest is not outweighed by the rights or freedoms of individual data subjects.
We share data with other parties in some circumstances
- Some of the data processed on the Platform belongs to our clients. When this is the case, our clients can take this data, such as records of advertising impressions, off of the Platform.
- We share pseudonymous IDs that we think might be related to other pseudonymous IDs with clients and partners that use our AdBrain product.
- Some of our clients and partners receive ad request data through the Platform for advertising purposes.
We transfer personal data to countries other than the country in which it was collected. We do so under a valid legal framework, such as a Privacy Shield.
We transfer data from the EU or Switzerland to the US under our Privacy Shield certification [link: https://www.privacyshield.gov/participant?id=a2zt0000000TNT1AAO&status=Active]. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
Under the Privacy Shield, we commit to resolve complaints about our collection or use of your personal data. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at firstname.lastname@example.org or at the address listed in the “Contact” section of this Policy. If you have unresolved privacy or data use concerns that we have not addressed satisfactorily, please contact our U.S. based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions specified by the Privacy Shield Principles, you may also be able to invoke binding arbitration to resolve your complaint. Please click here for more information or to submit a complaint.
We retain the pseudonymous data collected on our Platform for up to 18 months. After 18 months (often sooner) the data is aggregated and stored for up to 3 additional years. This retention policy does not apply to client or partner data.
We have implemented security measures, including physical, electronic and administrative safeguards, to prevent the unauthorized access to, loss, misuse, or alteration of the information that our Platform collects. We believe these measures are appropriate given the nature of the data and our systems, but we make no assurances in this policy about our ability to prevent any such event or the possible harm to you or any third party that could arise from it.
Access: You are able to view personal data that is associated with your device on our Platform.
Opt out: You are able you to opt out using our cookie-based opt out for web browsers or with instructions for opt outing out other devices
Deletion: When you opt out, we will delete any data we have associated with your device or disassociate it from your device.
Go to our Data Access and Opt Out Page to view personal data that is associated with your browser and/or device on our Platform or to use our cookie-based opt out:
We may revise this policy at any time. However, if we make material changes, we will not apply them retroactively.
You may contact us regarding privacy.
The Trade Desk, Inc.
Global and US Privacy Office
2 Park Avenue, 5th Floor
New York, NY 10016
The UK Trade Desk Ltd.
20 Farringdon Rd
London EC1M 3HE
Global Data Protection Officer (DPO)
The Trade Desk, Global Privacy Office
2 Park Avenue, 5th Floor
New York, NY 10016
If you have a concern regarding our privacy practices, please contact us via the contacts above. If after reasonable efforts you believe your concern has not been satisfactorily addressed by us:
- In the US, our privacy practices are regulated by the Federal Trade Commission.
- In the EU or Switzerland, for concerns that pertain to the transfer of data from the EU or Switzerland under the EU-US or Swiss-US Privacy Shield Frameworks, please contact our U.S. based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
- Otherwise, in the EU, we recommend you contact the Information Commissioner’s Office (ICO) of the United Kingdom.