Legal
Privacy Policy for XR Extreme Reach Ad Serving and Analytics
Extreme Reach, Inc.; Extreme Reach Talent, Inc; Extreme Reach Services Group, LLC; CMC Crew Services, Inc; and Extreme Reach Payroll Solutions, Inc.; Slate and Extreme Reach UK Limited (collectively “Extreme Reach”) are committed to respecting and protecting your privacy.
This Privacy Policy describes how we collect, use, disclose, store and otherwise process information collected through Extreme Reach Platform from ads served or tracked (the “Ad Serving Services”) on third-party websites, mobile applications, and other online media, including smart televisions, connected applications, and digital media streaming services and devices (collectively “Properties and Devices”). For information related to other Services, please see the relevant privacy policy link on the right side of this page.
Terms
Beacons and Tags: Beacons and tags enable online advertising companies to collect data and serve advertising on websites by allowing communication between a web browser and an ad server. A beacon (or web beacon) is a small transparent image that is placed on a web page. A tag is a small piece of computer code that is run by a web browser.
Cookie: A cookie is a small text file that is stored in a web browser by a website or ad server. By saving information in a cookie, websites and servers can remember preferences or recognize browsers from one visit to another or from one website to another.
End User: visitors and users of the Properties and Devices where Extreme Reach is serving advertisements.
Personally Identifiable Information (PII): Information that can be used on its own or with other information to identify, contact, or locate an individual or to identify an individual in context. In the context of these services, this will almost always be limited to IP Address, Device ID, and/or other device's technical information that we do not connect to any identified person’s name, physical address, or other personally-identifying information. However, PII does not include publicly available, deidentified, or aggregated consumer information.
Information We Collect
When we provide Ad Serving Services on behalf of our customers (advertisers and their agencies), we typically use Beacons and Tags, Cookies, or similar technology to collect End User activity and viewership information related to how many people view the ad, clicks, conversions, and other information made available by the browser or device such as the internet or network activity, and general (not precise) geolocation data. As part of that interaction, we may also collect “identifiers,” such as IP address, user agent string, device ID, and/or advertising ID, which are generally considered to be PII under GDPR, CCPA, and other data privacy legislation. Other than those categories of data listed in this section, Extreme Reach does not collect any other personal information.
How Collected Data Is Used
Extreme Reach uses the collected data to track general advertising impressions and response activities, so our customers can understand how their advertising campaigns perform (i.e., how many advertisements have been viewed and which ad experiences are most relevant and resonant with audiences). We do not use your data for any automated decision-making.
PII such as IP Address and Device ID can also sometimes be used to better personalize ad experiences for End Users, so they are more likely to see ads that are relevant to them and their interests.
Information Disclosed to Outside Parties
We generate advertising campaign analysis reports for our customers (and sometimes for the Property and Device publishers (for example, the owners of the websites that End Users visit where they see the ads we serve) using anonymized, aggregated non-personally identifiable information.
Our customers may also sometimes request custom, log-level reports, with details at the impression level that may include PII such as IP Address. Such log-level reports do not include data related to ads served outside of the United States.
Extreme Reach uses Google’s YouTube API Services in order to serve ads into the YouTube environment. The Google Privacy Policy can be found at: https://policies.google.com/privacy and the Google App Permissions page can be found at: https://myaccount.google.com/permissions. The YouTube Terms of Service (ToS) can be found at: https://www.youtube.com/t/terms.
We do not otherwise sell, trade, or transfer collected information to outside parties, except as discussed above for the limited purposes of Extreme Reach’s customer services. We may also release collected information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.
How We Protect Your Information
Security of all information is of the utmost importance for Extreme Reach. We use technical and physical safeguards to protect the security of your personal information from unauthorized disclosure. We also make all attempts to ensure that only necessary people and third parties have access to personal and confidential information.
We require that our third party service providers (1) use confidential information only to perform their obligations, and (2) otherwise maintain the confidentiality of such information. These third party service providers and channel partners are contractually obligated to maintain privacy and security protections that are consistent with Extreme Reach’s privacy and information security policies. When we disclose PII for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that PII confidential and not use it for any purpose except performing the contract.
Transparency and Choice
Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may not have access to all features available through our services. For more information, visit the help page for your web browser.
Extreme Reach participates in the IAB CCPA Compliance Framework and the IAB Europe Transparency & Consent Framework (“TCF”) and complies with its Specifications and Policies. Extreme Reach’s identification number within the TCF is 1002. By participating in these frameworks, we honor privacy requests that are passed to us by participating web and app publishers.
Your Rights
Consumers and End Users have a variety of rights they may exercise with respect to their PII. While legislation only requires that we honor certain requests from people who live in certain jurisdictions, we allow anyone (including agents) from anywhere to exercise any of those same rights, and we will not discriminate in any way against anyone for doing so.
As such, you can exercise the following rights with respect to your personal information that we have: (1) access your information, (2) correct or update your information, (3) delete your information, (4) Do Not Sell or Share directive, (5) receive, transfer or port your information to someone else, (6) find out who we’ve disclosed your information to, and (7) unsubscribe or opt-out. To exercise any of these rights, please click here.
GDPR
Extreme Reach is committed to protecting your data in compliance with the General Data Protection Regulations (GDPR). Extreme Reach is a processor of data received via our Ad Serving Services. Should you have any issues with how we handle your data, we request that you contact us first so that we can make every effort to address your concerns. You also have the right to lodge a complaint with a local data supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at http://ico.org.uk/concerns/ or telephone: +44303-123-1113.
For further information on your rights under GDPR, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
CPRA
If you are a California resident, California law provides you with particular rights regarding our use of your personal information. To learn more about your California privacy rights, visit https://oag.ca.gov/privacy/privacy-laws. To exercise any such rights, please click the link above within the “Your Rights” section.
For data regarding Data Requests we received and responded to in 2023, please see Consumer Data Request Report.
GPP/MSPA
Extreme Reach tags support the Global Privacy Platform (GPP) protocol developed to streamline the transmission of privacy, consent, and consumer choice signals to downstream parties. Extreme Reach is also a signatory of the Multi-State Privacy Agreement (MSPA), which provides an updated contractual framework to ensure privacy compliance for US state privacy signals.
International Data Transfers
We receive data from End Users wherever they view ads we serve globally. We store and process data in the United States. Data accessed by customers internationally may be transferred by such customers.
EU-US Data Privacy Framework Compliance
Extreme Reach complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Extreme Reach has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Extreme Reach has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/
In compliance with the DPF Principles, Extreme Reach commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our policy or data privacy actions should first contact Extreme Reach at privacy@extremereach.com.
Extreme Reach is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to its use of your data. Under certain conditions, you may have the right to invoke binding arbitration regarding your privacy rights. If Extreme Reach wrongly transfers your private data to third parties, it may be liable to you for damages.
Extreme Reach has further committed to refer unresolved privacy complaints under the EU-U.S. DPF Principles to an independent U.S.-based third party dispute resolution provider. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Children
Extreme Reach recognizes the importance of protecting the privacy and safety of children. Our services are primarily directed towards the advertising industry and are not directed towards children.
We have taken steps to avoid collection of any information from individuals under 16 years of age. During the onboarding process, web publishers notify Extreme Reach of any COPPA (Children’s Online Privacy Protection Act Compliance) compliant sites or properties, and we flag those so as not to track or store any cookie-level data.
Consumers may also take the extra precautions by exercising various rights by clicking the link above in the Your Rights section.
Data Retention
We retain PII collected via our Ad Serving Services for no more than two (2) years. We do not retain any category of personal information referred to above for longer than necessary for the purposes for which it was processed.
Changes to This Policy
Extreme Reach reserves the right to change, modify, add or remove portions of this Privacy Policy at any time without notice (except when legally obligated to provide notice). Any changes to this Privacy Policy will become effective when we post the revised version on our website.
Contact Information
You can contact privacy@extremereach.com or 1-800-324-5672 if you have questions about this privacy policy, or for requests related to your privacy rights.
Last updated: August 21, 2023 to update EU-US DPF Compliance.