Last Updated: 30 October 2023
- Who we are, What we do, How you can contact Zemanta, our DPO or the relevant authorities
Who we are:
Zemanta means Zemanta Inc., a Delaware, USA corporation with headquarters in New York; and its affiliated subsidiaries (collectively, “Zemanta,” or “we“, “us“, “our“).
What we do:
For more about Zemanta’s products and services see here.
How to contact us:
If Zemanta does not satisfactorily answers your questions or concerns, you may also contact the following for advice, support or complaints:
- Zemanta’s Data Protection Officer (“DPO”) at firstname.lastname@example.org; and/or
- the Information Commissioner’s Office, which is Zemanta’s lead supervisory authority within the European Territories.
We adhere to:
- the Self-Regulatory Principles set forth by the Digital Advertising Alliance(DAA) and the European Interactive Digital Advertising Alliance (EDAA);
- the Interactive Advertising Bureau’s (IAB) Self-Regulatory Principles for Online Behavioral Advertising and the IAB Europe OBA Framework.
Site Visitors: You are a Site Visitor when you visit and interact with our web sites, web pages, interactive features, blogs and their respective contents at Zemanta.com (or any derivation, such as Zemanta.co.uk; Zemanta.fr; Zemanta.de etc.).
(a) What information we collect and why
We want to understand what services on Our Sites interest you and we want to remind you about the services we offer when you are not on Our Sites. To do this, we collect the following information from you: (i) IP address; (ii) User Agent data: device type (e.g., iPhone), browser type (e.g., Chrome), operating system (e.g., iOS); (iii) the pages visited on Our Site (e.g., the Zemanta “About” page); (iv) the time of visit (and corresponding timezone); and (v) referring URLs and other information normally transmitted in HTTP requests (e.g., this information tells us how you arrived on Our Sites).
(b) What cookies and other similar technologies we use
Please see this Cookie Table under “Site Visitors” for a detailed list of the cookies (and their corresponding retention periods) we use when you visit Our Sites.
(c) How we may share information
- Sharing Information we learn about you on Our Sites
In general, we do not share personal data about you with third parties for third party marketing or advertising purposes. However, we use various third parties (each listed on this Cookie Table) to help us market or advertise to you. For example, some of the cookies we use on Our Sites belong to third parties that will help Zemanta market or advertise to you. We require that these third parties and companies agree to keep all information shared with them confidential and to use the information only to perform their obligations to us. We do this by entering into agreements with all third parties who process personal data on our behalf to ensure that they process your personal data in accordance with our strict instructions and all applicable data protection laws.
- Using Third Party Services on Our Sites.
Our Sites may contain links to other websites that we do not own or operate. We do not control, recommend or endorse the content, products, services, privacy policies or practices of these third party websites. For example, on Our Sites you will notice clickable icons which take you to the Zemanta Facebook page or the Zemanta LinkedIn page. If you choose to click on these links, you should know that Facebook and LinkedIn may send their own cookies to your device and they may independently collect personal data. It is therefore important that you read the Facebook and/or LinkedIn privacy policies.
(d) Your rights
The Terms of Service on Our Site govern the use of Our Site and also apply to you. You can stop using Our Site at any time. If you do, you may also want to remove any cookies that we have placed on any device used to access Our Site. If during your use of Our Sites you provided your email address, any email you receive from Zemanta includes an “unsubscribe” option.
For European Territory Visitors, Zemanta has implemented a consent management platform (powered by OneTrust) on Our Sites that provide visitors the opportunity to consent, or not consent, to cookies and similar tracking technologies on Our Sites. Upon accessing Our Sites, you will see a banner on the bottom of the page with information about the cookies we use. You may click the banner to reject any cookies that are not strictly necessary. Pressing “accept” on the banner or scrolling/clicking on Our Sites is an indication of your acceptance. Accordingly, Zemanta’s lawful basis for processing personal data on Our Sites is consent. You may withdraw your consent at any time by clicking this button: Cookies Settings.
Business Partners: You are a Business Partner when you register (or email with Zemanta) on behalf of the company you work for to use the the Zemanta One dashboard or any other of our services.
(a) What information we collect and why
You may provide certain personal data (such as email address) when you sign up for the Zemanta Services or otherwise communicate or interact with us. If you apply to become a Business Partner, we may request additional information from you via advertiser application forms, insertion orders and other forms. We automatically collect information about your username’s actions in the Zemanta dashboard.
We collect and process the personal data above in order to perform our obligations under our agreement as a Business Partner (or prospective Business Partner) with you including to:
- respond to your questions and requests;
- to provide you with access to certain functions and features of our Zemanta services (e.g., to provide and maintain your dashboard account);
- verify your identity;
- communicate with you about your account, our products, and available promotions relevant to your use of the Zemanta services.
(b) What cookies and other similar technologies we use
Please see this Cookie Table under “Business Partners” for a detailed list of the cookies (and their corresponding retention periods) we use with Business Partners.
(c) How we may share information with anyone
(d) Your rights
If as a Business Partner you wish to verify, correct, update or request the deactivation of your information, you may go the to the Zemanta dashboard edit your profile preferences or contact us at email@example.com. If you are receiving Zemanta emails, you may “unsubscribe” using a link in the email. Note unsubscribing shall not opt you out notifications critical to providing the Zemanta services (e.g., email invoices).
Zemanta’s lawful basis for processing personal data of Business Partners is contractual.
Zemanta Users: You are a Zemanta User when you visit a page of a website or application where Zemanta’s technology is used to serve advertisements advertisements (“Zemanta One”).
(a) What Information we collect and why
We automatically collect the information listed below through tracking technologies such as cookies, pixel tags, beacons, and embedded scripts. We may also infer or collect additional information about you based on what we or our partners collect. Information is shared in the process of Programmatic Buying via the Open RTB (see our Glossary for more information.) This information helps provide our services and serve you ads which are most relevant to your interests.
|Automatically collected information||Identifiers: Zemanta online identifier, (UUID) advertiser ID and IP address. The Zemanta UUID and / or advertiser ID a sequence of numbers and/or letters. This UUID attaches itself to your device and varies depending on which browser you use. In other words, Zemanta records a different UUID depending on which device and/or which browser you use when accessing publisher sites. For example, this means that you will have one UUID when you visit a site from your mobile phone using the browser Safari, and a different UUID when you visit a site from your iPad using the browser Safari. Zemanta will combine and consolidate a UUID from a mobile device (handheld or tablet) from a browser that then accesses an application (or vice versa) from that same device.|
|Internet or other electronic network activity information||
● Page URL
● Browser Information (e.g. Safari or Chrome)
● Device Information (e.g. Macbook)
● Network carrier information (e.g. Wifi, 4G or Wired connection)
● Mobile application information (e.g. Application name or IDFA)
● User Interactions with ads served by Zemanta (e.g., the user interacted with mainly travel content)
● Non-Precise Geolocation data: On web and web mobile, we collect non-precise location information at the country and/or city level that are derived from user IP Address.
● Precise Geolocation data: On mobile apps, when a user opts-in for Geo Location on the publisher’s app, precise user geolocation (latitude / longitude) may be transferred to Zemanta’s SDK by the mobile app however, Zemanta does not user this information to serve relevant ads to Users (although such information may be stored in raw data logs).
(b) What cookies and other similar technologies we use.
Cookies are a short string of characters which Zemanta uses to uniquely identify browser and a device. Zemanta syncs these cookies with its partners in order to identify users across environments and know which segments our partners identify our users with. Please see this Cookie Table under “Zemanta Users” for a detailed list of the first party cookies Zemanta uses when you interact with sites where Zemanta One is used.
- Pixel Tags
Zemanta advertisers may implement the Zemanta pixel on their websites. The Zemanta pixel determines whether the user reaching the page where the pixel is installed has a Zemanta UUID. If there is a UUID associated with such end user, Zemanta allows advertisers to retarget those UUIDs and/or provides advertisers with the total number of UUIDs that reached such page. If there was no Zemanta UUID on the page, the Zemanta pixel does not collect any information about the user.
We encourage advertisers to disclose use of the Zemanta pixel on their own websites. Zemanta does not combine pixel information with a UUID’s profile.
- Mobile Advertising Identifiers
Mobile advertising IDs (like IDFA) are unique IDs associated with individual mobile devices. Users can reset them by instructing their device to do so.
- General Web Analytics
- Zemanta Customer Technology
(c) How we may share information
Zemanta may share some personal data (e.g., Zemanta UUID, device ID and IP address) with certain partners for the purpose of cookie syncing or based on technical requirements. Third parties may be able to ascertain you identity by using information we disclose to them in conjunction with other information they have.
Zemanta may share some personal data with the following categories of trusted third party:
- Supply side platform;
- Data management platform;
- Exchanges; and/or
- Ad networks.
For a more detailed description of the above categories please see our Glossary.
(d) Your rights
- Zemanta Opt-Out
You may opt out of Zemanta’s personalised recommendations at any time. Opting-out means that Zemanta will cease to collect data while you remain opted-out. You can opt out of personalisation on your desktop and mobile web here.
Note that opting out of personalised recommendations in applications is through the settings on your device (e.g., by following instructions for iOS devices and for Android devices.).
IMPORTANT – even though you have opted out of Zemanta:
- You will still see advertisements. Opting out of Zemanta tracking does not mean you will no longer receive advertisements. Instead, it means that the advertisements will not be interest-based or targeted based on your browser cookies.
- The opt out is cookie based and device/browser specific.If you browse the web from several devices and/or browsers, you will need to opt out from each device and/or browser to ensure that we prevent personalization tracking on all of them. For the same reason, if you buy a new device, change browsers or delete (or clear) the opt out cookie, you will need to opt-out again. Opting out of personalization tracking is not the same as blocking cookies.
- To ensure deletion of the profile tied to your UUID, do not opt in to Zemanta for at least 21 days. Your opt out is effective immediately. However, if your browser permits local storage and you opt into Zemanta’s personalized recommendations within 21 days of your opt out, it is possible your prior profile will be reconnected to your UUID. If you do not opt in within 21 days, your profile will be deleted and cannot be recovered.
- As with most opt out cookies, the Zemanta browser opt out relies upon a cookie. The opt-out cookie is intended to be persistent to honor the user’s preferences. However, the “Intelligent Tracking Prevention” feature in iOS11 may impact the persistence of cookies across websites post a 24 hour window. We suggest using another browser or considering blocking all 3rd party cookies from the browser so that you are “opted out” without needing to rely on any company’s actual opt out methodology.
- Additional Opt-Out Options.
You may also opt out of receiving personalized ads served by us or other advertising companies through industry powered tools such as the NAI and/or EDAA www.youronlinechoices.eu). Visiting the NAI or EDAA consumer choice pages allows you to opt out of all some or all of the participating members’ services. Like Zemanta’s opt out, these opt outs do not mean you will no longer receive any advertising – the advertisements will just not be tailored to you. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., contextually based ads). Also, if your browsers are configured to reject cookies when you visit the EDAA consumer choice pages, your opt out may not be effective.
- How We Keep Information Safe, Transfers Outside the EEA, Sharing and Retention
Zemanta has a dedicated security team. We maintain tight controls over the personal data we collect, retaining it in firewalled and secured databases with strictly limited and controlled access rights, to ensure it is secure. We have taken appropriate technical and organisational measures to protect the Information we collect about you from loss, misuse, unauthorized access, disclosure, alteration, destruction, and any other form of unauthorized processing.
Business Partners have access to certain password-protected features of the Zemanta service. They are responsible for keeping this password confidential. Please remember that unfortunately, the transmission of information via the internet is not completely secure. A common Internet scam is known as “spoofing” or “phishing.” This occurs when you receive an email from what appears to be a legitimate source requesting personal data from you. Please be aware that we will not send you any emails requesting you to verify credit card, bank information, or any other personal data. If you ever receive an email that appears to be from us requesting such information from you, do not respond to it, and do not click on any links appearing in the email. Instead, please forward the email to us at firstname.lastname@example.org, as we will investigate instances of possible Internet fraud.
Data Transfers Outside the EU/EEA
When we transfer personal data from the European Economic Area to other countries in which applicable laws do not offer the same level of data privacy protection as in the European Territories, we take measures to provide an appropriate level of data privacy protection. In other words, your rights and protections remain with your data. For example, we use approved contractual clauses and other measures designed to ensure that the recipients of your personal data protect it.
In addition to the description of how we may disclose your personal data for each user type, we may also disclose personal data as follows:
- Within the family of companies controlled by Outbrain Inc (Zemanta Inc’s parent company) for internal reasons, primarily for business and operational purposes;
- If we go through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of our assets, your personal data will likely be among the assets transferred;
- When legally required to do so (e.g., to cooperate with law enforcement investigations or other legal proceedings); and/or
- To respond to a genuine emergency.
In addition, we combine your personal data with those of other users in order to share trend information and aggregate user statistics with third parties, always in aggregated and anonymized form.
The retention period for each of the cookies Zemanta uses (whether its own or on our behalf by third parties) is stated on the Cookie Table.
Zemanta also maintains a Data Retention Policy that details the retention period for personal data based on our analysis of how long the specific data is reasonably required for legal or business purposes. When we no longer need personal data, we securely delete or destroy it. Aggregated data, which cannot identify a device/browser (or individual) and is used for purposes of reporting and analysis, is maintained for as long as commercially necessary.
None of our services are directed to children under 16. We do not knowingly collect personal data from anyone under 16 years of age. If we determine upon collection that a Site Visitor, a User or a Business Partner is under 16, we will not use or maintain his/her personal data. If we become aware that we have unknowingly collected personal data from a child under the age of 16, we will make reasonable efforts to delete such information from our records. If you’re a kid, please go play in the yard, don’t use or interact with Zemanta!
- European Territory Citizens
In compliance with European privacy laws, in particular the European General Data Protection Regulation (GDPR), Zemanta provides specific additional rights for citizens of the European Territories such as the right to access, rectification, right to object, to complaint, erasure and blockage. More specifically:
- the right to request information about whether and which personal data is processed by us, and the right to demand that personal data is rectified or amended.
- under certain circumstances, the right to request that personal data should be deleted.
- under certain circumstances, the right to demand that the processing of personal data should be restricted.
- withdraw your consent to the processing and use of your data completely or partially at any time with future application.
- have the right to obtain your personal data in a common, structured and mechanically readable format.
- contact our data protection officer if there are any questions, comments, complaints or requests in connection with our statement on data protection and the processing of your personal data.
- the right to complain to the responsible supervisory authority if believed that the processing of your personal data is in violation of the legislation.
Please email Privacy@outbrain.com with any questions about exercising any of the above rights.
- California Privacy Rights
(a) Your Rights
As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
- You can request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information that we have collected.
- The categories of sources from which we collected Personal Information.
- The business or commercial purpose for collecting and/or selling Personal Information.
- The categories of third parties with whom we share Personal Information.
- Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third party recipient.
- Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third party recipient.
- You can request a copy of the Personal Information that we have collected about you during the past 12 months.
- You can ask us to delete the Personal Information that we have collected from you.
- Opt-out of sales.If we sell your Personal Information, you can opt-out. In addition, if you direct us not to sell your Personal Information, we will consider it a request pursuant to California’s “Shine the Light” law to stop sharing your personal information covered by that law with third parties for their direct marketing purposes.
- Opt-in.We contractually prohibit our publishing and advertising clients from placing our technology on pages that target individuals younger than 16 years old. If we learn that you are younger than 16 years old, we will ask for your permission (or if you are younger than 13 years old, your parent or guardian’s permission) to sell your Personal Information before we do so.
- Non-discrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights.
(b) How to exercise your rights. You may exercise your California privacy rights described above as follows:
- Right to information, access and deletion. You can request to exercise your information, access and deletion rights by:
- Right to opt-out of the “sale” of your Personal Information.We do not sell your Personal Information in the conventional sense (i.e., for money). However, like many companies, we use services that help deliver interest-based ads to you. California law classifies our use of these services as a “sale” of your Personal Information to the companies that provide the services. This is because we allow them to collect information from our website users (e.g., online identifiers and browsing activity) so they can help serve ads more likely to interest you. To opt-out of this “sale”, click on this link which will take you to our a page where you can opt out of personalised recommendations.
We will need to confirm your identity and California residency to process your requests to exercise your information, access or deletion rights. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
(c) Personal information that we collect, use and share
|Zemanta User Type||
Statutory category of personal information (PI)
|Source of the PI||Purpose for collection||How we may share, disclose or “sell” information.|
Internet or Network Information
|Site Visitor||See Section 2(a) (Site Visitors).||See Section 2(c) (Site Visitors).|
Internet or Network Information
|Users||See Section 2(a) (Users).||See Section 2(c) (Users).|
|Business Partners||See Section 2(a) (Business Partners).||See Section 2(c) (Business Partners).|
- “Do Not Track” Disclosure
Some browsers transmit Do Not Track (DNT) signals to websites. Because there is no common understanding of how to interpret the DNT signal, Zemanta does not currently alter, change, or respond to DNT requests or signals from these browsers. We will continue to monitor industry activity in this area and reassess our DNT practices as necessary. In the meantime, you can use the range of other tools we provide to control data collection and use, including the ability to opt out of receiving personalized recommendations in the Users section.
- EU-US Data Protection Framework (DPF) Participation
Please click here to view our certification.
- Complaint and Dispute Resolution Procedure under the DPF
Outbrain’s internal complaints mechanism
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Outbrain commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF should first contact Outbrain at: DPO@outbrain.com
You may have the right to lodge a complaint with the data protection authority of your country of residence. If you live in the UK, you can make a complaint with the Information Commissioner’s Office (ICO) at this address. If you live in the EU, you can find the relevant data protection authority here. To submit a complaint to the FTC, click here.
Independent Recourse Mechanism
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Outbrain commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to Judicial Arbitration and Mediation Services, Inc. (JAMS), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you. Please contact or visit the https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint.
The Federal Trade Commission has jurisdiction over Outbrain’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF.
You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country (including Switzerland) participating in the DPF must first:
(1) contact us and afford us the opportunity to resolve the issue;
(2) seek assistance from JAMS (an independent recourse mechanism); and
(3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue.
If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the DPF, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the DPF Principles with respect to the resident. The arbitration option may not be invoked if the individual’s same claimed violation of the Principles
(1) has previously been subject to binding arbitration;
(2) was the subject of a final judgement entered in a court action to which the individual was a party; or
(3) was previously settled by the parties.
For more details, please click here.
European Individual Rights Under The DPF
Outbrain must provide you:
- Information on the types of personal data collected
- Information on the purposes of collection and use
- Information on the type or identity of third parties to which your personal data is disclosed
- Choices for limiting use and disclosure of your personal data
- Access to your personal data
- Notification of the organization’s liability if it transfers your personal data
- Notification of the requirement to disclose your personal data in response to lawful requests by public authorities
- Reasonable and appropriate security for your personal data
- A response to your complaint within 45 days
- Cost-free independent dispute resolution to address your data protection concerns
- The ability to invoke binding arbitration to address any complaint that the organization has violated its obligations under the DPF Principles to you and that has not been resolved by other means
OUTBRAIN’S LIABILITY IN CASES OF ONWARD TRANSFERS TO THIRD PARTIES
In the context of an onward transfer, Outbrain has responsibility for the processing of personal information it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf. Outbrain remains liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless Outbrain proves that it is not responsible for the event giving rise to the damage.