Policies for Data Providers Participating in the Marketplace
Xandr's data marketplace ("marketplace") allows data providers to supply Xandr customers with data about ad impressions available on the Xandr Platform. Data providers may have access to Bid Stream Data, which may include both information about the websites and mobile applications from which bid requests originate, as well as information about individual users, including IP addresses, cookie IDs, device identifiers, other unique identifiers.
This Policy governs each data provider’s participation in the marketplace. It applies both to a data provider’s provision of data in the marketplace, and to a data provider’s receipt, use, and storage of data, including Bid Stream Data received by data providers from the Xandr Platform.
To print or download these policies, go to ... and click Export to PDF or Export to Word.
Data made available through the marketplace must comply with privacy law, self-regulatory requirements, and Xandr policy, including, but not limited to, the following:
|Data for Interest Based (or Behavioral) Advertising (IBA or OBA)||OBA data must have been collected in a manner in which users were provided industry standard notice and access to choice (opt-out or opt-in, as required by local rules).|
|Personally Identifiable Information (PII)||Data may not contain Personally Identifiable Information (PII), which is information used to directly identify a person, such as name, email address, phone number, postal address, Social Security Number or other government-issued identifiers, or account numbers such as those used for insurance plans or financial accounts.|
Data may not include sensitive information about end users, where Sensitive Information is information deemed as sensitive under applicable law or industry self-regulatory code, including, but not limited to, information about users' health or finances, users' sexual orientation, and information about children, including sites or apps directed at children under 13. Further description of Sensitive Information is available in Privacy and the Xandr Platform.
To demonstrate compliance with applicable laws and self-regulatory principles, data providers that receive and use user- or device-specific identifiers, such as IP address, cookie ID, or device ID must have either:
- NAI Membership: Data Providers must be members in good standing of the NAI and certify adherence to the NAI Code of Conduct; or
- NAI Alternatives: If NAI membership is not applicable to the data provider because of business model, geography, or other reason, the data provider may instead complete an audit, compliance review, certification, or other comparable assurance of adherence to applicable industry rules, policies, guidance, and best practices for privacy, and provide evidence of such to Xandr. Xandr will work with data providers to identify reasonable options for meeting this requirement. (Examples of alternatives include 3rd party independent certification under the EDAA, or the ePrivacy Seal.)
Use of Bid Stream Data
Data providers that have access to Bid Stream Data may only use it to provide data to Xandr customers via the marketplace. In addition, data providers may not do the following:
Data providers may not use Bid Stream Data to build or augment a data provider’s own data sets, including any interest segments, user profiles, or retargeting segments.
|Storing data in a format that is linkable to a person or device|
Any Bid Stream Data stored by data providers must be hashed or aggregated such that it is not reasonably linkable to any individual person or unique device. Storing Bid Stream Data that is linked to an individual or unique device is prohibited.
|Disclosing data to unaffiliated third-parties||Data providers may not disclose Bid Stream Data to any unaffiliated third parties, except as expressly allowed by Xandr.|
Data providers must implement and maintain administrative, physical and technical safeguards that prevent any unauthorized collection, use or disclosure of, or access to, Bid Stream Data. Xandr may, from time to time, supplement these policies with specific security requirements.
All data providers are responsible for compliance with any applicable economic sanctions programs, including those administered by the Office of Foreign Assets Control ("OFAC"). In connection with the OFAC compliance program:
The Xandr Platform isn’t permitted for use by data providers who are in countries or territories that are subject to comprehensive sanctions by OFAC, including Crimea, Cuba, Iran, North Korea and Syria (such countries or territories, the “Embargoed Regions”) or are otherwise subject to sanctions by OFAC. If a data provider is based in a location that has recently become subject to comprehensive OFAC sanctions or is otherwise subject to sanctions by OFAC, such data provider’s account may be immediately suspended and its data will no longer be available through the marketplace. We will notify you by e-mail if we suspend your account, but no grace periods or exceptions are possible.
|Account Access within Embargoed Regions|
Even if a data provider is not based in an Embargoed Region or not otherwise subject to OFAC sanctions, it is forbidden to use the Xandr services or Platform on behalf of partners or clients based in any of the Embargoed Regions or who are otherwise subject to OFAC sanctions.