OpenX Website Privacy Policy

1. What does this Policy cover?

This Policy describes how OpenX (“OpenX“, “we“, “us” or “our“) processes your personal data. It applies only to visitors to the OpenX website.

This Policy describes the choices or rights you may have with respect to our processing of your data, including a right you may have to object to some of the processing that OpenX carries out. More information about your choices and rights, and how to exercise them, is set out in the “Your choices and rights” section.

The data processing described in this Policy may be limited as required by applicable law, including the General Data Protection Regulation (“GDPR”) the California Consumer Privacy Act (“CCPA”), and other federal or state laws, to the extent those laws apply to you.

We encourage you to read this whole Privacy Policy, because it provides important information about how we may process your data, and the choices or rights you may have with respect to our processing of your data.

If you would like to know how we process personal data in the context of the OpenX Ad Exchange, please view our Ad Exchange Privacy Policy for more information.

2. What personal data do we collect?

We collect certain information through our website when you choose to provide it (for example, when you create an account with us or contact us using a website form), such as:

• Information to identify you, such as your name, surname, contact details (email address and phone number), company name, job title, reason why you contact us;
• Information necessary to establish and access your OpenX Community account, such as your username and password;
• Your marketing preferences, including any consents you have given us; and
• The content of communications you send us.

We also collect certain information automatically including:

• Unique online identifiers (e.g., IP address, cookies, mobile advertising identifiers such as Apple IDFA and Android Advertising ID);
• Browser information (e.g., browser type, version, or language);
• Device information (e.g., screen dimensions, device brand, and model);
• Internet service information (e.g., Internet Service Provider used by you);
• Derived location data (as derived from IP address or GPS (for mobile)).

Additionally, we may obtain certain information about you from our partners as part of our Ad Exchange activities. For more information about how we may obtain and use such information, please see our Ad Exchange Privacy Policy.

3. Why do we collect, use, and store this personal data?

We collect, use and store your personal data under the legal bases set out below.

To fulfil a contract, or take steps linked to a contract, that we have with you. This includes:

• Communicating with you; and
• Providing customer service.

As required to conduct our business and pursue our legitimate interests. This includes:

• To provide the OpenX products and services you have requested, and respond to any comments or complaints you may send us;
• To monitor use of our website and use this information to improve and protect our services;
• To personalize our services for you;
• To confirm your identity when making payments in order to prevent fraud or detect and prevent any other malicious, fraudulent, invalid, or illegal activity, if applicable;
• To investigate any complaints received from you, or from others, about our website, products, or services;
• To ensure data are securely transmitted and processed;
• To ensure correct and efficient operation of systems and processes, including monitoring and enhancing the performance of systems and processes;
• To manage legal claims or compliance, regulatory and investigative processes as necessary (including disclosure of such information in connection with legal processes or litigation); and
• To invite you to take part in market research.

Where you give us consent or we are otherwise permitted to process your data after we give you notice of our processing. For example:

• We may send you direct marketing (e.g., quarterly newsletters or our regular emails that highlight relevant services we offer), which may be sent directly from us or via third party service providers;
• We may place cookies on your device. To learn more about the categories of cookies that we use please review our Cookie Policy.
• On other occasions where we ask you for consent or provide you with notice of processing, we will use the data for the purpose which we explain at that time.

Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. Additionally, please note that withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have the right to opt-out of direct marketing at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below.

Because we are compelled to do so by law:

• In response to requests by government or law enforcement authorities conducting an investigation.

4. How and to whom do we share your personal data?

We will disclose personal data to third parties only as described in this Privacy Policy, including:

• With your express permission;
• With other entities in the OpenX group for business purposes, such as making sure that questions or comments submitted via our “Contact Us” form are addressed appropriately;
• To our advisers (or the advisers of potential purchasers or new owners) in the event that we, or some or all of our affiliated entities or assets, are merged, sold, transferred (including in bankruptcy), or otherwise subject to a material corporate change;
• Where we believe it is necessary to protect OpenX or our users, enforce our terms or the legal rights of OpenX or others, or comply with a request from governmental authorities, legal processes, or other legal obligations; and
• Where we contract with third parties to provide certain services under our instruction, including service providers managing distribution of our marketing content, data analytics, web hosting, web development, and our website operation or cloud computing services (“Vendors”). We ask Vendors to confirm that their privacy and security practices are consistent with ours, provide them with information only to the extent necessary to perform the services we request, and prohibit them from using such information for any other purposes. A list of these service providers is available here.

OpenX may offer online resources that facilitate discussion amongst our customers and other third parties. Whenever you voluntarily post information to any public forum we operate, please be aware that such information (along with your username) is accessible to other users of the forum, including members of the public if the forum is open to the public.

International Transfers

OpenX complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. OpenX has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. OpenX has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the applicable Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit the Data Privacy Framework website.

The Federal Trade Commission has jurisdiction over OpenX’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) here.

Under certain conditions, more fully described on the DPF website here, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. In cases of onward transfer to third parties, OpenX is generally liable for the acts of the third party that are in violation of the DPF Principles.

In parallel to adhering to Data Privacy Framework, in the event that personal data collected from a UK or EEA data subject is transferred outside of the UK or the EEA to an organization in a country which is not subject to an adequacy decision by the EU Commission or considered adequate as determined by applicable data protection laws, we take additional steps to ensure your personal data is adequately protected (e.g., by way of EU Commission-approved Standard Contractual Clauses or by relying on other data transfer mechanisms approved under applicable data protection laws). We are also committed to conducting data transfer impact assessments and adopting any supplementary measures required to mitigate any risks to you identified in such an assessment. A copy of the relevant mechanism can be obtained for your review on request by contacting us using the details set out below.

5. How do we use cookies?

On our website, we use cookies to collect information about your online activity. Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify your browser on each page. To learn more about the categories of cookies that we use please review our Cookie Policy.

6. What choices and rights do you have with respect to the data we process?

For information on your choices and rights with respect to the data we process, please refer to Section 7 of our Ad Exchange Privacy Policy.

7. How long do we retain your personal data?

Where we process account data collected via our website, we generally retain it for as long as you are an active customer of OpenX. Where we process personal data in connection with performing a contract with you or your organization, we keep the data for so long as the contract remains in force and for a certain period after its expiration; this period depends on the applicable claims’ limitation periods and may vary between jurisdictions. We encourage you to contact us here to obtain more specific information on how long we may retain your personal data.

Where we collect certain information about you or your device automatically, we retain this information for various periods, depending on the lifespan of the specific cookie that facilitated collection. Please contact us here to know more about the lifespan of cookies that we use on our website.

Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your request). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.

8. What if we update this privacy policy?

We reserve the right to update this Privacy Policy at any time. If we do so, we will post the updated policy here and update the effective date.. We may also notify you in other ways from time to time about the processing of your personal information.

9. How can you contact us?

If you have questions about this Privacy Policy or wish to contact us for any reason in relation to our personal data processing, please contact us here.

You can also reach us at:
OpenX Technologies Inc.
Attention: Legal Department
177 E. Colorado Blvd., #3039, Pasadena, CA 91105
United States

You may also contact our data protection officer at dpo@openx.com or by calling us at (855) 231-3834.