Product Privacy Policy
Last update 2 July 2024
- HOW WE COLLECT PERSONAL INFORMATION
- PERSONAL INFORMATION WE COLLECT
- HOW WE USE PERSONAL INFORMATION
- HOW WE DISCLOSE PERSONAL INFORMATION
- PRIVACY CHOICES
- IAB’S TRANSPARENCY AND CONSENT FRAMEWORK
- SECURITY
- RETENTION
- U.S. STATE-SPECIFIC NOTICE
- EEA/UK NOTICE
- CHILDREN’S DATA
- THIRD-PARTY LINKS
- CHANGES TO THIS PRIVACY POLICY
- CCPA REPORTING REQUIREMENTS
- CONTACT US
This Product Privacy Policy (“Privacy Policy”) explains how Evorra, Inc. and any affiliates including Evorra Limited (“Evorra”, “we”, “us” and “our”) collects, uses, and discloses personal information in providing the Evorra Services described in the next section. This Privacy Policy does not cover any information we collect or process from our own corporate website or how our corporate customers use our Services. To learn more about our website privacy practices, please visit the Evorra Website Privacy Policy.
About Evorra’s Services
Evorra enables brands and marketing teams to build or monetise compliant and fully addressable audiences at scale across any activation channel. We do this in two parts: First we offer a platform for companies to license their customer information, creating another revenue stream for these data providers (“Data Providers”). This data, along with data we source, can be licensed by brands and marketing teams (our “Clients”) to build addressable audiences and market to individuals across channels.
HOW WE COLLECT PERSONAL INFORMATION
We obtain data from the following sources to provide our Services:
- Data Providers who are looking to monetize their data.
- Our Client’s first party data, including CRM data, website tracking technologies such as cookies, and from apps via software development kits (SDKs).
- Data Evorra sourced, namely information obtained from our own proprietary sources including the Evorra cookie and other similar tracking technologies, directly from individuals including via surveys, and from public resources (the “Evorra Data”).
PERSONAL INFORMATION WE COLLECT
Below, we provide a list of the commonly processed personal information.
- Identifiers. Unique identifiers such as cookie identifiers, device advertising identifiers (mobile advertising IDs), and pseudonymous identifiers derived from email address, phone numbers, or device information such as IP address.
- Demographic Information. Demographic information like age and gender.
- Browsing/Behavioral Information. Online behavioral information from our Data Partners, Clients, or our own proprietary cookies which may be used to determine your interests, such as websites and content viewed; mobile applications used; date and time of visits; frequency of visits; search terms used on a website; purchase and shopping events for retail websites; and browsing events for content websites.
- Location Information. Location information including imprecise location inferred from an IP address and precise geolocation if provided to us by our Data Partners or Clients.
- Analytics. We also collect information on engagement rates, number of leads generated, which campaigns are functioning best, conversion rates, and trends.
HOW WE USE PERSONAL INFORMATION
Subject to the terms of our client agreements, we may use personal information to provide our Services, including:
- To create a data marketplace for our Data Partners to license their data and for our Clients to create audience segments and deliver targeted advertising across channels.
- To aid our Clients in creating advertising audience segments associated with certain interests, behaviors, and attributes (for example, an interest in travel or an interest in sports).
- Matching Client data with Data Partner Data and/or Evorra Data.
- Enriching Data Partner and Client data.
- Generate insights on a given user population.
- Analyzing engagement rates, leads generated, campaign success, conversion rates, and trends.
We may also process your personal information for the following purposes:
- To solicit new customers with advertising and marketing.
- Customer support, including email and chat.
- To improve our Services.
- To comply with our agreements or policies.
- To authenticate, verify or otherwise ensure compliance with Data Partner and Client written instructions or to mitigate the risk of fraud.
- For any legal purpose necessary, including IP protection, or if Evorra is required to process information as a result of a court order or other legal or regulatory proceeding.
- With your consent.
HOW WE DISCLOSE PERSONAL INFORMATION
Our Services provide our Data Partners and Clients with the ability to synchronize certain external software or data applications with Evorra, which may include the transfer of personal information. Some of the types of applications are:
- Advertising services, including services that synchronize or otherwise combine advertising audiences with advertising inventory for programmatic advertising.
- Social media networks, including custom match custom audiences.
- Customer relationship management software, including email service providers.
Subject to client agreements, we may disclose information in order to:
- Protect the legal rights of our company, our employees, our agents, and our affiliates.
- Protect the safety and security of those who access and use our Services.
- Detect and protect against fraud.
- Comply with law or legal process.
- Complete a legal transaction related to the sale of our business or any assets.
Evorra may disclose aggregate or anonymous information for any purpose. This means that the information we share does not identify specific individuals, or is combined with other data to protect your privacy.
PRIVACY CHOICES
You have the right to exercise the following choices with our use of your personal information:
-
- Access. Access the personal information we maintain about you.
- Delete. Delete the personal information we maintain about you.
- Correct. Correct inaccurate personal information we maintain about you
- Opt Out. Opt out of targeted advertising using cookies or other tracking technologies. As described herein, we process data to help our Clients personalize and deliver ads, and for other ads-related purposes, including measurement and reporting. Some of these activities may be considered ‘sales’ or ‘sharing’ of your personal information or using your personal information for purposes of ‘targeted advertising’ each as defined in applicable law. You may opt out of targeted advertising as detailed below. Please note, that you may have to provide certain information, such as your email address, in order for us to honor your opt out. We will only use your email to facilitate your opt out and for no other purposes. We will delete your email address after we have processed your opt out.
- Evorra opt out. You can opt out of cookies via our cookie preferences center by clicking on the ‘Do Not Sell or Share My Personal Information’ link on our website footer. Evorra honors the Global Privacy Control (“GPC”) through the same cookie consent management tool.
- Industry opt out pages. The online advertising industry provides websites from which you may set a third party cookie indicating your desire to opt out of interest-based advertising from the Trade Desk and other companies that participate in industry self-regulatory programs. The US-based opt out pages are www.aboutads.info/choices and www.networkadvertising.org/choices. The European based page is www.youronlinechoices.com. In Canada, use youradchoices.ca/choices.
-
-
- For mobile apps. Most mobile devices provide the ability to set the device’s advertising ID to an opt out value through the device settings. To learn how to use the mobile app opt out, consult your device instructions. To find information on Opting out on Mobile Devices please visit http://www.networkadvertising.org/mobile-choice.
-
- For connected TVs. Many connected TVs and related devices offer a choice mechanism similar to those offered by mobile devices. When received the Trade Desk will honor these signals. To find out more, including device specific instructions, please visit https://www.networkadvertising.org/internet-connected-tv-choices/.
- Our Ad Sync Partners. We disclose your information with certain advertising partners to deliver the Services documented herein. You can opt out of this disclosure as detailed in the table below.
Partner |
Opt Out page |
The Trade Desk |
|
LiveRamp |
|
Lotame |
|
Magnite |
https://www.magnite.com/legal/user-choice-portal/ |
Pubmatic |
https://pubmatic.com/legal/opt-out/ |
Iponweb |
https://www.criteo.com/privacy/ |
Amazon |
https://www.amazon.com/adprefs |
|
https://www.facebook.com/help/1075880512458213 |
|
https://policies.google.com/technologies/ads |
You can exercise these rights by contacting us at privacy@evorra.com or via the choices below.
IAB’S TRANSPARENCY AND CONSENT FRAMEWORK
For European consumers, the Interactive Advertising Bureau Europe has adopted the Transparency Consent Framework (TCF) that enables the advertising ecosystem to capture specific types of consent for advertising purposes. The IAB TCF groups these consents into ‘Stacks’ with consistent purposes. Evorra participates in the IAB TCF and collects and/or associates consents on behalf of its clients with the following purposes:
Purpose 1. Store and/or access information on a device |
When our Pixel tracker is deployed, we install a cookie on your device(s) to recognise you as you come back to a given Web site. |
Stack 8. Personalised ads and ad measurement |
This stack groups p2. Select basic ads, p3. Create a personalised ads profile, p4. Select personalised ads, p7. Measure ad performance. We build and enrich a profile representing your interests. This profile is used to create specific user groups or audience segments. We pass on specific user groups or segments to Demand Side Platforms so they can select and display personalised ads to you. We collect figures so as to measure the quality of these audiences and improve their quality over time. |
p9. Apply market research to generate audience insights |
We offer some marketing insights on the audiences built on the platform. |
p10. Develop and improve products |
We use de-identified data for internal tests and to evolve our products. |
Features
f1. Match and combine offline data sources |
Evorra offers the possibility to combine online data and offline data coming from our providers (for instance CRM data) or coming from 3rd parties for enrichment purposes (for instance weather information associated with a given location). |
f2. Link different devices |
Your profile will capture your interest across all your devices. |
f3. Receive and use automatically-sent device characteristics for identification |
Your device might be distinguished from other devices based on information it automatically sends, such as IP address or browser type. |
SECURITY
We maintain reasonable safeguards to protect against unauthorized access, use, modification, and disclosure of personal information in our custody and control. Despite our efforts, we cannot guarantee that unauthorized access or use will never occur.
RETENTION
We will retain personal information according to the terms of our written agreements and as required by law. Generally, Evorra retains personal information for thirteen (13) months. Evorra may retain non-personal information indefinitely.
U.S. STATE-SPECIFIC NOTICE
Some U.S. states have enacted comprehensive privacy laws. The California Consumer Privacy Act, as amended by the California Privacy Rights Act or “CPRA” (collectively, the “CCPA”), the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”) the Utah Consumer Privacy Act (“UCPA”), the Oregon Consumer Privacy Act (“OCPA”), the Texas Data Privacy and Security Act (“TDPSA”), and the Montana Consumer Data Privacy Act (“MTCDPA”) create additional privacy obligations for businesses and provide their residents with additional privacy rights.
Additional Privacy Rights:
In addition to the rights granted above, if you are a resident of California, Virginia, Colorado, Connecticut, Utah, Oregon, Texas, or Montana, you have the right to:
- Opt out of the ‘sale’ or ‘share’ of your personal information for the purpose of targeted advertising.
- Opt out of profiling.
- Sensitive Personal Information. Residents of Virginia, Colorado, Connecticut, and Oregon have the right to opt in to the collection and use of their sensitive personal information; residents of California and Utah have the right to opt out of the collection and use of sensitive personal information.
You can exercise these rights by emailing us at privacy@evorra.com or via our opt-out webform.
Appeal:
If we deny your privacy request, you may appeal that decision by emailing us at privacy@evorra.com. If you are still unsatisfied with our response, you have the right to file a complaint with your state attorney general.
Controller Designation:
Evorra operates as a ‘Controller’ (and a ‘Business’ under the CCPA).
EEA/UK NOTICE
Residents of the United Kingdom (“UK”) and European Economic Area (“EEA”) are provided certain privacy rights under the UK and EU General Data Protection Regulations (“GDPR”).
Legal Basis:
Under the GDPR, we process ‘Personal Data’ (as defined in the GDPR) under the following legal basis.
Processing Activity |
Legal Basis under GDPR |
Collection and Processing of Customer or Customer Personal Data to maintain and fulfill the Services |
Consent, Contract Fulfillment |
Use of a chatbot on our Platform |
Contract Fulfillment |
Improving our Services |
Legitimate Interest |
Service-Related Communications to Customers |
Legitimate Interest |
Controller Designation:
Under the GDPR, we are designated as a ‘Controller.’
Cross-Border Data Transfers:
Data is stored in the EU, but there may be instances in which data is stored in United States or other countries. As such, if you are a resident of the EEA, UK, or Switzerland, we may transfer to, and store the data we collect about you, to countries other than the country in which the data was originally collected, including the United States. Those countries may not have equivalent data protection laws as the country in which you provided the data. When we transfer your data to other countries, we will protect the data as described in this Privacy Policy and comply with applicable legal requirements providing adequate protection for the transfer of data to countries outside the EEA, UK, and Switzerland. We rely on Standard Contractual Clauses (“SCCs”) for the transfer of personal data to countries that have not received an applicable adequacy decision, as well as the UK’s ‘International Data Transfer Addendum’ to the SCCs.
For more information on cross-border transfers of your Personal Data or the appropriate safeguards in place, please contact us at privacy@evorra.com.
Data Protection Officer:
We have appointed a Data Privacy Director to oversee compliance with this Privacy Notice. If you have any questions about this Privacy Notice or how we handle your Personal Data, or would like to request access to your Personal Data, please contact our Data Protection Officer at DPO@evorra.com.
Additional Rights for UK or European Economic Area Residents:
In addition to the rights granted above, if you are a UK or EEA resident, the GDPR grants you the right to lodge a complaint against us with your local data protection authority. You can find your data protection authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
CHILDREN’S DATA
We do not intentionally collect any personal information from children under the age of 16. If you believe we have obtained personal information associated with children under the age of 16, please contact us at privacy@evorra.com and we will delete it.
THIRD-PARTY LINKS
The Services may contain links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our sites and to read the privacy statements of any other site that collects personally identifiable information.
CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time as we update or expand our Services. If we make material changes, we will post the updated Privacy Policy on this page with a ‘Last Updated’ effective date of the revisions. We encourage you to look for updates and changes to this Privacy Policy by checking this page when you access our Services.
CCPA REPORTING REQUIREMENTS
CCPA Reporting Requirements (for interim reporting period ending June 30, 2024) |
Metric |
Total Volume of Requests to Know Received | 3 |
Number of Requests to Know Fulfilled | 3 |
Number of Requests to Know Denied | 0 |
Median Number of Days to Respond to Requests to Know | 5 |
Mean Number of Days to Respond to Requests to Know | 13 |
Total Volume of Requests to Delete Received | 11 |
Number of Requests to Delete Fulfilled | 10 |
Number of Requests to Delete Denied* | 1 |
ㅤNumber of Requests denied as not being verifiable | 0 |
ㅤNumber of Requests denied that were not made by a consumer | 0 |
ㅤNumber of Requests that called for information exempt from deletion | 0 |
ㅤNumber of requests denied on other grounds | 1 |
Median Number of Days to Respond to Requests to Delete | 14 |
Mean Number of Days to Respond to Requests to Delete | 14 |
Number of requests in which deletion was not required in whole, or in part, under each provision in California Civil Code section 1798.145 or 1798.146. | 0 |
Total Volume of Requests to Limit Use of Sensitive Personal Information Received | 0 |
Number of Requests to Limit Use of Sensitive Personal Information Fulfilled | n/a |
Number of Requests to Limit Use of Sensitive Personal Information Denied* | n/a |
Median Number of Days to Respond to Requests to Limit Use of Sensitive Personal Information | n/a |
Mean Number of Days to Respond to Requests to Limit Use of Sensitive Personal Information | n/a |
Total Volume of Requests to Correction Received | 0 |
Number of Requests to Correction Fulfilled | n/a |
Number of Requests to Correction Denied* | n/a |
Median Number of Days to Respond to Requests to Correction | n/a |
Mean Number of Days to Respond to Requests to Correction | n/a |
Total Volume of Requests to Opt-Out Received | 22 |
Number of Opt-Out Requests Fulfilled** | 30 |
Number of Opt-Out Requests Denied | 0 |
Median Number of Days to Respond to Requests to Opt-Out | 1 |
Mean Number of Days to Respond to Requests to Opt-Out | 2 |
*Denial due to lack of information provided to process the request. | |
**Number of opt-outs fulfilled may exceed to total volume of opt-out requests receive because Evorra adds users who have requested data to be deleted to our opt-out list, even if the user did not specifically ask to be added to Evorra’s opt-out list.
|
CONTACT US
If you have any questions about our privacy or security practices, or if you are an Evorra Customer and would like to request access to or correction of your personal information, you can contact us by email at privacy@evorra.com or at:
Evorra Inc. Privacy Office
1412 Broadway, 21 FL
New York, New York 10018
Evorra Limited
TC Group, King’s House, 6th FL
9-10 Haymarket
London, SW1Y 4BP, United Kingdom