Privacy Policy

Our Digital Advertising Privacy Policy’s Purpose

(Last Updated 12 April 2018)

This policy applies as of 25th May 2018. To view our current/previous policy click here

Our aim is to provide clear, transparent information to consumers, clients and business partners about how we process personal data for EU citizens as part our digital advertising services.

This Policy may be updated from time to time and should be checked regularly.

To view our privacy policy for this website click here

What does it cover?

Our policy covers

Applicability

Whilst this policy provides an overview of how we provide services across our Group the context is specifically written for EU based consumers. The specific details provided relates to information belonging to EU citizens. For individual local privacy policies please select from our locations above.

What we do and why we need data

Optimise provides digital advertising services and technology to a large number of well-known Brands (banks, retailers, travel agents, etc.) and online Publishers. We operate in two main areas; Digital Advertising and Customer Reward Fulfilment.

Our Digital Advertising services include:

  • Affiliate Marketing – this is where Advertisers pay Publishers an advertising fee only if the online users that they refer to Advertiser sites go on to purchase a product, apply for a policy or some other concrete outcome.
  • Display and Interest-Based Advertising – this is where Advertisers pay publishers to raise awareness of their brand by displaying their online Adverts to consumers. This can often involve showing relevant adverts to specific audiences based on their past browsing interests (e.g. those interested in soccer, holidays or any other specific category). Browsing interests are determined using pseudonymous data – i.e. unique data that is treated and processed to ensure it will not identify a specific person. This data is collected using cookies and online identifiers.

Our technology allows Advertisers to measure their digital advertising campaigns and pay Publishers according to results, such as how many people viewed an advert or how many clicks or sales were generated from an advert.

Our Customer Rewards Fulfilment product is used by companies to send vouchers and other rewards to their customers. Much of this happens online (some of it by post) and our technology allows us to capture customer details, send them vouchers and rewards and then measure whether or not the reward was claimed. Our technology also allows us to measure if a user bought a product or subscribed to a service, which means our Advertisers can incentivise and reward new customers for specific outcomes.

To fulfil our services we sometimes need to process our clients’ customers’ personal data including names, email addresses, postcodes and sometimes bank details. We also need to process online identifiers, such as cookies and IP addresses to measure outcomes. These online identifiers are typically numeric strings and classified as pseudonymous data (a sub category of personal data under data protection regulations) which allow individuals to be singled out online without knowing their actual identity (i.e. their name, address etc.).

In most situations Optimise is operating as a “Data Processor” whereby we only process personal data according to the instructions of the “Data Controller” (i.e. our Advertising Clients and online Publisher Partners).

When and if we process data purely for our own purposes we operate as a Data Controller.

Whether acting as a Data Controller or a Data Processor we always take our responsibilities seriously ensuring that we follow the law, meet our obligations to the Data Subject and process personal data in a secure manner.

Please see further information in the sections below including greater technical detail and how to get in touch is you have a question or complaint.

How we obtain personal data?

We obtain different types of personal data depending on the client and the service we are providing.

In summary, we receive personal data by one of the following means:

  1. People input their details on our clients’ websites and online forms which is then submitted into our secure systems in order that we can process it according to our clients’ instructions.
  2. It is sent to us by our clients/partners in order that we can process it according to their instructions.
  3. Via online identifiers (cookie numeric references etc.) which are recorded in our systems when people clicking on our clients’ advertising campaign banners and links, which have been displayed on publisher web sites.
  4. Via online identifiers (e.g. cookie numeric references etc.) which are recorded in our systems when people visit our clients’/partners’ websites using our technology.

How we use personal data

Typically, when we use personal data we do so on the instruction of our clients who have to ensure that they are legally allowed to share the data with us. If we process personal data for our own purposes, then we will always make sure we have the legal basis to do so. Typically, the legal basis to process personal data will be stated in customer terms and conditions or in privacy policies or people will have provided their consent by ticking an online consent box, for example.

In summary we process personal data to:

  1. Send communications to our clients’ customers including by email and through the post. For this we collect names, email address and postal addresses.
  2. Fulfil Rewards, Vouchers and Payments to our clients’ customers. For this this we collect names, email address and sometimes postal addresses and bank details.
  3. Verify claims for cashback or other forms of incentive made by our clients’ customers. For this we process names, email address, postal addresses along with “proof of purchase” data such as purchase or policy references which is needed to check that claims are genuine.
  4. Measure and report on the performance of our clients’ and publishers’ online advertising campaigns. For this we process online identifiers including cookie references, IP addresses and device IDs.
  5. Measure and report on what products have been purchased through the online advertising campaigns that we manage for our clients. For this we process product purchase details such as what was purchased and how much it cost.
  6. Capture leads on behalf of our clients through our network of publisher partners. Typically, this involves users submitting their details on online forms to express an interest in a product or service. The data submitted is passed on to our clients who get in touch with the user.
  7. Serve relevant, interest-based adverts to consumers. For this we process online identifiers including cookies references, IP addresses and device IDs as well as information about user browsing content and subject matter.
  8. Serve relevant adverts based on location. For this we process an IP address.
  9. To detect suspicious or fraudulent activity through our clients’ advertising campaigns and also to protect our systems against malicious attacks (DDOS attacks). For this we process online identifiers such as IP addresses.

Sharing personal data with third parties

Online identifiers such as cookie IDs and browsing behaviours data that we have collected via our digital advertising technology will only be shared with third parties if we have a legal right to do so.

We generally rely on our publishers and advertisers to determine the legal basis for capturing data which might include obtaining consent from users on their websites. The legal basis may also be based on a contractual arrangement or because the Data Controller has a Legitimate Interest to process the data based on their particular business circumstances including their relationship with the consumer and the nature of the data and processing activity.

When we process personal data such as names, email addresses or any other customer data on behalf of our clients and publishers (Data Controllers) we will only share this with third parties if we are instructed to do so by the Data Controller. If we receive personal data directly from an individual we will seek permission or ensure we have an appropriate legal right before sharing it with a third party.

Optimise technology is hosted with AWS (Amazon Web Services). Whilst technically AWS are a data processor, we do not allow them to access our company data. We only use their services for their online hosting and storage processes knowing that they provide world class security and privacy infrastructure.

We also partner with other third-party technology suppliers for some of our advertising campaigns including:

Supplier Processing Purpose
Amazon Web Services https://aws.amazon.com/ Hosting of Optimise server infrastructure and storage of data
Leadbyte www.leadbyte.co.uk Storing and transmission of lead data submitted by online users on some advertising campaigns.
Response Tap https://www.responsetap.com/ Telephone call-length duration measurement for “call” advertising campaigns.
Sparc Media https://www.sparcmedia.com/ Technology provider used for administering Interest Based Advertising Campaigns

 

In addition we also process and share data with our Advertiser clients (these are the Data Controllers / brands that users click through to from online adverts and links). Some of our Advertising clients appoint third-party suppliers such as Advertising and Media Agencies to provide additional  services. Optimise may share the data that we process with these parties if instructed to do so by our Advertising clients (who will be acting as Data Controllers). Agencies include (and are not limited to):

  • GroupM (and its group of companies including Msix, Mediacom and Mindshare)

Whenever data is shared we ensure that we use appropriate security and privacy controls such as hashing and encryption. We also make sure that we only share with third-parties who have appropriate security controls.

Data subject’s “rights”

Many national data protection laws provide data subjects (the individuals that the personal data relates to) with a set of specific rights. Where European and UK laws are concerned these include the right to be informed, to access and to object to processing of personal data. You can see the full list of rights under UK laws here. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/)

To exercise any of these rights you should contact the relevant Data Controller – usually the business that you have provided your personal data to. If you get in touch with Optimise we will need to verify your identity before we can help. We will assist with all requests but may charge an administration fee, which we would make you aware of in advance.

To get in touch with our UK Data Protection Officer please contact DPOUK@optimisemedia.com

Contact information for other countries can be found on the relevant local websites. See here https://www.optimisemedia.com/about-us/contact-us/.

Data from children

We do not knowingly collect personal data from children (under 13). If you have reason to believe that we have please get in touch and we will delete it.

Data Retention – How long we keep personal data for

We only use the personal data that is required for the specific processing purpose. For example, if we do not specifically require your name and address then we will not collect and process those items.

Once we know that we no longer require the data we will then delete or anonymise it.

Our data retention policies and processes vary based on the specific client and processing scenarios, but typically include:

  • Cashback user enquiry data such as names, addresses and purchase references are deleted 15 months after the query has been resolved.
  • Email and personal address data collected from users that register as part of our Reward and Voucher fulfilment service is retained for different periods of time to reflect how it is processed;
    • Personal registration data submitted by users is deleted 12-15 months if no reward was sent to a user. If a reward was sent to a user we keep the data in secure archive storage for 7 years for taxation audit purposes but remove from our marketing systems after 27 months.
    • Enquiries that we receive or about our Rewards and Vouchers fulfilment services are deleted after 24 months.
  • IP addresses and device IDs – for our Affiliate Marketing advertising campaigns are encrypted and pseudonymised as soon as we receive them.
  • Optimise cookies are typically deleted from user devices after 30-60 days
  • Unique online identifiers (e.g. cookie IDs) which we process for measuring advertising campaigns are deleted from our systems after 6 months. (See technical information relating to cookies below).

Data Protection and Security

We implement reasonable security measures to protect the information in our care, both during transmission and once we receive it. This includes, but is not limited to, the use of firewalls and encryption. It should be noted that no method of transmission over the Internet, or method of electronic storage is 100% secure. Therefore, while we strive to use appropriate means to protect your information, we cannot guarantee its absolute security.

Our business also uses appropriate data protection processes and policies to ensure that our products are developed with privacy in mind and that our staff are informed of our procedures and obligations to act responsibly.

Use of cookies and online identifiers

Just as cookies and similar online identifier technologies play a crucial part in making websites function correctly (shopping, logging in to banks etc.) they are also very important to digital advertising. Without them there is no effective means to show users adverts that are relevant to their interests. It would also often be impossible for businesses to measure the effectiveness of advertising campaigns and the budgets that are spent on them.

You can read more about cookies here: www.allaboutcookies.org

Optimise use a number of cookies and online identifiers to ensure our advertising campaigns and business services function properly and can be measured on devices (computers, mobiles, tablets etc.) including:

  • Session cookies which expire and are deleted when you close your browser. They include pseudonymous or completely anonymous references which allow us to understand whether a user made a purchase straight after clicking on one of our advertiser’s links.
  • Persistent cookies which are set to remain on your computer for a set period of time. They use pseudonymous or completely anonymous references and allow us to understand if a user came back to make a purchase having previously clicked on one of our advertisers’ links. They also allow us to join data together over a period of time (6 months) to understand which advertising campaigns have contributed to or led to subsequent outcomes (e.g. clicks and sales). These cookies generally last between 30-60 days.
  • IP addresses are used to help us match outcomes (clicks and sales, for example) to specific advertising campaigns. We also use IP addresses for fraud detection purposes. Optimise encrypt and hash (scramble the digits) these IDs and pseudonymous references as a measure to minimise the personal data we hold.
  • Device IDs, (which are set by your device manufacturer) and include IFA, are GoogleAID, Windows AdvertisingID used understand whether a user clicked on an advert or made a purchase on our mobile app advertising campaigns. These pseudonymous IDs are hashed on import and deleted after 6 months. Opt out is possible in settings
  • Interest-based cookies, which collect browsing data from the Advertiser and Publisher websites which use our Display and Interest-Based Advertising services. The data allows interest-based adverts to be displayed to users. We do not used interest-based cookies on campaigns unless we have permission from our partners and any appropriate consents from the online users. Most of our affiliate marketing campaigns (see above) do not use interest-based cookies and will only do so if this has been agreed and appropriate measures are in place (including getting consent, if applicable).

 

Cookie Tables (detailed technical information regarding our individual cookies)

The tables below detail the cookies that are used in connection with the Optimise services outlined in this privacy policy. For practicality we have arranged our cookie information to reflect the service that we provide (Affiliate Marketing, Customer Rewards Fulfilment and Display and Interest-Based Advertising)

  1. Optimise Affiliate Marketing and Customer Rewards Fulfilment Cookies
    The following cookies are set by and belong to Optimise and are used for measuring the outcomes (e.g. whether a click or sale was generated for our customers) of Affiliate and Customer Rewards Fulfilment campaigns and providing aggregated campaign reports and insights.

 

Cookie Name Purpose Cookie (technical name) Cookie Domain Type Cookie Contents Privacy Measures
Optimise Attribution To provide a means to attribute an outcome (e.g. sale or quote) generated from advertising campaigns to a specific Affiliate. OMG-{MID} track.omguk.comtrack.omgpl.com
track.in.omgpm.com
track.affiliserve.com
1st party Anonymous references:
AID, UID, UID2, UID3, UID4, UID5, DateTime, VCountMapPseudonymous references:
SSKey
Pseudonymous references:

Deleted with cookie after 30-60 days.

Deleted from systems after 6 months (or 1-2 years if required for validation purposes).

Cookie opt outs are stated below

OMGSession Provides affiliate campaign measurement data for individual user sessions. OMGSession track.omguk.comtrack.omgpl.com
track.in.omgpm.com
track.affiliserve.com
1st party Pseudonymous reference:
SessionID
Pseudonymous references:

Deleted with cookie after 30-60 days.

Deleted from systems after 6 months

Cookie opt outs are stated below

OMGID Enables measurement and analytics data of performance marketing campaigns across the Optimise Advertiser and Publisher network OMGID track.omguk.comtrack.omgpl.com
track.in.omgpm.com
track.affiliserve.com
1st party Pseudonymous reference:
UUserID
Pseudonymous references:

Deleted with cookie after 30-60 days.

Deleted from systems after 6 months.

Cookie opt outs are stated below

Advertiser Attribution Cookie (optional) Read by the Optimise conversion tag to provide a backup means to attribute a sale to a specific Affiliate. OMG-{MID} Advertiser Domain 1st party Pseudonymous reference:
SSKEY
Pseudonymous references:

Deleted with cookie after 30-60 days.

Deleted from systems after 6 months (or 1-2 years if required for validation purposes).

Cookie opt outs are stated below

 

  1. Optimise Display and Interest-Based Advertising Cookies

These cookies are only used where clients are using our Interest-Based Advertising services. Affiliate Marketing and Reward Fulfilment services do not use these cookies.

In order to serve interest-based campaigns Optimise has partnered with SparcMedia to who administer ad serving campaigns using Lotame.com. The following cookies are used:

Cookie Name  Cookie Domain  Purpose  Privacy
 Lotame  crwdcntrl.net Lotame collects online data via the use of Lotame tags, cookies and other technologies. This allows Lotame to collect anonymous information from websites and mobile applications Opt outs can be found here

 

Third Party Cookies and Opt outs
Our technology integrates with a number of the third-party solution providers used by the advertisers we work with in order to measure the effectiveness of their online campaigns. Optimise does not share data with these companies although by clicking on our Advertisers links their cookies may be placed on users’ devices and provide our advertisers with data to help them measure their advertising campaigns.

If you would like more information about the cookies and data used by these suppliers, as well as information on how to opt-out, please see their individual privacy policies listed below

Name Privacy and Opt Out
(to find out more about opting out of these cookies click the links below)
Google DoubleClick https://www.google.com/policies/technologies/ads/
Microsoft http://choice.live.com/advertisementchoice/
Conversant (MediaPlex) https://optout.conversantmedia.com/
Google Analytics https://www.google.com/intl/en/policies/privacy/
Atlas https://atlassolutions.com/privacy-policy/about-our-ads/
Ensighten https://www.ensighten.com/privacy-policy/
Google Tag Manager https://www.google.com/intl/en/policies/privacy/
Signal Bright Tag https://www.signal.co/privacy-policy/
Tealium https://tealium.com/cookie-policy/
Adobe analytics https://www.adobe.com/uk/privacy/opt-out.html
Appsflyer https://www.appsflyer.com/optout
Tune https://optoutmobile.com/
Apsalar https://apsalar.com/privacy-policy/
Adjust https://www.adjust.com/opt-out/
Kochava https://www.kochava.com/support/privacy/

How to opt-out of Optimise cookies

The Advertisers and Publishers that use Optimise cookies should provide consumers with the ability to opt out unless they have your agreement not to. Many of them will be using their own technical systems or third-party consent tools/widgets to do this.

Optimise adheres to industry cookie consent best practice and intends to subscribes to the IAB Europe Consent Framework once in place. (see http://advertisingconsent.eu/)

It is also possible to opt out using the links below.

To opt out of Optimise Affiliate Marketing and Customer Rewards Fulfillment Cookies.

To opt-out Click Here.

To opt-in Click Here.

To opt-out of interest based adverts Click Here.

Please be aware that by opting out of cookies this will create a cookie in your browser that identifies that that you have opted out. If you delete that cookie from your browser you will need to opt-out again. In many cases the opt-out cookie will only be set on this browser on the device and browser that you opted out from. If you use another browser or computer you may well need to opt-out again.

You can also control how cookies operate on your device by modifying your browser settings. You will need to ensure that you are running an up to date browser.

  • For Internet Explorer, go to Tools > Internet Options > General > Delete… and follow the instructions.
  • For Firefox click the Menu button > Library > History> Clear your recent history… and follow the instructions.
  • For Chrome, at the top right click > Settings > Advanced > Privacy and Security > Clear browsing data… and follow the instructions.
  • For Edge, at the top right click the … icon > Settings > Choose what to clear and follow the instructions
  • For Safari, Select Preferences from the Safari menu or hold down the Command key and the comma key at the same time (Command+,). Go to the Privacy tab and click the Remove All Website Data button and follow the instructions

More detailed information is provided here www.aboutcookies.org/Default.aspx?page=2

Opting out of Mobile Devices

Mobile web – use the instructions above to clear cookies in a browser on your mobile device and to control how cookies operate in browsers on mobile devices.

Mobile apps – Mobile applications do not use cookies, instead you can reset your device’s Advertiser ID:

iOS – Go to Settings > General > About > Advertising and tap Reset Advertising Identifier

Android –  Complete the following steps

  1. Tap the menu icon to display the apps list.
  2. From the available apps list, locate and tap the Google Settings icon (or search for Google Services in your device’s main setting app
  3. Tap the Ads option from the Google Settings interface.
  4. Once the Ads window comes up, tap Reset advertising ID.

To find out more about Google Android Advertiser IDs, please visit this link: https://privacy.google.com/?hl=en. To find out more about Apple Advertiser IDs, visit this following link: https://www.apple.com/uk/privacy/.

How to complain or ask a question

To get in touch with our Data Protection Officer please contact DPOUK@optimisemedia.com

We will assist with all requests but may charge an administration fee, which we will notify you of in advance.