Product Privacy Notice
Effective Date: May 25th, 2018
DoubleVerify, Inc. (“DoubleVerify”) is the industry leader in providing transparency and accountability in online advertising. This Privacy Notice describes our practices in connection with information that we collect through the DoubleVerify products and services. Our accredited technology platform provides an independent, third-party set of measurements about ad impression delivery and website traffic to help advertisers and advertising inventory sellers confirm accurate delivery characteristics, including brand safety, viewability metrics, contextual and environmental parameters (e.g., the website on which an ad appears, and where it appears on the webpage) and ad impression and website traffic quality characteristics, and to help ensure that advertisers and their partners are in compliance with their agreements, as applicable. Additionally, advertisers use information we provide about ad impression opportunities to preemptively decide if they want their creative displayed in the available impression environment. DoubleVerify collects this data about advertising delivery and website traffic on behalf of both advertisers and sellers and shares the information we collect to drive transparency and accountability in the online advertising marketplace.
The purpose of this privacy notice is to inform you of: (1) the types of information DoubleVerify may gather about you or your device when an advertisement that is analyzed by us is delivered to you on a website you are viewing or in an app you are using; and (2) and how we may use, share, and otherwise process that information.
Collection of Internet Data
DoubleVerify uses various technologies to collect information about online advertising, website traffic and mobile app traffic in order to deliver advertising transparency and accountability services to our advertising customers (collectively, “DoubleVerify Services”).To deliver DoubleVerify Services, we use pixels and other similar technologies that can place a small piece of HTML code on a webpage to collect information about advertising impression opportunities and displayed ads or website traffic. The types of data we collect using this technology include:
- Standard HTTP header information including information such as IP address, Referring URL, User-Agent data (e.g., data that your browser transmits about itself when submitting an HTTP request) and other data including browser configuration parameters such as browser language and session storage and local storage settings, and characteristics of your device such as the CPU class and time zone setting.
- Information contained within an advertisement, known as an “Ad Tag,” that includes information used to identify the advertiser displaying the ad and the media property that sold the impression.
- Browser and computer environmental information necessary to determine the viewability of an advertisement, which includes information such as ad size, ad location in the browser viewport, size of the browser viewport, size of the display, application in focus, browser tab in focus, and other data.
- Mobile application and mobile device data such as device identifiers, advertising IDs, application name, bundle IDs, application ID, store ID and other similar data.
For the purpose of identifying and preventing online ad impression fraud and invalid traffic and determining if advertisers and their partners are in compliance with their agreements, DoubleVerify Services utilize information collected in conjunction with the following additional technologies:
- Cookies that may be set by third party service providers executing a DoubleVerify pixel so that DoubleVerify can recognize the device.
- Device identification technology, which analyzes device parameters collected as described above, including IP address and browser header information, to probabilistically identify a particular device.
- Clickstream data including URLs and other data regarding the websites on which a particular browser has viewed advertising impressions we are analyzing.
- Clickstream data including mobile application identifier and other data regarding the mobile apps on which a particular user has viewed advertising impressions.
Use of Collected Data
We use the data we collect to provide DoubleVerify Services for any lawful purpose, including the following:
- Data reporting about the context in which advertisements are displayed and information about whether an ad being displayed is in compliance with: (1) the customer’s contractual terms; (2) the insertion order governing our customer’s campaign; and/or (3) profile settings our customer has established in our system.
- Preemptive decisioning of impression opportunities, meaning that DoubleVerify technology analyzes the available data characteristics of an impression opportunity and determines - using customer-established profile setting -- whether the customer’s advertisement should be displayed or not.
- To deliver information about the viewability of online display advertising, including: (1) whether an advertisement meets certain criteria, set by industry standards boards and/or the client to be counted as a “Viewed Impression;” (2) how long the advertisement was displayed in the consumer’s browser; and (3) other key information about the display characteristics of the creative on the consumer’s browser.
- We may work (with our partners) to anonymously integrate advertising impression data with data that our partners independently collect to deliver enhanced ad-measurement services such as augmented and aggregated audience demographic reporting of campaign impressions viewed or brand lift metrics.
- Website and mobile apps visitation characteristics including visitor quality, invalid traffic detection, fraud identification and other quality characteristics necessary to determine agreement compliance.
DoubleVerify Services include the detection and elimination of invalid traffic, including ad impression fraud, which is defined for purposes of this privacy notice as the manipulation of ad serving, ad display, or traffic activity such that ad impression measurements are incremented inappropriately because the ads cannot be viewed by a user, are not served within operationally viewable parameters or were displayed as a result of machine-generated traffic. Our fraud and invalid traffic services are intended to address fraud for advertising measurement purposes. DoubleVerify Services also include determining if advertisers and their partners are in compliance with their agreements. Information collected for this purpose are used to identify and prevent invalid traffic and ad impression fraud and assess contract compliance by:
- Identifying specific ad impressions that are fraudulent due to being generated by bot-controlled, non-human browsers.
- Identifying invalid traffic such as traffic generated by ad injectors, traffic originated in data centers, misrepresented traffic, emulated traffic and other types of invalid traffic.
- Identifying websites, mobile apps and media properties that have fraudulent traffic and/or generate fraudulent advertising impressions.
- Identifying traffic patterns between websites participating in fraudulent advertising activity.
- Distinguishing between traffic generated by bot-controlled, non-human browsers and human browsers.
- Determining if website visitors and mobile app users are being delivered by partners in compliance with contractual terms.
Additionally, DoubleVerify uses advertising impression information, mobile app information and website traffic information including IP address and browser header information to:
- Identify the geographic location of the user and determine if the user is located within the advertiser’s campaign or traffic settings.
- Determine if a middleware is attempting to misrepresent its operating characteristics to prevent the identification of fraud or other invalid traffic.
- Determine if website traffic or ad impressions are originating from a server farm unlikely to be responsible for human-generated browsing activity.
- Determine if traffic is being acquired through fraud, or regarding or other traffic acquisition practices that are out of compliance with an advertiser’s guidelines or contractual requirements.
DoubleVerify is leveraging AI and Machine Learning in order to automate the process of detecting Invalid Traffic and Fraudulent Activity.
Where we intend to use or otherwise process your personal data for a purpose other than the purpose for which it was collected, we will provide you with relevant information prior to processing your personal data for the new purpose.
Disclosure of Collected Data
Except as otherwise stated herein, DoubleVerify does not share information collected about online advertising impressions except: (1) as is necessary to execute the DoubleVerify Services; (2) in aggregated formats for general corporate marketing and industry benchmarking; (3) for sharing with affiliates of DoubleVerify or service providers of DoubleVerify (where the service providers are required to use the information only to perform services for DoubleVerify); (4) as required by law or to comply with legal process; or (5) to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
We receive personal data from our customers and partners in order to carry out the DoubleVerify Services discussed in this privacy notice. DoubleVerify shares collected information with our customers and partners to perform and deliver the advertising and traffic measurement services that we have been contracted to provide. The primary means by which we provide information to our customers is in aggregated reports or raw data feeds provided through the DoubleVerify Services, including but not limited to our customer dashboard. We may also provide our customers with information to identify website visitors or mobile application users that are bot-controlled, non-human browsers, which our customers can use to avoid delivering advertising to bot-controlled, non-human browsers.
We also provide aggregate data about advertising impressions, website traffic and mobile application traffic in our marketing and promotional materials. We may share information that has been anonymized or aggregated without limitation.
Please note that because DoubleVerify is not an advertising company, we do not create or share non-fraudulent profiles.
Lawful Basis for Processing
We may process your personal data to respond to your inquiries concerning our products and services.
On other occasions, we process your personal data where required by law. We may also process your personal data if necessary to protect your interests or the interests of a third party.
Additionally, we process your personal data when necessary to do so for fraud and invalid traffic prevention purposes or providing services related to advertising viewability and brand safety as discussed in this notice, when these interests are not overridden by your data protection rights. Where we process your personal data for this purpose, our legitimate interest is to carry out our business in favor of the well-being of all our employees and members.
If there is no other lawful basis for data processing, we will ask for your consent to process your personal data. You have the right to withdraw your consent to processing of personal data at any time.
If you wish to exercise the right to withdraw consent, contact us using the information found in the “Contact” section below.
Transfers of Personal Data
Please be aware that the personal data we collect may be transferred to and maintained on servers or databases located outside your state, province, country, or other jurisdiction, where the privacy laws may not be as protective as those in your location. If you are located outside of the United States, please be advised that we process and store personal data in the United States.
You have a right to the following:
- To request access to the personal data we hold about you;
- To request that we rectify or erase your personal data;
- To request that we restrict or block the processing of your personal data;
- Under certain circumstances, to receive personal data about you that we store and transmit to another without hindrance from us, including requesting that we provide your personal data directly to another, i.e., a right to data portability; and
- Where we previously obtained your consent, to withdraw consent to processing your personal data.
To exercise these rights, contact us using the “Contact” section below. Please be aware that DoubleVerify may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.
Additionally, you have the right to lodge a complaint against us. To do so, contact the supervisory authority in your country of residence.
We will process and store your personal data for one year, or only for the period necessary to achieve the purpose of the storage, or as permitted by law. After expiration of that period, the corresponding data is routinely deleted.
DoubleVerify may modify this privacy notice from time to time without the consent of users by providing advance notice on our Web site before implementing such modifications. Should you wish to be notified by email of material changes to this policy, please send correspondence to firstname.lastname@example.org with “PRIVACY” in the subject line or to the following mailing address:
Privacy Notice Operations
233 Spring Street
New York, NY 10013
If you have questions, comments, or concerns about this privacy notice, please contact us, in our role as data processor, at:
Privacy Notice Operations
233 Spring Street
New York, NY 10013
Data Protection Officer
233 Spring Street
New York, NY 10013