<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=134132097137679&amp;ev=PageView&amp;noscript=1">

Pixalate Privacy Policy

Last updated and effective as of 01 February 2024

Pixalate Europe Limited and its affiliates (Pixalate,” “we,” “us” or our) are committed to protecting the privacy of individuals. Because we know that you care the most about your individual privacy, this Pixalate Privacy Policy is designed to inform you as to how we collect, use, retain, correct, disclose, and share "personal data," which is defined as any information relating to a living individual by which such individual may be identified or be identifiable.

1. What sites and services are covered by this Privacy Policy?

This Privacy Policy describes Pixalate’s privacy practices in relation to our corporate website, www.pixalate.com (the Website), and the online services that we offer (collectively, the Services), which our clients use to benchmark digital advertising inventory supply quality, identify and filter out potentially fraudulent digital advertising inventory, and comply with applicable privacy and data protection laws globally. Our Privacy Policy applies to personal data collected: (i) in connection with operation of, access to, and use of our Website and Services, (ii) when our clients, prospective clients and business partners express interest in learning more about Pixalate and our Services, and (iii) in connection with the day-to-day operation of our business.

For our Website and/or our Services, this Privacy Policy details our practices, provides transparency and specifies contact mechanisms relating to our collection, use, retention, correction, deletion, disclosure, and sharing of personal data, and the associated procedures relating thereto. In addition to this Privacy Policy, your use of our Website and Services is subject to our Terms of Use (https://www.pixalate.com/terms).

2. What do we do with personal data collected in connection via our Website and Services?

To power portions of our Website, and provide our Services, we process the categories of personal data detailed in Section 3 below. We use such personal data to: (i) analyze the quality of digital advertising opportunities, (ii) provide digital advertising inventory fraud detection Services, (iii) generate digital advertising inventory quality-related rankings, reports and indices, and (iv) provide legal compliance tools. Because of the nature of our Services, we do not combine such collected data with any other data in order to personally identify any individual, human users.

3. What technologies are used, and data types are collected, in connection with operation of our Website and Services?

Cookies. Cookies are small packets of data that are transmitted to an internet browser’s storage medium in order to enable the browser to “remember” information such as page visits, user log-in information, and other related records of online activity. In addition to using cookies in connection with fraud detection, fraud prevention, legal compliance and digital advertisement quality determinations, we use cookies on our Website and Services as a means to prevent unauthorized access to client-specific, secure content and reports. Please note that, when accessing client-specific, secure content, you are acting as a representative of your organization and your interactions with our Website and/or Services in this capacity will be governed by the master subscription terms, master services agreement, terms of use, or other agreements establishing your organization’s rights and obligations with respect to access to and use of our Website and/or Services.

Pixel tags, script tags, SDKs, and macros. Pixel tags (small, transparent images present on web pages) and script tags (used to define a client-side JavaScript) allow an operator of a web page, a developer of an app, or a third party serving a tag, to set, read, and modify cookies and to collect information directly from internet-connected browsers, devices or systems. In connection with use of an internet browser (on a desktop computer or mobile device), a mobile application, or any other internet-connected media-viewing system (e.g., connected television and so-called over-the-top media technologies; collectively, "CTV") upon which pixel tags, script tags, software development kits (which enable third-party code to run in a mobile or an CTV application; SDKs), or other software code snippets (known as Macros) are deployed, our servers or our clients’ servers, as applicable, automatically collect and log certain information. Such logs may include information about the browser, mobile application or CTV system or device accessing a page, application or media, including internet protocol (IP) address, browser, user agent, application, device or system, referring URL, information about the page, application or media where a digital advertisement was to be displayed, the advertisement’s dimensions, location and viewability, and generalized user interaction data. We use this information to power aspects of our Website and provide our Services (i.e., for fraud detection, fraud prevention, legal compliance and digital advertisement quality assessment purposes).

Location Information. We derive your general (i.e., non-precise) location information from your system's or device's IP address, and we may process and store – subject to expedited purging in accordance with our data retention policy – non-precise location information received via digital programmatic advertising auction bid requests in connection with our fraud detection and prevention Services. Other than postal addresses that may be provided in connection with client payment obligations for certain Services, neither our Website nor our Services require, or utilize, any precise geographic location information.

4. What specific data types are collected and received in connection with day-to-day operation of our business, including with respect to our billing and support of existing clients, marketing and sales to prospective and existing clients, and human resources-related activities?

In connection with the day-to-day operation of our business, we collect and receive the following categories of information:

  • Contact information. We collect contact information from: (i) visitors to our Website, (ii) direct marketing outreach efforts, (iii) third-party marketing automation tools, (iv) our clients’ use of our Services, and (v) our client’s submission of contact information of themselves and/or their business partners (collectively, “Contact Information”). Contact Information may be provided via telephonic, email or text communications, or browser-based forms, and may include first name, last name, email address, job title, name of the organization, street number and name, state/province/region, country, phone numbers (cell and/or landline), and other information reasonably required for us to respond and engage properly and expeditiously. This Contact Information may be used by our sales, customer success, human resources, legal affairs, and/or finance teams to contact our Website visitors, Services clients, and client prospects, as permissible under applicable law, so that we may provide information (including marketing materials), support, training and/or our Services.  In addition, if you submit Contact Information for a third party to Pixalate (e.g., through a Service trial referral form) you authorize Pixalate to disclose to such third party that you provided us with the individual’s Contact Information.  Such disclosure may include your name, title, and any organization affiliation(s).
  • Billing information. We collect financial, billing and payment information from our clients, prospective clients (in connection with credit checks), and third-party vendors, which may include purchase order numbers, account numbers, credit reports, and/or instructions for wire, automated clearing house (ACH) or bankers automated clearing services (BACS) transfers. This billing and payment information may be used to prepare and send invoices, make and receive payments, and otherwise manage our clients’ and third-party vendors’ accounts.

5. What technologies are used, and what data types are collected and used, in connection with our day-to-day business operations?

Automatic data collection. Like most organizations with an online presence, we rely upon automatic data collection technology, including third-party technologies (e.g., Google Analytics), when you access and use our Website and Services. These third-party services may use online tracking technologies to collect information such as your system's or device's IP address, internet service provider, browser type, operating system and language, referring and exit pages and URLs, search query content, access dates and times, amounts of time spent on particular pages, what sections of our Website or Services you visit, number of links you click while on our Website or Services, search terms, and other data.

Please be advised that if you disable, restrict, or block cookies, or similarly opt out of or otherwise limit the performance of our Website or Services, or related services performed by any third party vendor, you may not be able to use the full functionality of our Website and Services. (For more information on Google Analytics, including how to opt out from certain data collection, please visit https://www.google.com/analytics.)

Other third-party services. Third-party services incorporated into our Website, such as social media widgets (e.g., LinkedIn Like button or the Twitter Share button), online advertising networks or job applicant tracking services, may collect information about your visits to our Website for other purposes, including interest-based advertising. You may choose to provide information voluntarily to such third-party service providers, and the information that they collect may include personal data such as IP addresses, pages visited, times and dates of visits, browser or operating system configuration, and other usage data. Third-party service providers may combine information that you provide with information collected from other sites and/or apps. Because we do not host or control such third-party services, your interactions with these services will not be governed by this Privacy Policy; instead, such interactions will be governed by the privacy policy of the third-party service provider.

Use of aggregated data. In an ongoing effort to better understand our Website visitors and Services clients, we may analyze information in an aggregated form to operate, maintain, manage, and improve our Website and Services. We may share aggregated data – and insights derived therefrom – with our clients and Website visitors, as well as with our agents and business partners. We may also disclose aggregated statistics to prospective business partners and other third parties, in order to describe our Website and Services and for other lawful purposes.

Additional data uses. We also use Contact Information, billing information, and other information collected pursuant to this Privacy Policy to respond to general inquiries, solicit feedback regarding our Website or Services, deploy – and provide training and support for – our Services, provide relevant content on our Website and for our Services, and communicate with you via email and/or text regarding our current and future Services.

6. What specific data protection and privacy rights are afforded to users from the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland?

If you are a resident of the EEA, the UK, or Switzerland, you have the following data protection rights, which you may exercise at any time by contacting us using the contact details provided in Section 23 below:

  • the right to access your personal data and confirm the existence of processing;
  • the right to correct, update or request anonymization, blocking or deletion of your personal data;
  • the right to object to processing of your personal data when it is based on our legitimate interests;
  • the right to ask us, in some situations, to restrict processing of your personal data or request portability of your personal data;
  • the right to opt-out of marketing communications we send you at any time.
    • You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing, please contact us using the contact mechanisms provided in Section 23 below;
  • if we have collected and process your personal data with your consent, then the right to withdraw your consent at any time;
    • Please note that withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent;
  • the right to request the review of decisions exclusively based in automated processing, which might affect your interests; and
  • the right to complain to a data protection authority (DPA) about our collection and use of your personal data.
    • For more information, please contact your local DPA.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. If you are aware of changes or inaccuracies in your information, you should inform us of such changes so that our records may be updated or corrected.

7. What are the legal bases under which the personal data of European data subjects may be processed under the European Union (“EU”)’s General Data Protection Regulation, and corresponding data protection regulations in the UK and Switzerland (collectively, such European regulations are referred to herein as the “GDPR”)?

“Fraud prevention” is an express legal basis under Article 6 and Recital 47 of the GDPR. As used herein, and in accordance with the GDPR, identified or identifiable human end users in the EU, the UK or Switzerland, as applicable, are referred to as “Data Subjects.” Article 6 of the GDPR requires one or more legal bases for the processing of Data Subjects’ personal data. The GDPR provides a right to process the personal data of Data Subjects to further a company’s own “legitimate interests,” or the legitimate interests of a third party, provided that doing so will not infringe adversely upon the fundamental rights and freedoms of the applicable Data Subjects.

Recital 47 of the GDPR states expressly that the “processing of personal data strictly necessary for the purposes of preventing fraud” constitutes a legitimate interest, and such provision serves as our primary legal basis for the processing of Data Subjects’ personal data in connection with operation of our Website and Services.

Express consent is a legal basis under Article 6 of the GDPR. Another permissible legal basis for processing a Data Subject’s personal data is express consent from the Data Subject. We may utilize such basis from time to time in connection with our direct marketing efforts to Data Subjects. With respect to the processing of client and client-prospect personal data relating to Pixalate’s Website and Services, we will take reasonable steps to ensure that our consent mechanisms for obtaining personal data of Data Subjects enable them to understand what consent(s) they are providing, and why and how we use such consent(s); and we give clear, defined ways to consent to us controlling and/or processing such Data Subject personal data. Where we use any third party to process Data Subjects’ personal data on our behalf (e.g., employee payroll, recruitment, and benefits), we will enter into reasonable data-processor agreements and establish (and update from time to time) due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures will include initial and ongoing reviews of the service provided, the necessity of the processing activity, and the technical and organizational measures in place to ensure reasonable data protection and compliance with the GDPR.

Pixalate participates in the IAB Europe Transparency and Consent Framework (TCFv2.2) as Vendor ID 384. As detailed herein, "legitimate interest" under the GDPR serves as the legal basis for our processing of personal data for the following purposes:

  • Ensuring security, preventing and detecting fraud, and fixing errors (Special Purpose 1); and
  • Developing and improving our Services (Purpose 10).

Safeguards regarding data transfer of personal data to third parties. Where a third party to which we are transferring personal data is acting as:

  • a data controller, we ensure, contractually, that such: (i) third party complies with applicable Data Subjects’ rights and choices, and (ii) data may only be processed for limited and specified purposes (e.g., fraud prevention). Where consent serves as a legal basis for processing, we ensure, contractually, that: (A) the processing will be consistent with the consent provided by the Data Subject, (B) the third party will provide at least the same level of information security and privacy protection as Pixalate provides, and (C) the third party will notify us promptly if it makes a determination that it can no longer meet these contractual obligations; or
  • our agent (or other third-party vendors performing processing services at our instruction and on our behalf in accordance with this Privacy Policy and applicable law), we ensure, contractually, that: (i) such data is only processed for limited and specified purposes (e.g., fraud prevention), and (ii) such third party: (A) provides at least the same level of information security and privacy protection as Pixalate provides, (B) processes the personal data transferred in a manner consistent with our obligations specified herein, and (C) notifies us promptly if it makes a determination that it can no longer meet these contractual obligations. (We will provide a summary or a representative copy of the relevant privacy provisions of our contract with the applicable third party to government authorities upon request.)

In the event that a third party data controller or processor to which we are transferring personal data makes a determination that it can no longer meet its information security and privacy obligations to us as referenced above, the applicable contract will require cessation of processing and other reasonable and appropriate steps to remediate any such failure.

Hosting on third-party platforms. Pixalate’s Services run on Amazon Web Services (“AWS”) and the Google Cloud Platform. The EU data protection authorities, acting collectively as the Article 29 Working Party, approved: (i) Google’s “model clauses” based agreements for its Cloud Platform, and (ii) Amazon’s AWS Data Processing Agreement (DPA).

8. What data protection and privacy rights are afforded to users from the United States?

If you are based in the United States, the data controller of your personal data is Pixalate Europe Limited (incorporated in Ireland with Company No. 655291), and your data may be processed and stored in the United States, the EEA, or the UK. For contact details, please see Section 23 below.

Additional information for California residents.

This section supplements the description of our information collection and sharing practices elsewhere in this Privacy Policy to provide certain disclosures specific to California residents whose personal data we process pursuant to the then-current regulations implementing the California Consumer Privacy Act (“CCPA”).

Collection, Use and Disclosure of Personal Data. During the preceding 12 months, we have collected, used, and/or disclosed the categories of personal  data described above. For example, depending on the Services you use, this may include your system's or device's identifiers (e.g., IP addresses), your online contact information (e.g., email addresses), commercial information (e.g., records of Services purchased), internet or other electronic network activity information, geolocation data (e.g., your country and postal address), and records of requests and interactions to our customer support service. This may also include inferences we draw from the other information we collect.

Use of Personal Data. The business purposes for which we collect and handle personal data is described above.

Disclosure of Personal Data. We disclose or share personal data in the ways described above, including by allowing third parties that provide us analytics and advertising services to collect information through cookies and other similar technologies.  We believe that third party cookies we permit to be associated with our Website and Services restrict their third party data processing to what is permitted by service providers under the CCPA. You can opt out of future sales of personal data, if any, by using the contact details provided under Section 23 below.

Each of the categories of personal data listed above may be shared with the following categories of third parties for the purpose of cross-context behavioral advertising:

  • Advertising publishers that place advertisements on our behalf, such as Google; and
  • Parties that provide statistical and analytic information regarding the effectiveness of our marketing.

Our Website and Services are not directed to children, and we do not knowingly collect personal data from children under the age of 16; accordingly, we don’t knowingly share the personal data from children under the age of 16 for cross-context behavioral advertising nor do we sell such information. If we find out that a child under 16 years of age has given us personal data, we will take steps to delete that information. If you believe that a child under the age of 16 has given us personal data, please contact us at privacy@pixalate.com, or via the other contact methods specified in Section 23.

Sensitive Personal Information. Pixalate does not use or disclose sensitive personal information, and will not do so other than in compliance with applicable law. Pixalate does not sell or share sensitive personal information for the purpose of cross-context behavioral advertising, and will not do so other than in compliance with applicable law.

Deidentified Information. Personal data does not include information that is deidentified. When we receive or use deidentified information, we maintain it in deidentified form and do not attempt to reidentify the information.

Retention of Personal Data. We retain your information for as long as necessary to provide you and our other users with the Website and/or Services, as applicable. This means we keep your profile information for as long as you maintain an account. We may retain transactional information for at least seven years to ensure we can perform legitimate business functions, such as accounting for tax obligations. We also retain your information as necessary to comply with our legal obligations, resolve disputes and enforce our terms and policies.

Your California Rights Regarding Your Personal Data. California law provides some California residents with the rights listed below. To exercise these rights, please contact us at privacy@pixalate.com, or via the other methods specified in Section 23.

Right to Know. You have the right to know and see what personal data we have collected about you, including:

  • The categories of personal data we have collected about you;
  • The categories of sources from which the personal data is collected;
  • The business or commercial purpose for collecting or sharing your personal data;
  • The categories of third parties with whom we have disclosed your personal data; and
  • The specific pieces of personal data we have collected about you.

Right to Delete. You have the right to request that we delete the personal data we have collected from you (and direct our service providers to do the same).

Right to Correct. You have the right to request that we correct inaccurate personal data.

Right to Opt Out of Sharing. You have the right to opt out of the sharing of your personal data to a third party for cross-context behavioral advertising.

Other Rights. You can request certain information about our disclosure of personal data to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once a year. You also have the right not to be discriminated against for exercising any of the rights listed above.

Exercising Your California Privacy Rights. To request access to or deletion of your personal data, or to exercise any other privacy rights under California law, please contact us at privacy@pixalate.com, or via the other contact methods specified in Section 23.

Authentication and Verification. To respond to some rights we may need to verify your request either by asking you to log in and authenticate your account or otherwise verify your identity by providing information about yourself or your account. Authorized agents can make a request on your behalf if you have given them legal power of attorney or we are provided proof of signed permission, verification of your identity, and, in some cases, confirmation that you provided the agent permission to submit the request.

Response Timing and Format. We aim to respond to a consumer request in relation to these rights within 45 days of receiving that request. If we require more time, we will inform you of the reason and extension period in writing.

California Shine the Light Law. Since 2005, California Civil Code Section 1798.83 permits our clients who are California residents to request certain information regarding any disclosure of personal data that we may make to third parties for their direct marketing purposes. Presently, we do not share our clients’ personal data with third parties for their own direct marketing purposes, and we will not do so without obtaining express consent. For inquiries regarding our disclosure policy, please use the contact details provided in Section 23 below.

Do Not Track. California Business and Professions Code Section 22575(b) (as amended effective January 1, 2014) permits our customers who are California residents to be informed as to how we respond to Web browser "Do Not Track" settings. We do not currently take actions to respond to 'Do Not Track' settings. Instead we adhere to the standards set out in this Privacy Policy, as well as the specific requirements of applicable law. If you would like to find out more about Do Not Track you may find the following link useful: http://www.allaboutdnt.com/.

Additional information for Colorado residents.

Your Colorado Rights Regarding Your Personal Data. Colorado law provides some Colorado residents with the rights listed below. To exercise these rights see the “Exercising Your Colorado Privacy Rights” section below.

  • Right to Know. You have the right to know and see what personal data we have collected about you in a portable format.
  • Right to Correct. You have the right to request that we correct inaccurate personal data.
  • Right to Delete. You have the right to request that we delete the personal data we have collected about you.
  • Right to Opt Out. You have the right to opt out of targeted advertising and the sale of your data (as defined under Colorado law).

Exercising Your Colorado Privacy Rights. To request access to or deletion of your personal data, to exercise any other privacy rights under Colorado law, or to appeal our decision regarding a request related to these rights, please contact us at privacy@pixalate.com, or via the other methods specified in Section 23.

Authentication and Verification. To respond to some rights we may need to verify your request either by asking you to log in and authenticate your account or otherwise verify your identity by providing information about yourself or your account. Authorized agents can make a request on your behalf if you have given them legal power of attorney or we are provided proof of signed permission, verification of your identity, and, in some cases, confirmation that you provided the agent permission to submit the request.

Additional information for Connecticut residents.

Your Connecticut Rights Regarding Your Personal Data. Connecticut law provides some Connecticut residents with the rights listed below. To exercise these rights see the “Exercising Your Connecticut Privacy Rights” section below.

  • Right to Know. You have the right to know and see what personal data we have collected about you in a portable format.
  • Right to Correct. You have the right to request that we correct inaccurate personal data.
  • Right to Delete. You have the right to request that we delete the personal data we have collected about you.
  • Right to Opt Out. You have the right to opt out of targeted advertising and the sale of your data (as defined under Connecticut law).

Exercising Your Connecticut Privacy Rights. To request access to or deletion of your personal data, to exercise any other privacy rights under Connecticut law, or to appeal our decision regarding a request related to these rights, please contact us at privacy@pixalate.com, or via the other contact methods specified in Section 23.

Additional information for Utah residents.

Your Utah Rights Regarding Your Personal Data. Utah law provides some Utah residents with the rights listed below. To exercise these rights see the “Exercising Your Utah Privacy Rights” section below.

  • Right to Know. You have the right to know and see what personal data we have collected about you in a portable format.
  • Right to Delete. You have the right to request that we delete the personal data we have collected about you.
  • Right to Opt Out. You have the right to opt out of targeted advertising (as defined under Utah law).

Exercising Your Utah Privacy Rights. To request access to or deletion of your personal data, or to exercise any other privacy rights under Utah law, or to appeal our decision regarding a request related to these rights, please contact us at privacy@pixalate.com, or via the other contact methods specified in Section 23.

Additional information for Virginia residents.

Your Virginia Rights Regarding Your Personal Data. Virginia law provides some Virginia residents with the rights listed below. To exercise these rights see the “Exercising Your Virginia Privacy Rights” section below.

  • Right to Know. You have the right to know and see what personal data we have collected about you.
  • Right to Correct. You have the right to request that we correct inaccurate personal data.
  • Right to Delete. You have the right to request that we delete the personal data we have collected about you.
  • Right to Opt Out. You have the right to opt out of targeted advertising and the sale of your data (as defined under Virginia law).

Exercising Your Virginia Privacy Rights. To request access to or deletion of your personal data, to exercise any other privacy rights under Virginia law, or to appeal our decision regarding a request related to these rights, please contact us at privacy@pixalate.com, or via the other contact methods specified in Section 23.

Additional information for Nevada residents.

Your Nevada Rights Regarding Your Personal Data. Under Nevada law, Nevada residents who have purchased goods or services from us may opt out of the “sale” of “covered information” (as such terms are defined under Nevada law) for monetary consideration to a person for that person to license or sell such information to additional persons. “Covered information” includes first and last name, address, email address, and phone number, or an identifier that allows a specific person to be contacted either physically or online. We do not believe that we engage in any sharing that would qualify as a sale under Nevada law. Nonetheless, if you are a Nevada resident who has purchased goods or services from us, you may submit a request to record your preference to opt out by using the contact details provided in Section 23 below.

Authentication and Verification. To respond to some rights we may need to verify your request either by asking you to log in and authenticate your account or otherwise verify your identity by providing information about yourself or your account. Authorized agents can make a request on your behalf if you have given them legal power of attorney or we are provided proof of signed permission, verification of your identity, and, in some cases, confirmation that you provided the agent permission to submit the request.

9. What data protection and privacy rights are afforded to users from Brazil?

If you are based in Brazil, the data controller of your personal data is Pixalate Europe Limited (incorporated in Ireland with Company No. 655291), and your data may be processed and stored in the United States, the EEA or the UK. For contact details, please see 23 below.

Our Website and Services are operated in accordance with the laws of Brazil, including the Marco Civil da Internet, Federal Law No. 12.965/2014 ("MCI") and the General Data Protection Law, Federal Law No. 13.709/2018 ("LGPD"), including: (i) any data processing activities carried out in Brazil; and (ii) any processing of personal data of individuals located in Brazil.

We process the categories of personal data described above in this Privacy Policy. Depending on the Services you use, this may include your system’s and/or device’s IP addresses, the dates and times of your access to our Website and/or Services, and the email address that you utilize in connection with our Website and/or Services, as applicable, business and internet or other electronic network activity information. It may also include inferences we draw from other information we collect.

Legal Basis for Data Processing. We process personal data for the purposes set out in this Privacy Policy observing legal bases set out in the LGPD. Our legal basis for processing your personal data will depend on the personal data in question and the specific context in which we collect it, but will include when it is:

  • necessary for the performance of the contract between you and Pixalate (for example, to provide the services requested by you and to identify and authenticate you so that you can use the Platform).
  • necessary to comply with legal requirements (for example, to comply with applicable accounting rules and make required disclosures to law enforcement authorities);
  • necessary to achieve our legitimate interests or those of third parties;
  • based on your consent;
  • necessary for the regular exercise of rights in judicial, administrative and arbitration proceedings;
  • necessary for the protection of life and limb or of the data subject and third parties;
  • used for credit protection purposes; and/or
  • used for other cases foreseen in the LGPD or applicable legislation.

If we collect and use your personal data based on our (or a third party's) legitimate interest, that interest will generally be to operate our Website and Services, manage our relationship with you and communicate with you as necessary to provide our services to you and for our legitimate business interest, for example in responding to your inquiries, improving our Website and/or Services, conducting marketing, or for the purpose of ensuring the security of our Website and/or Services and detecting or preventing malicious and/or illegal activities such as fraud. We may have other legitimate interests and, if appropriate, we will make clear to you at the relevant time what those legitimate interests are.

If we ask you to provide personal data to comply with a legal requirement or to enter into a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as the possible consequences if you do not provide your personal data). In some cases, it may be necessary for you to provide us with personal data for processing as described above in order for us to provide you with all of our services and for you to use all of the features of our Website and/or Services.

If you have questions or need more information about the legal basis on which we collect and use your personal data, please contact us using the contact information provided in Section 23 below.

Your Rights Under Brazilian law. You have the following data protection rights, which you can exercise at any time by contacting us using the contact details provided in Section 23 below:

  • the right to access your personal data and confirm the existence of its processing;
  • the right to correct, update or request anonymization, blocking or deletion of your personal data;
  • the right to object to the processing of your personal data where it is based on our legitimate interests or in case of non-compliance with LGPD or applicable law;
  • the right to ask us, in some situations, to restrict the processing of your personal data or to request portability of your personal data;
  • the right to cancel marketing communications we send you at any time.
    • You may exercise this right by clicking on the "unsubscribe" or "unsubscribe" link in marketing e-mails that we have sent to you. To unsubscribe from receiving other forms of marketing, please contact us using the contact information provided in Section 23 below.
  • if we collect and process your personal data with your consent, you have the right to withdraw your consent at any time and request deletion of your personal data. Withdrawing your consent will not affect the lawfulness of any processing carried out prior to your withdrawal, nor will it affect processing of your personal data carried out on a legal basis other than consent.
  • the right to request a review of decisions based solely on automated processing, which may affect your interests.
  • the right to petition the Brazilian National Data Protection Authority (ANPD) about our collection and use of your personal data.
  • the right to request portability of your personal data to another service provider; and
  • the right to request information about with whom your personal data has been shared.

We respond to all requests we receive from individuals who wish to exercise their data protection rights in accordance with applicable data protection laws. If you are aware of changes or inaccuracies in your information, you must inform us of such changes so that our records can be updated or corrected.

To exercise your rights, you or your authorized legal representative may contact us using the contact details provided in Section 23 below. Once we receive your request, we may verify it by requesting sufficient information to confirm your identity, including requesting that you verify information about your use of the Website and/or Services, as applicable.

10. Under what circumstances would data be transferred, and what safeguards are in place regarding data transfer?

Onward transfer of data to third parties. Like many businesses, we hire third-party vendors to perform certain business-related services. We may disclose personal data to certain types of third-party service providers but only to the extent reasonably required to enable them to provide such services. The types of companies that may receive personal data, and their functions include: direct marketing assistance, billing, client service, data processing and storage, Website and Services hosting, and disaster-recovery services. All such third-party vendors perform such services at our instruction and on our behalf pursuant to contracts that incorporate the standard contractual clauses (SCCs) for data transfers between EU and non-EU countries and require at least the same level of privacy protection as is required by this Privacy Policy and applicable law, and as implemented by Pixalate. In addition, as required by the the European Union ("EU")-United States ("U.S.") Data Privacy Framework, the United Kingdom ("UK") Extension to the EU-U.S. DPF, and Swiss-U.S. DPF, as applicable, we will remain liable if a third party that we engage to process personal data on our behalf does so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the matter giving rise to the damage. With respect to your personal data collected via our marketing efforts, you may opt out of having such personal data transferred to any or all of our categories of agents – and other third-party vendors performing such services at our instruction and on our behalf – by contacting us at privacy@pixalate.com. Please allow us a reasonable time to process your request.

Business-transaction-related transfers. In the event of a merger, dissolution, reorganization or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in such a merger or the acquiring entity. All such transfers shall be in accordance with applicable law, and subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this Privacy Policy. This Privacy Policy is binding upon Pixalate and its legal successors in interest.

  • Disclosure of personal data in connection with legal and administrative proceedings. We are required from time to time to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also be required to disclose personal data in the course of defending ourselves in litigation, and to third parties when compelled to do so by governmental authorities or as otherwise required by law or regulation (including, but not limited to, in response to court and administrative orders and subpoenas). In all such circumstances, we will make reasonable efforts to maintain confidentiality of such personal data.

11. May you review, correct, modify or delete any of your personal data that we possess?

You may request to review, correct, modify, or delete any of the personal data that you have previously provided to us. To update your billing information, or request return or deletion of your data associated with your account, please contact your account representative or our customer success team. For other requests to access, correct, modify or delete your personal data, please email privacy@pixalate.com. Requests to access, change, or delete your personal data will be addressed within a reasonable timeframe, and in accordance with periods established under applicable law.

12. How long is personal data retained?

We will retain your personal data in a form that identifies you, or may be used to identify you, only for as long as it reasonably serves the purpose(s) for which it was initially collected, or for a purpose that you authorized subsequently, and, in both circumstances, in accordance with this Privacy Policy and applicable law. In the event that we continue processing your personal data for longer periods, it will only be for the time and to the extent reasonably required for a lawful and permissible purpose (e.g., archival, compelling public interest, journalism, literature, scientific or historical research, and statistical analysis), and subject to the protections afforded by this Privacy Policy and applicable law. After such time periods have expired, we may either delete your personal data or retain it in an anonymous form that does not identify you personally.

13. What steps are taken to safeguard personal data?

Pixalate takes protection of the security and privacy of personal data that we collect pursuant to this Privacy Policy very seriously. Accordingly, we have implemented and will maintain reasonable and appropriate technical, administrative, and physical measures designed to: (i) prevent unauthorized access to the Website and Services, and (ii) protect personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction. We will take into account the risks involved in processing, and the nature of such personal data, and will comply with all applicable laws and regulations.

If we become aware of a data breach affecting your personal data, we will notify you and the regulatory authorities in accordance with the timescales and scope required by applicable data protection laws.

For registered users of our Website and/or Services, it is your responsibility to keep your password secure and confidential. We recommend that you do not divulge your password to anyone, and have instructed our personnel to never ask you for your password. If you share a computer with others, you should not save your login information on that shared computer. Please remember to sign out of your account and, as applicable, close your browser window when you have finished your session

14. Is your Website or Services collecting personal data from children, or directed in any way towards children?

We do not knowingly collect, maintain, use, disclose, sell or share any personal data from children under the age of 13 in connection with our Website or Services, and no part of our Website or Services is directed towards children. If you have reason to believe that a child under the age of 13 has provided any personal data to us, please contact us at privacy@pixalate.com, or via the other contact methods set forth in Section 23 below.

15. Do you exercise any control over the privacy practices of third-party websites to which you may link?

Our Website may contain links to third party websites (External Sites). Pixalate has no control over the privacy practices of these External Sites. As such, we are not responsible for the privacy policies of those External Sites. You should check the applicable third-party privacy policy, and applicable terms and conditions of use, when visiting any External Sites, and before providing any personal data to such External Sites.

16. Does Pixalate transfer, process and/or store your personal data outside of your country?

Pixalate may process personal data inside the EEA, U.K., and U.S. Data protection laws vary among countries, with some providing more protection than others. Pixalate complies with various legal mechanisms, as applicable, in a manner designed to ensure adequate protection for the transfer, processing and storage of personal data. Learn more.

17. Does Pixalate comply with the EU-U.S. Data Privacy Framework?

On 10 July 2023, the European Commission adopted its adequacy decision for the European Union ("EU")-United States ("U.S.") Data Privacy Framework ("DPF"). The adequacy decision concludes that the U.S. ensures an adequate level of protection – compared to that of the EU - for personal data transferred from the EU to U.S. companies participating in the EU-U.S. Data Privacy Framework. The EU-U.S. DPF, United Kingdom ("UK") Extension to the EU-U.S. DPF, and Swiss-U.S. DPF (collectively, the "DPFs") were respectively developed by the U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for personal data transfers to the U.S. from the EU, UK, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law.

Pixalate has certified to the U.S. Department of Commerce that it adheres to the DPFs.  If there is any conflict between the terms in this privacy policy and the applicable DPF(s), such DPF(s) shall govern.  To learn more about the framework applicable to the DPFs, please visit https://www.dataprivacyframework.gov.

18. What is the process for resolving complaints about Pixalate’s collection or use of personal data?

In accordance with the framework applicable to the DPFs, Pixalate commits to resolve complaints about our collection or use of your personal data.  EU, UK, and Swiss individuals with inquiries or complaints regarding our policy should first contact Pixalate via email at privacy@pixalate.com, or via mail at:

Pixalate Europe Limited
20 North Audley Street
London, W1K 6WE, United Kingdom
Attn: Legal Affairs Department

Pixalate has further committed to cooperate with the panel established by the EU data protection authorities (DPAs), UK Information Commissioner's Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.

19. Which U.S. governmental agency has investigatory and enforcement powers regarding Pixalate?

Pixalate is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

20. Is it possible, under certain conditions, for individuals to invoke binding arbitration?

Yes, is it possible, under certain conditions, for individuals to invoke binding arbitration to resolve disputes relating to this Privacy Policy and applicable law. In order to address privacy-related complaints not resolved by other means, Pixalate offers a binding arbitration option in such circumstances. Any such arbitration shall be conducted in accordance with the UK Arbitration Act 1996 by the International Chamber of Commerce (“ICC”) under its 2021 Arbitration Rules and Expedited Procedure Provisions. These rules and provisions are available on the ICC website or by sending an email to info@iccwbo.uk.

21. Is it possible to opt out of direct marketing and/or interest-based digital advertising?

Opting out of direct marketing or email management. Solely as permitted by applicable law, we may contact you via any of your Contact Information, including email, phone, mail, text messages, push notifications, apps or other ways through our Website or Services for direct marketing purposes.  However, you may opt out at any time from the use of your personal data for direct marketing purposes, or the transfer of your personal data to third parties for direct marketing purposes, by emailing us at privacy@pixalate.com. Please allow us a reasonable time to process your request; we will respond within the time periods specified by applicable law. Notwithstanding the foregoing, if you are a Pixalate client, you may not opt out from receiving transactional emails related to your account.

Browser tracking opt out. Individual users may opt out of interest-based digital advertising in the context of internet browsing, or otherwise limit the information that may be collected about them and/or how it is used. Please visit https://www.aboutads.info/choices to learn more about interest-based advertising and how to opt out of this form of advertising.

Mobile device tracking opt-out. Individual users who opt-out of mobile device tracking limit the information that may be collected about them and/or how it may be used. You may opt-out of interest-based and demographic-based advertising using your mobile device settings. Please follow the instructions below for Android and iOS applications.

Opt-out process for Android-based mobile devices:

  • Open the Google Settings app on your device
  • Select Ads
  • Set the “Opt-out of interest-based ads” slider to your desired position
  • Optionally, you may reset the advertising identifier associated with your device

Opt-out process for iOS-based mobile devices:

  • Open Settings
  • Select Privacy
  • Select Advertising
  • Set the “Limit Ad Tracking” slider to your desired position
  • Optionally, you may reset the advertising identifier associated with your device

Please note that opting out via your browser on your desktop computer may not limit the collection of information on your mobile device(s) or CTV system(s), and opting out on your mobile device(s) or CTV system(s) may not limit the collection of information through your computer’s internet browser. Opting out limits the collection of data but may not eliminate such data collection completely. Some information may still be collected about your browsing of websites, and use of mobile applications or CTV systems, after you limit tracking on such browsers, devices or systems.

“Do Not Track” signals. Currently, various browsers – including Chrome, Firefox, and Safari – offer a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to websites visited by the user about the user's browser DNT preference setting. At present, Pixalate does not respond to browsers' DNT signals with respect to our Website or Services. Pixalate takes privacy and meaningful choice seriously and will implement global privacy controls (GPC) in accordance with applicable law, and will continue to monitor developments around DNT browser technology and the implementation of any such standards.

22. When did this Privacy Policy become effective, and when do any future changes to this Privacy Policy become effective?

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may update this Privacy Policy from time to time in response to, among other factors, changing legal, technical, or business developments.

When we update this Privacy Policy, we will take reasonable measures to inform you, consistent with the significance of the changes we make, and as required by applicable law. If we make material changes to the ways in which we use or share personal data previously collected from you through our Website or Services, we will notify you through our Services, by email, or other communication, and will post the amended Privacy Policy on our Website.

23. How do you contact us?

If you have questions about this Privacy Policy, please contact us via one of the following contact mechanisms:

  • E-mail us at privacy@pixalate.com;
  • Call us at +44 (0)800 011 2050; or
  • Send us postal mail or express delivery at:

Pixalate Europe Limited
20 North Audley Street
London, W1K 6WE, United Kingdom
Attn: Legal Affairs Department