Our Position

AdColony is committed to our position as the most transparent, consumer experience-driven mobile ad and monetization marketplace. From our inception, end-user experience has been our top priority, whether that be seamless Instant-Play™ ads with no buffering or loading times, or award-winning Aurora™ HD Video or Playables that consumers actively engage with. That also means respecting the privacy choices of consumers around the world. We were the first mobile ad platform to introduce a consent API for developers, making it less confusing for consumers about who to talk to about the privacy, and have for years been certified by ePrivacy, TAG, and other local and global industry groups.

This page contains information regarding our policies and procedures as defined by the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), as well as general information regarding our consumer privacy practices. Other global and local privacy regulations not covered by GDPR or CCPA will be added as necessary. Our full privacy policy is available here.

 

AdColony & GDPR

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a European Union regulation law on data protection and privacy for all individuals that reside within the European Union. The GDPR also applies to how data is handled and controlled (more on that later) outside the EU when applicable.

Fundamentally, the GDPR is a set of rules designed to give EU citizens more control over their personal data. The legislation allows users gain access to and correct information that companies hold on them, including surveys, ad tracking, data collection, cookies, location data, and almost every other piece of a user’s “digital footprint”. It gives users the right to transfer their data to another organization. It requires companies to define how they keep data secure.

We’ve always taken user privacy seriously. GDPR continues to give us the opportunity to formalize our commitment to privacy within a robust legal framework. We go above and beyond the requirements of the European Union to offer the protections afforded by the GDPR internationally.

Yes. AdColony continues to meet all the GDPR requirements globally for all our users, and we continue to take the steps necessary to ensure that AdColony and all our partners are compliant too. We are members of the Privacy Shield framework, which ensures a high level of protection for data sent to and from the EU.

Like most ad platforms, AdColony collects user data for the purposes of delivering targeted and relevant advertisements to mobile app users. In addition, we receive data passed to us through SDKs, SSPs, exchanges, attribution partners, and 3rd party data partners. Our compliance with GDPR continues to provide opportunities to clarify our relationships with data partners, streamline our data processing controls, and help data subjects understand and directly manage uses of their personal data.

    • Controller Classification: As a Controller under GDPR classifications, we work with our advertiser and publisher partners to determine how data is processed based on agreed upon terms.
    • Data Protection: We have engaged ePrivacy Consult GmbH to help us with compliance and appointed one of their agents as our Data Protection Officer. ePrivacy is tasked with ensuring that AdColony is aware of and complies with its data protection responsibilities.
    • Legitimate Interest: AdColony will not request nor require consent from a user in order to display advertisements. We believe that our legitimate interest is appropriate given the value we bring to sustaining a healthy ecosystem amongst users, advertisers, and publishers after having conducted a legitimate interest assessment. Based on data collected, we will show ads to users that deliver the best user experience. By doing so, we allow users to enjoy their favorite apps free of charge while driving revenue for publishers and improving the effectiveness of advertiser campaigns. Moreover, we are fully supportive of the digital ad industry consent mechanisms and will continue to test consent mechanisms as potential alternative legal basis for processing. And where a valid consent is passed to AdColony, we will pass that consent on upstream.
    • Global Implementation: While GDPR rules apply only to data collected from European Union residents, we have decided to comply with GDPR at a global level–for every user in every country.
    • Personal Data: We will collect and process only non-sensitive data signals. Personal data will be pseudonymized and encrypted to maintain the privacy of the user. The data will be processed for standard advertising use cases: campaign operations; performance attribution and optimization; brand targeting; brand measurement; and on the AdColony Exchange.
    • Programmatic Signals: AdColony will adhere to the IAB’s GDPR Recommendations regarding supporting GDPR-relevant RTB signals. AdColony also support the IAB Transparency and Consent Framework (TCF) v2.0.
    • Sub-Processors: AdColony will maintain a list of all sub-processors on a password-protected website page.
    • Data Mapping: Our Personal Data Exchange (PDX) forces any calls of device ID and other personal data to be stripped of identifiable information before mapping to a new, anonymous device token.
    • Data Subject Rights: On the AdColony.com website, we will provide instructions for the user to: access their data collected by AdColony.; opt-out of future data collection by AdColony.; erase personal data collected by AdColony.; elect that personal data will not be stored by AdColony.; elect that personal data will not be processed by

AdColony SDK 3.x and forward supports GDPR and will not require an AdColony SDK update; however, if a publishing partner is collecting consent, they will need to update their integration to pass data subject requests for information or requests to remove their consent we have claimed based on our legitimate interest (i.e. forget, do not store, do not process). Publishers on the old 2.x SDK will need to update to a newer version of the SDK to pass consent parameters.

Documentation regarding GDPR requirements for AdColony publishers using our iOS SDK can be found here, and documentation for Android can be found here.

If I work with AdColony, what should I expect regarding GDPR?
GDPR-related steps will vary depending on how you work with AdColony. All partners should review our privacy policy and become familiar with our GDPR interpretations. Additionally, please expect the following based on how you work with us.

  • Publishers will be asked to sign AdColony’s sell-side Data Processing Agreement (DPA).
    DSPs will be asked to sign AdColony’s buy-side DPA.
  • Advertisers will be asked to update their IO language to accommodate the AdColony buy-side DPA, including the GDPR-compliant 3rd-Party Partners to whom AdColony is authorized to send personal data.
  • Attribution and measurement partners should expect to sign an AdColony DPA.
  • Data Management Platforms should expect to sign the AdColony DPA.

AdColony stores and processes data for up to 13 months, unless there is a special need accommodated by GDPR (legal claim, fraud, etc). Otherwise, personal data is destroyed after the 13-month period.

Clear instructions to exercise Data Subject Access Requests can be found at the bottom of this page.

Similar to data information requests, data subjects are be given directions at the bottom of this page, or on our privacy policy.

Those rights include the ability to make the following requests, which will be honored within 30 days from original request:

  • Forget: The ability to erase personal data from AdColony data storage so that my privacy rights are maintained.
  • Do Not Store: A way to indicate my personal data will not be stored by AdColony so that my privacy rights are maintained.
  • Do Not Process: A way to indicate my personal data will not be processed by AdColony (although it may be stored) so that my privacy rights are maintained.

AdColony & CCPA

The California Consumer Privacy Act (CCPA) went into effect in January of 2020 and began being fully enforced by the California AG’s office on July 1, 2020. AdColony is compliant with CCPA (including the AG’s Regulations). The CCPA impacts companies that collect and/or sell personal information and is designed to give Californians more control over their data.

The following are among the major new data protections CCPA introduces:

  • Right to access information – California Consumers will be able to know the “what, who, and why” surrounding their personal information.
  • Right to deletion – California Consumers will be able to request that a company delete the personal information it has collected about them.
  • Right to opt out – California Consumers will be able to direct a company to not sell their personal information to third parties (although the definition of “sell” in the bill is broader than simply monetary exchange).

The CCPA applies to for-profit businesses operating in California that collect personal information of California consumers for which any of the following are true:

  1. Annual gross revenues over $25M.
  2. Annually buys, receives, sells, or shares personal information of over 50,000 California consumers, households, or devices.
  3. Derives at least 50% of annual revenue from selling California consumers’ personal information.

Yes. AdColony is compliant with all the CCPA requirements for California residents and all requests coming from the United States. We continue to take the steps necessary to ensure that AdColony and all our partners remain compliant.

Like most ad platforms, AdColony collects user data for the purposes of delivering targeted and relevant advertisements to mobile app users. In addition, we receive data passed to us through SDKs, SSPs, exchanges, attribution partners, and 3rd party data partners. Due to the effort already done with GDPR, we have been able to re-use a lot of the work we did previously for GDPR for our CCPA compliance.

Third-Party Classification: As a third party as defined by the CCPA, we work with our advertiser and publisher partners to determine how data is processed based on agreed-upon terms.

Personal Information: Like all adtech companies, AdColony processes pseudonymous personal information and is subject to the CCPA’s rules around such information. This data will be processed for standard advertising use cases: campaign operations; performance attribution and optimization; brand targeting; brand measurement; and on the AdColony Exchange.

Programmatic Signals: AdColony supports the IAB’s CCPA Recommendations regarding CCPA-relevant RTB signals. AdColony can also ingest and interpret consent strings from the IAB CCPA US Privacy Framework.

Data Mapping: Our Personal Data Exchange (PDX) forces any calls of device ID and other personal information to be stripped of identifiable information before mapping to a new, pseudonymous device token.

Data Subject Rights: On the AdColony Privacy Policy, there are instructions for the user to: access their data collected by AdColony.; opt-out of future data collection by AdColony.; erase personal data collected by AdColony.; elect that personal data will not be stored by AdColony.; elect that personal data will not be processed by AdColony.

Data Retention: Collected data will be retained for a maximum of 13 months.

 

AdColony classifies as a 3rd party under CCPA, but we strive to provide all possible tools to ingest and respect CCPA privacy signals regardless of legal classification. If your business has adopted or is planning to adopt the IAB CCPA Privacy string, AdColony’s SDK 4.2 can ingest and respect the IAB US Privacy String. Additionally, AdColony’s SDK 4.2 provides support for publishers to designate on an individual level whether CCPA is applicable for a specific user, and whether a user has opted in or opted out to the sale of their data as defined by CCPA.

Usage of providing any of the above features to pass opt-outs via our SDK will require updates SDK 4.2, as earlier versions do not support them. We’ve designed this version of our SDK to minimize the requirement of future publisher updates to support additional privacy features for future legislation and industry privacy frameworks.

 

CCPA steps will vary depending on how you work with AdColony. All partners should review our privacy policy and become familiar with our CCPA interpretations. Additionally, please expect the following based on how you work with us.

  • Publishers and Supply Side Partners will be asked to pass any instances of where a user has opted out of a sale to AdColony to our SDK or through the bid-stream.
  • SSPs will need to send opted-out CCPA signals per the IAB CCPA Specifications, or to AdColony’s own Specifications in order to support opted-out users under CCPA.
  • Attribution and measurement partners should connect with AdColony on how to best transmit and receive opt-out signals from users.
  • Data Management Platforms should connect with AdColony on how to best transmit and receive opt-out signals from users.

AdColony stores and processes data for up to 13 months, unless there is a special need accommodated by GDPR or CCPA (legal claim, fraud, etc). Otherwise, personal data is destroyed after the 13-month period.

Instructions are posted on the privacy policy or can be found below. Data subjects will direct their requests to AdColony via official process and will need to be able to affirm their request.

Clear instructions are posted on AdColony Privacy Policy. Data subjects will direct their requests to AdColony via official process and will need to be able to affirm their request.

Those rights include the ability to make the following requests, which will be honored within 30 days from original request:

Forget: The ability to erase personal data from AdColony data storage so that my privacy rights are maintained.

Do Not Store/Do Not Sell: A way to indicate my personal data will not be stored or sold by AdColony so that my privacy rights are maintained.

Do Not Process: A way to indicate my personal data will not be processed by AdColony (although it may be stored) so that my privacy rights are maintained.

Exercise Your Privacy Rights

    RIGHTS OF DATA SUBJECTS UNDER GDPR AND CCPA

    AdColony Advertising Services

    Data is processed in order to show you relevant advertising content and to perform tasks necessary to the operation of the advertising business.

    Deletion / "Right to be Forgotten"

    This form is for requesting the removal of data relating to our advertising services. If you wish to request deletion of your personal information, you can do so at any time by filling out the information in this form and submitting it. (If you wish to request removal of personal information from another area of the business, please email privacy@adcolony.com with a detailed description of the actions you'd like to take.)

    AdColony Forget Data Request

    With this form, you may request that we forget personal data we have collected in association with your email address and/or your device (identified by your advertising ID).
    For more information see our Privacy Policy page (https://www.adcolony.com/privacy-policy/)
    * Email Address
    Your Information
    * First Name
    * Last Name
    *Under which privacy regulation are you exercising these rights?
    GDPR (EU Resident)CCPA (California Resident)None of the Above
    Relationship
    * Are you submitting this request on behalf of yourself?
    YesNo
    * If no, please indicate your relationship with AdColony
    PublisherAdvertiserDSPSSPThird PartyOther
    Device ID
    Your Device ID is a 36-40 character string that can be found on your device. Please see this link for more information about identifying your Device ID. Device IDs that are incorrectly entered may void your request.
    https://www.adcolony.com/privacy-policy/finding-advertising-id/
    * Device Advertising ID (Apple IFA or Google AID)
    Signature and Consent
    By typing your full name below, you are providing us with your digital signature, which is as legally binding as your physical signature. Please note that your signature must exactly match the first and last names that you entered at the top of this web form in order for your submission to be successful.
    * Accurate, Authorized
    * Consent for this Request
    * Signed on this date
    * Signature

      RIGHTS OF DATA SUBJECTS UNDER GDPR AND CCPA

      Data Subject Access Request

      AdColony is committed to transparency, and we want all data subjects to have access to personal data that we may have about them and/or the devices that they may use to access the Internet.

      Our privacy policy describes the types of personal data that we process. We only ask for the information we need to help us process a subject access request and will only keep information pertaining to your request for up to one year. If you are a client of AdColony with a login and password to the AdColony platform, we ask that you first direct your request to the person or persons at your organization that administers the relationship with AdColony.

      Your GDPR and CCPA Data Subject Access Rights

      If you make a subject access request as set out in this policy, you are entitled to see the personal data that we have about you including any digital identifiers such as cookie IDs and mobile advertising IDs that AdColony may store. We will also do our best to provide you with other information that we may have stored and associated with your personal data and digital identifiers—for example, transaction logs reflecting where one of our customers used or attempted to use our services in a way that impacts a website or application that you accessed.

      We will provide you with the ability to see the personal data that we have by providing you with a copy of that data. You have the right to port that data to a different entity than AdColony, although we can’t guarantee that others will be in position to ingest this data. We will also provide you with the ability to correct errors in the data, but reserve the right to simply delete data which you’ve indicated may contain errors or inaccuracies. We will restrict or cease processing of this data upon request and offer you the ability to object to our processing of this data if you fill out the Do Not Process/Store/Sell Request form on this page. And we will delete the data upon request as long as we are not prohibited from doing so by applicable law and/or the information is not required for us for billing, fraud prevention or security purposes.

      Where we are merely the agents and/or processors of data, we may be prohibited from processing this data except as directed in writing by those clients. If that’s the case, we will submit your request to the applicable client and await their written instructions. Also, if we are unable to locate any of the information you have requested, we will let you know.

      Making a Data Subject Access Request

      Step 1: Locating Your Information

      Here’s what you need to do in order to share your digital identifiers.

      As described in our privacy policy, our systems or website may drop text files called “cookies” that are placed on your computer or device. For more general information about cookies, please visit http://www.allaboutcookies.org/. Some of the cookies we place may provide a unique ID which helps our systems recognize your browser or device over time. In order to find these cookies, please use your Internet browser to look for cookies named “AdColony.com,” which is the domain used by AdColony.

      Please keep in mind that different cookies are placed on each browser that you use to access the Internet. As a result, if you use multiple browsers (for example, Google Chrome and Mozilla Firefox), you will need to locate our cookies for each browser. Your browser’s help section should provide an overview of how to locate your cookies. An internet search of how you may find cookies in your browser may also be helpful. If you need more assistance locating these cookies for your browser, please feel free to email us for assistance at privacy@AdColony.com.

      Mobile Devices

      Additionally, certain mobile devices (for example, mobile phones or tablets using the iOS or Android operating systems) generate a persistent “Advertising Identifier” per device, which, among other things, can be used by third parties for purposes of providing you with targeted advertising. On iOS devices, your Advertising Identifier may be referred to as an “IDFA,” “IFA,” or an “ID for Advertising.” On Android devices, your Advertising Identifier may be referred to as an “Advertising ID.” To find Advertising ID on a mobile device:

      • iOS: Users have to download an app (e.g. The Identifiers) and copy the “Advertising Identifier”
      • Android: Users choose Google Settings > Ads and copy the “advertising ID”

      Step 2: Authentication of the Information Provided

      In order to make sure that we are only providing personal data to the correct person, we also will need to take reasonable steps to authenticate your request. We request that you provide screenshots of any cookies and mobile Advertising Identifiers for which you are submitting a request. We also reserve the right to send you an email to any addresses you provide in order to authenticate that portion of your request. We also request that you fill out and sign the form & affidavit below. By filling out and signing the affidavit, you’re promising AdColony that you’re the person listed on the affidavit, and providing proof to demonstrate that you are indeed connected to the personal data and digital identifiers you located in Step 1.

      Step 3: Filling out the online form or mailing in same information

      Once you have located your Digital Identifiers and can provide us with verification of those Digital Identifiers, you should fill out the form below.

      EU data subjects can also make a subject access request by mail, by sending a written request with all of the above-listed information to the following address:

      AdColony, Inc.
      Attn: Privacy Officer (GDPR Request)
      11400 W Olympic Blvd
      Ste 1200
      Los Angeles, CA 90064
      USA

      Online Data Subject Access Request Form:

      AdColony Data Access

      With this form, you may object to AdColony processing or storing your personal data in association with your email address and/or your device (identified by your advertising ID).
      For more information see our Privacy Policy page (https://www.adcolony.com/privacy-policy/)
      * Email Address
      Your Information
      * First Name
      * Last Name
      *Under which privacy regulation are you exercising these rights?
      GDPR (EU Resident)CCPA (California Resident)None of the Above
      Relationship
      * Are you submitting this request on behalf of yourself?
      YesNo
      * If no, please indicate your relationship with AdColony
      PublisherAdvertiserDSPSSPThird PartyOther
      Device ID
      Your Device ID is a 36-40 character string that can be found on your device. Please see this link for more information about identifying your Device ID. Device IDs that are incorrectly entered may void your request.
      https://www.adcolony.com/privacy-policy/finding-advertising-id/
      * Device Advertising ID (Apple IFA or Google AID)
      Signature and Consent
      By typing your full name below, you are providing us with your digital signature, which is as legally binding as your physical signature. Please note that your signature must exactly match the first and last names that you entered at the top of this web form in order for your submission to be successful.
      * Accurate, Authorized
      * Consent for this Request
      * Signed on this date
      * Signature

        AdColony Advertising Services

        Data is processed in order to show you relevant advertising content and to perform tasks necessary to the operation of the advertising business.

        RIGHTS OF DATA SUBJECTS UNDER GDPR

        If you are Data Subject under the European General Data Protection Regulation and you do not wish AdColony to process or store your data, i.e. you wish to withdraw consent, then you can opt out at any time.

        RIGHTS OF DATA SUBJECTS UNDER CCPA

        If you are a Data Subject under the CCPA Regulation and you wish to exercise your right to opt-out, you may do so at anytime. With the Right to opt out – California Consumers will be able to direct a company to not sell their personal information to third parties (although the definition of “sell” in the bill is broader than simply monetary exchange).

        Opting-out

        Opting out will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent. You can exercise your rights to opt out of our services and stop processing and/or storage of your personal information in the following ways:

        Opt-Out via Device Settings

        If your iOS or Android mobile device provides an “Opt out of interest-based advertising” or “Limit Ad Tracking” setting, you can enable the setting and AdColony will not use information collected from that device to infer your interests, or to serve ads to that device that are targeted based on your inferred interests.

        To enable “Limit Ad Tracking” on an iOS device:

        • iOS 6:
          • Choose Settings > General > About > Advertising > Enable “Limit Ad Tracking” setting
        • iOS 7 or higher:
          • Choose Settings > Privacy > Advertising > Enable “Limit Ad Tracking” setting

        To learn more about the iOS setting, click here.

        To enable “Opt out of interest-based ads” setting on an Android device

        Android devices with OS 2.2 and up, and Google Play Services version 4.0 and up:
        Open Google Settings App > Ads > Enable “Opt out of interest-based advertising”

        Restoring Consent

        If you’ve enabled ‘Limit Ad Tracking’ on your iOS device or the ‘Opt out of interest-based advertising’ setting on your Android device, you can restore interest-based ads by turning the settings off.

        When you opt out, you may still see the same number of ads from AdColony on your mobile device; however, these ads may be less relevant because they won’t be based on your interests. AdColony may continue to serve you ads based on other non-personal information, such as ads related to the content of the application you are using. By submitting this form, you allow AdColony to collect and store Device ID and IP Address as displayed further down on the form.

        Opt-Out via Advertising ID

        To find Advertising ID on a mobile device:

        iOS users have to download an app (e.g. The Identifiers) and copy the “Advertising Identifier”

        Android users choose Google Settings > Ads and copy the “advertising ID”

        AdColony Do Not Process, Store or Sell Data Request

        With this form, you may object to AdColony processing, storing or selling your personal data in association with your email address and/or your device (identified by your advertising ID).
        For more information see our Privacy Policy page (https://www.adcolony.com/privacy-policy/)
        * Email Address
        Your Information
        * First Name
        * Last Name
        *Under which privacy regulation are you exercising these rights?
        GDPR (EU Resident)CCPA (California Resident)None of the Above
        Device ID
        Your Device ID is a 36-40 character string that can be found on your device. Please see this link for more information about identifying your Device ID. Device IDs that are incorrectly entered may void your request.
        https://www.adcolony.com/privacy-policy/finding-advertising-id/
        * Device Advertising ID (Apple IFA or Google AID)
        Consent
        By submitting this request, I certify that I am a resident, citizen or visitor of the country I have indicated above, and I am acting on my own behalf. If not acting on my own behalf, I have legal authority to act on behalf of the resident, citizen or visitor whose Advertising ID I am entering here. I understand that this device will no longer receive personalized advertising.
        * Accurate, Authorized
        * Consent for this Request
        * Agreed on this date
        * Signature