Privacy and The Trade Desk Platform
Adbrain is now a part of the Trade Desk Platform.
Last updated: 03 February 2019
The Trade Desk offers what is known in the industry as a Demand Side Platform (DSP). In simple terms this means we provide technology that helps advertisers and their advertising agencies manage digital advertising campaigns across many channels, such as websites, apps, audio, smart tvs, and other video. The ads our clients buy help pay for the content you enjoy.
We, and our clients, collect and use data both to help ensure that the ads you see are relevant and to measure and report on their effectiveness.
Our AdBrain product, which is part of our Platform, uses data to produce a mapping of devices that might be related to each other, meaning that they might be used by the same person or by people in the same household. This helps advertisers better target and measure their campaigns, as well as to try to limit the number of times the same person or household sees an ad.
Data that is in our Platform is pseudonymous, which means that it does not directly identify people. So, our Platform doesn’t have names, email addresses, phone numbers, or the like, and we prohibit clients and partners from putting that kind of data into our Platform. Our clients and partners may, outside of our Platform, have access to other information about you, including information that directly identifies you. Such information is governed by the clients’ own legal requirements, privacy policies, contracts, or other terms that they have in place.
By the term “Platform”, we mean The Trade Desk’s own advertising technology platform and systems. Our references to our Platform do not include the technology or systems of clients or partners that use, or integrate with us. They are bound by our policies when they use our Platform.
The Trade Desk is a member of the Network Advertising Initiative(NAI) (http://www.networkadvertising.org) and adheres to the NAI’s 2018 Code of Conduct. The Trade Desk also follows the industry self-regulatory guidelines of the Digital Advertising Alliance (http://aboutads.info), the Digital Advertising Alliance of Canada (https://youradchoices.ca), and the European Digital Advertising Alliance ( http://youronlinechoices.com).
The Trade Desk also implements and adheres to the policies of the IAB EU Transparency & Consent Framework as part of our compliance with EU data protection law. See http://advertisingconsent.eu for more information.
If you want to go directly to our Opt Out, please visit http://www.adsrvr.org.
At A Glance
Read the table for a quick overview. See below the table for detailed information.
Who we are:
Email: privacy ((at)) thetradedesk ((dot)) com
EEA and Switzerland:
What we do:
Advertising technology platform for managing digital advertising campaigns.
The data our Platform collects and processes:
Pseudonymous data such as:
How the Platform collects data:
Some of the ways the Platform collects data include:
The purposes for which the Platform processes data:
The Platform processes data both on our behalf and on behalf of clients and partners for advertising purposes such as:
Sharing and transfer:
We share data with other parties such as:
In addition, a lot of the data collected on the Platform belongs to our clients and partners. They, of course, are able to remove such data from the Platform.
We may transfer data from the country of origin to the US or other countries. We do so under a valid legal framework, such as Privacy Shield.
We may also disclose personal information in response to lawful requests from public authorities, including to meet security or law enforcement requirements.
Security and Data Retention:
We maintain generally accepted security methods to protect data on the Platform.
We retain pseudonymous data up to 18 months before we aggregate it.
Your rights and choices:
You have rights and choices with respect to the personal data on the Platform.
Below, we explain in detail the type of data we collect, how we collect it, how we use it, and how we disclose it, as well as the choices available to you. Please keep in mind that the digital advertising industry is extremely complex, so we can’t present every technical detail. If, after reading this policy, you still have questions, please feel free to contact us at privacy ((at) thetradedesk ((dot)) com.
The Platform allows advertisers and advertising agencies to manage digital advertising campaigns. It is a Demand Side Platform because we represent the demand side of the digital advertising marketplace, in which advertisers and agencies with ads to display are the “demand” and publishers with space for such ads on web pages, apps, smart TVs and other properties are the “supply”.
Digital advertising uses data to make ads more effective and to measure their effectiveness. Without data our advertiser clients wouldn’t know, for example, if 100 different users each saw an ad, or if one user saw the same ad 100 times. This data is crucial to online and mobile content. Without data like this, advertisers would pay publishers much less, forcing publishers to either show more ads or make users pay for their content.
Advertisers and their agencies collect and use data on the Platform in different ways. They may bring their own data to the Platform. They collect data using the Platform. And they can remove their data from the Platform. We contractually prohibit them from having data that directly identifies individuals, such as names, email addresses, phone numbers, and the like on the Platform. Instead, data on the Platform is what we call pseudonymous, as described further below.
The Platform collects and processes pseudonymous – i.e. not directly identifying – data about users, devices, and ads and where they’re shown. This includes:
- unique cookie identifiers
- mobile device advertising identifiers
- IP addresses
- interest information stored and/or used on the platform by clients and partners
- interest information we create
- other information about browsers and devices, such as type, version and settings
- location information based on IP address or latitude/longitude coordinates, if provided to us
- information about ads that are shown, such as which ads are shown to a device or user, where (which web page or app) they are shown, and at what time
The Platform receives data in several ways, including the following:
- Bid requests, which are sets of information that describe an ad space that is available to be filled. We get these requests from the “supply” side of the advertising ecosystem, meaning websites, apps, smart televisions, and others, as well as their agents. The requests contain information about the ad space, the device, and sometimes the user, including location information. They also usually have an ID that enables us to match the request with information we may already have.
- Purveyors of connected TV devices and apps can send us information about the video content viewed on the device or app.
- Pixels and cookies, which allow us to recognize web browsers across sites and over time, and therefore to record information about them over time.
- Mobile SDKs are bits of code that some of our partners enable to be placed in mobile apps. This enables our partners to send us data about the mobile app and device in association with the mobile device ID.
Our cookie domain is adsrvr.org. Cookies help us by enabling us to distinguish between, recognize, and store data about unique web browsers and devices, and to store data on our servers for the advertising purposes described here. We also use non-unique cookies to store cookie-based opt-out choices, when users opt out.
In order to be able to transmit requests for ads, and other data about users or devices, between sellers and buyers, and to help show you ads that match your likely interests, we engage in cookie syncing, meaning that we match our cookie IDs to clients’ and partners’ cookie IDs.
The Platform processes data both on our own behalf and on behalf of clients and partners for purposes related to the targeting, delivering, and measuring of and reporting on advertising.
- Personalizing ads makes sure they are relevant and effective.
- Delivering ads includes, for example, making sure the ad gets shown, keeping track of how many times it’s shown, as well as where and when.
- Measurement and analytics includes tracking how well ads perform, such as whether users clicked or went to a client’s store after their ad campaign was shown.
- Reporting on ad campaigns includes compilations of measurement, attribution, and other data to report on the performance and success of campaigns, as well as transaction reporting and verification.
- Clicks and conversions measure actions taken by a user with respect to a particular ad, i.e., a click on an ad, or a download of an app.
- Attribution means matching particular ad views to subsequent actions taken by a user. For example, a car advertiser might be able to see that someone who saw an ad for a car four times, purchased that car. This would be done by stitching together data collected from our Platform with the advertiser’s own data and data from other companies. When this is done, we don’t get any data that allows us to directly identify the purchaser of the car.
- Cross device graphing uses algorithms to associate devices that might be related to each other, such as devices used by the same person or in the same household.
- Malicious or invalid activity can be a problem for companies and users. For example, we process information in an attempt to identify and prevent purveyors of malware or bots that try to take advertising dollars for ads that aren’t shown to real users or that try to harm users’ devices.
Sometimes, as part of our Platform, we create and use user profiles associated with unique IDs. This means that we look at the information associated with the IDs, and with the requests for ads, such as the content in which the ad is shown, the time, the geographic location, and the type of device. Sometimes we also use information about whether or how users responded to ads to find other users who would respond to ads. We apply various computational methods on this information to find groupings of IDs that may have certain interests or characteristics, such as “clothing,” “sports,” “travel,” “male,” “25-54,” and so on. Our Platform also enables data suppliers to bring data to the Platform that our clients can use on the Platform to improve their ad campaigns.
Clients can bring their own data to the Platform for their own personalisation. Their sources and methods for acquiring this data vary, and are subject to our clients’ own policies and legal obligations, but we do contractually prohibit certain types of data from being introduced onto the Platform, such as directly identifying data or sensitive data.
As required under the NAI Code, The Trade Desk discloses standard interest segments that are based on health related information or interests that it makes available in the Platform where permitted by law and self-regulatory rules.
Data that is considered sensitive or in special categories according to local rules, including data about children, is subject to restrictions on the Platform. Our contracts prohibit clients and partners from using data on the Platform that is from or about users that they know are children or that is considered sensitive or special. And we do not knowingly use such data on the Platform.
If you are based in the European Economic Area (EEA) or Switzerland, The UK Trade Desk Ltd. is responsible for processing your personal information. Under the definitions of “Controller” and “Processor” in EU law, this processing is in some cases as a Controller of data and in some cases as a Processor. Trade Desk are a Controller, for example, over personalised user interest segments that we create for our Platform, when we have appropriate permissions.
When we collect data for personalisation from requests for ads that we receive as described above, under EU law, we will use consent as our legal basis for doing so.
We process data for other purposes when we have a legitimate interest in doing so and that interest is not outweighed by the rights or freedoms of individual data subjects.
We share data with other parties in some circumstances
- Some of the data processed on the Platform belongs to our clients. When this is the case, our clients can take this data, such as records of advertising impressions, off of the Platform.
- We share pseudonymous IDs that we think might be related to other pseudonymous IDs with clients and partners that use our AdBrain product.
- Some of our clients and partners receive ad request data through the Platform for advertising purposes.
- We may share data in order to investigate or prevent reasonably suspected malicious activity, fake traffic, or other activity that may be harmful to us or our clients.
- We may use service providers that store or process data on our behalf.
- We may transfer data to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change.
- We may share aggregated data that does not include individual-level records with any party or publicly.
- We may disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We transfer personal data to countries other than the country in which it was collected. We do so under a valid legal framework, such as a Privacy Shield. If we receive data under the Privacy Shield and transfer it on to a third party acting as an agent on our behalf, we will remain liable under the Privacy Shield Principles for that third party’s processing of the data.
We transfer data from the EU or Switzerland to the US under our Privacy Shield certification. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
Under the Privacy Shield, we commit to resolve complaints about our collection or use of your personal data, and are subject to enforcement by the US Federal Trade Commission. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at privacy ((at)) thetradedesk ((dot)) com or at the address listed in the “Contact” section of this Policy. If you have unresolved privacy or data use concerns that we have not addressed satisfactorily, please contact our U.S. based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions specified by the Privacy Shield Principles, you may also be able to invoke binding arbitration to resolve your complaint. Please click here for more information or to submit a complaint.
You may have certain legal rights with respect to data transferred under the Privacy Shield Framework. See YOUR DATA RIGHTS below.
We retain the pseudonymous data collected on our Platform for up to 18 months. After 18 months (often sooner) the data is aggregated and stored for up to 3 additional years. This retention policy does not apply to client or partner data.
We have implemented security measures, including physical, electronic and administrative safeguards, to prevent the unauthorized access to, loss, misuse, or alteration of the information that our Platform collects. We believe these measures are appropriate given the nature of the data and our systems, but we make no assurances in this policy about our ability to prevent any such event or the possible harm to you or any third party that could arise from it.
Industry opt-out pages. The online advertising industry provides websites from which you may opt out of interest-based advertising from the Trade Desk and other companies that participate in industry self-regulatory programs. The US-based opt out pages areand . The European based page is .
For mobile apps. You can opt out of the Trade Desk using information about your usage of mobile apps that are targeted to your interests by using your device settings, for most devices. We are not able to directly access the Mobile App Opt Out on devices that offer it. To learn how to use the mobile app opt out, consult your device instructions. To find information on Opting out on Mobile Devices please visit </a>
The Trade Desk’s Data Control Page. You are able to opt out of having new data associated with your device and to request that we disassociate from your device data we already have. You can directly access The Trade Desk’s opt out, which will cease data collection and disassociate data from your device, by visiting http://www.adsrvr.org.
Individuals in the EEA and Switzerland may have certain legal rights with respect to data the Trade Desk collects and processes in association with your device. These rights include the right of access, deletion and correction of personal data. These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in both the GDPR and local implementing legislation. We will inform you of relevant exemptions we rely upon when responding to any request you make.
To make a request to exercise any of these rights in respect of data for which the Trade Desk is Data Controller, please email dsr ((at)) thetradedesk ((dot)) com.
We may revise this policy at any time. However, if we make material changes, we will not apply them retroactively.
You may contact us regarding privacy.
Email: privacy ((at)) thetradedesk ((dot)) com
Global Data Protection Officer (DPO)
The Trade Desk, Global Privacy Office
2 Park Avenue, 5th Floor
New York, NY 10016
Email: dpo ((at)) thetradedesk ((dot)) com
If you have a concern regarding our privacy practices, please contact us via the contacts above. If after reasonable efforts you believe your concern has not been satisfactorily addressed by us:
- In the US, our privacy practices are regulated by the Federal Trade Commission.
- In the EU or Switzerland, for concerns that pertain to the transfer of data from the EU or Switzerland under the EU-US or Swiss-US Privacy Shield Frameworks, please contact our U.S. based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
- Otherwise, in the EU, we recommend you contact the Information Commissioner’s Office (ICO) of the United Kingdom.