Extreme Reach, Inc.; Extreme Reach Talent, Inc; Extreme Reach Services Group, LLC; CMC Crew Services, Inc; and Extreme Reach Payroll Solutions, Inc.; Slate and Extreme Reach UK Limited and their affilialtes worldwide (collectively “XR”) are committed to respecting and protecting your privacy.

This Privacy Policy describes how we collect, use, disclose, store and otherwise process information collected through XR Platform from ads served or tracked (the “Ad Serving Services”) on third-party websites, mobile applications, and other online media, including smart televisions, connected applications, and digital media streaming services and devices (collectively “Properties and Devices”). For information related to other Services, please see the relevant privacy policy link on the right side of this page.

Terms

Beacons and Tags: Beacons and tags enable online advertising companies to collect data and serve advertising on websites by allowing communication between a web browser and an ad server. A beacon (or web beacon) is a small transparent image that is placed on a web page. A tag is a small piece of computer code that is run by a web browser.

Cookie: A cookie is a small text file that is stored in a web browser by a website or ad server. By saving information in a cookie, websites and servers can remember preferences or recognize browsers from one visit to another or from one website to another.

End User: visitors and users of the Properties and Devices where XR is serving advertisements.

Personally Identifiable Information (PII): Information that can be used on its own or with other information to identify, contact, or locate an individual or to identify an individual in context. In the context of these services, this will almost always be limited to IP Address, Device ID, and/or other device's technical information that we do not connect to any identified person’s name, physical address, or other personally-identifying information. However, PII does not include publicly available, deidentified, or aggregated consumer information.

Information We Collect

When we provide Ad Serving Services on behalf of our customers (advertisers and their agencies), we typically use Beacons and Tags, Cookies, or similar technology to collect End User activity and viewership information related to how many people view the ad, clicks, conversions, and other information made available by the browser or device such as the internet or network activity, and general (not precise) geolocation data. As part of that interaction, we may also collect “identifiers,” such as IP address, user agent string, device ID, and/or advertising ID, which are generally considered to be PII under GDPR, CCPA, and other data privacy legislation. Other than those categories of data listed in this section, XR does not collect any other personal information.

How Collected Data Is Used

XR uses the collected data to track general advertising impressions and response activities, so our customers can understand how their advertising campaigns perform (i.e., how many advertisements have been viewed and which ad experiences are most relevant and resonant with audiences). We do not use your data for any automated decision-making.

PII such as IP Address and Device ID can also sometimes be used to better personalize ad experiences for End Users, so they are more likely to see ads that are relevant to them and their interests.

Information Disclosed to Outside Parties

We generate advertising campaign analysis reports for our customers (and sometimes for the Property and Device publishers (for example, the owners of the websites that End Users visit where they see the ads we serve) using anonymized, aggregated non-personally identifiable information.

Our customers may also sometimes request custom, log-level reports, with details at the impression level that may include PII such as IP Address. Such log-level reports do not include data related to ads served outside of the United States.

XR uses Google’s YouTube API Services in order to serve ads into the YouTube environment. The Google Privacy Policy can be found at: https://policies.google.com/privacy and the Google App Permissions page can be found at: https://myaccount.google.com/permissions. The YouTube Terms of Service (ToS) can be found at: https://www.youtube.com/t/terms.

We do not otherwise sell, trade, or transfer collected information to outside parties, except as discussed above for the limited purposes of XR’s customer services. We may also release collected information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.

How We Protect Your Information

Security of all information is of the utmost importance for XR. We use technical and physical safeguards to protect the security of your personal information from unauthorized disclosure. We also make all attempts to ensure that only necessary people and third parties have access to personal and confidential information.

We require that our third party service providers (1) use confidential information only to perform their obligations, and (2) otherwise maintain the confidentiality of such information. These third party service providers and channel partners are contractually obligated to maintain privacy and security protections that are consistent with XR’s privacy and information security policies. When we disclose PII for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that PII confidential and not use it for any purpose except performing the contract.

Transparency and Choice

Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may not have access to all features available through our services. For more information, visit the help page for your web browser.

XR participates in the IAB CCPA Compliance Framework and the IAB Europe Transparency & Consent Framework (“TCF”) and complies with its Specifications and Policies. XR’s identification number within the TCF is 1002. By participating in these frameworks, we honor privacy requests that are passed to us by participating web and app publishers.

Your Rights

Consumers and End Users have a variety of rights they may exercise with respect to their PII. While legislation only requires that we honor certain requests from people who live in certain jurisdictions, we allow anyone (including agents) from anywhere to exercise any of those same rights, and we will not discriminate in any way against anyone for doing so.

As such, you can exercise the following rights with respect to your personal information that we have: (1) access your information, (2) correct or update your information, (3) delete your information, (4) Do Not Sell or Share directive, (5) receive, transfer or port your information to someone else, (6) find out who we’ve disclosed your information to, and (7) unsubscribe or opt-out. To exercise any of these rights, please click here.

Compliance with Applicable Laws

We are committed to complying with all applicable laws and regulations concerning data protection and privacy in any jurisdictions in which we operate or collect and process personal data. This includes, but is not limited to, the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (for EU and UK), the California Privacy Rights Act (CPRA), and any other applicable local, national or international privacy laws. See details regarding GDPR and CPRA compliance below.

GDPR

XR is committed to protecting your data in compliance with the GDPR and the UK Data Protection Act 2018. XR is a processor of data received via our Ad Serving Services. Should you have any issues with how we handle your data, we request that you contact us first (here or using the contact information below) so that we can make every effort to address your concerns. You also have the right to lodge a complaint with a local data supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred, or the UK, as applicable. For further information onyour rights under GDPR and UK Data Protection Act 2018, please contact and/orvisit the website of your local data protection authorities. The supervisory authority in the UK is the Information Commissioner who may be contacted at http://ico.org.uk/concerns/ or telephone: +44303-123-1113.

CPRA

If you are a California resident, California law provides you with particular rights regarding our use of your personal information. To learn more about your California privacy rights, visit here. To exercise any such rights, please click the link above within the “Your Rights” section.

For data regarding Data Requests we received and responded to in 2024, please see Consumer Data Request Report.

GPP/MSPA

XR tags support the Global Privacy Platform (GPP) protocol developed to streamline the transmission of privacy, consent, and consumer choice signals to downstream parties. XR is also a signatory of the Multi-State Privacy Agreement (MSPA), which provides an updated contractual framework to ensure privacy compliance for US state privacy signals.

International Data Transfers

We receive data from End Users wherever they view ads we serve globally. XR is a global organization, and in the course of providing our services, your personal data may be stored, processed, and transferred to locations outside of your country of log-in. This may involve transfers to countries that may not have the same level of data protection laws as the country where customers logged in from. In such cases, we ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws, such as the use of Standard Contractual Clauses or other legally recognized mechanisms for international data transfers. By submitting your personal data, you agree to this transfer, storing or processing.

EU-US Data Privacy Framework Compliance

XR complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  XR has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  XR has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

In compliance with the DPF Principles, XR commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our policy or data privacy actions should first contact XR at privacy@extremereach.com.

XR is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to its use of your data. Under certain conditions, you may have the right to invoke binding arbitration regarding your privacy rights. If XR wrongly transfers your private data to third parties, it may be liable to you for damages.

XR has further committed to refer unresolved privacy complaints under the EU-U.S. DPF Principles to an independent U.S.-based third party dispute resolution provider. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Children

XR recognizes the importance of protecting the privacy and safety of children. Our services are primarily directed towards the advertising industry and are not directed towards children.

We have taken steps to avoid collection of any information from individuals under 18 years of age. During the onboarding process, web publishers notify XR of any COPPA (Children’s Online Privacy Protection Act Compliance) compliant sites or properties, and we flag those so as not to track or store any cookie-level data.

Consumers may also take the extra precautions by exercising various rights by clicking the link above in the Your Rights section.

Data Retention

We retain PII collected via our Ad Serving Services for no more than two (2) years, and less time than that where legally required. We do not retain any category of personal information referred to above for longer than necessary for the purposes for which it was processed.

Changes to This Policy

XR reserves the right to change, modify, add or remove portions of this Privacy Policy at any time without notice (except when legally obligated to provide notice). Any changes to this Privacy Policy will become effective when we post the revised version on our website.

Contact Information

You can contact privacy@extremereach.com or 1-800-324-5672 if you have questions about this privacy policy, or for requests related to your privacy rights.

Last updated: February 6, 2025 for general updates.