Dentsu International (referred to as “our”, “us” and “we” in this notice) is an advertising agency that is part of a global media group.  Merkle is part of Dentsu International. We help our clients to improve how they advertise and market, whether by print, post, email or on websites. We believe that the responsible use of data supports business growth and builds strong relationships between brand and consumer. As a business, we are committed to respecting and protecting the privacy of all individuals with whom we interact. We are committed to being transparent in our handling and processing of personal information at all times in accordance with applicable privacy and data protection laws.

This Privacy Notice covers Merkle’s data products, including DataSource, Identity, M1, and Merkury.  

DataSource: This product covers most of the adult US population and is built by combining data supplied to us by other companies that collect data from you.

Identity: Our Identity product is a set of processes that manage and associate information across a number of sources to create an identity map across those identifiers and tie them to an individual.

M1: M1 is a platform we offer our clients to allow them to understand their consumers, plan their marketing campaigns, activate those campaigns and understand the effectiveness of those advertising campaigns. When these campaigns are activated, we work with publishing networks (including social media and online display advertising) to display our client’s advertising to you.

Merkury: Merkury is an identifier designed to allow marketers to engage audiences online without using third-party cookies. Publishers place the Merkury tag onto their sites, which places a first-party cookie into the publisher’s first-party domain.  This allows publishers to combine their first-party data with our proprietary data, which includes identifiers, such as hashed e-mail address and IP address, to build and find audiences across the Merkury publisher networks.

For activities related to our website, please see here for our Website Privacy Notice.

This Privacy Notice explains in detail the types of personal information we may collect or receive about you in connection with our data products, and how we use, process, and share that personal information.

The California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act, provides California residents with additional rights with respect to their personal information.  The Virginia Consumer Data Protection Act (VCDPA) provides Virginia residents with additional rights with respect to their personal data. Those rights are explained below in Section 6 (Your California and Virginia Rights). This Privacy Notice includes certain disclosures required under the CCPA and the VCDPA.

In this Privacy Notice, the term “personal information” has the meaning ascribed to it under California Consumer Privacy Act of 2018, as amended, and includes the term “personal data” as defined under the Virginia Consumer Data Protection Act.

We are a global marketing agency and operate separate data products in the UK and the US. This Privacy Notice is intended for US consumers.

01 | Sources of Information

We receive personal information from third party sources like advertisers, brands, data brokers, non-profit organizations, public records, government entities, our clients (who may already do business with you), our partner publishers and partner service providers. We may also receive personal information from other sources such as public registers. We put information together so that we can check your personal information is correct and up to date, and then we keep the collection of information about you in our products (see How We Use Your Personal Information below).

We also receive information from websites provided by our clients and business partners that use our cookies, pixels, and/or small pieces of code known as “web beacons” or “clear gifs”, such as the Merkury tag (collectively, “Tracking Technology”).

We use Tracking Technology to help us better source information about email activities and activities of visitors to our client websites and determine which marketing material is effective and preferred by our respective Publishers/Clients and their consumers.

02 | Personal Information We May Process

From our sources (see Sources of Information below), we get and store various types of information about people and households. These may include the following:

• Contact information, such as your name, address, phone number and email address.
• Demographic information, such as general descriptive data associated with the individual (such as gender, age, occupation, education, languages spoken) and household (such as number of adults/children, multi-generational household, etc.). We do not knowingly collect information from individuals under 18, but we may receive information about how many children are in your household and their year of birth or age range. We use reasonable efforts to remove individuals under 18 from our products.
• Commercial Information, we collect information about personal property, as well as products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies. This can include a number of sub-categories of information such as:
  • Home and Real Estate information – Details about residential properties, such as property type, building construction, land size, date purchased, and property value
  • Geographic information - Descriptive data associated with residential address, such as urban/rural, time zone, census tract/block
  • Automotive information – Details about vehicles such as make/model, owned/leased, duration held, and vehicle value
  • How you like to use your electronic devices, including mobile phone, TV provider, internet access at home or at work. This may include whether you use social media, play games, download music or watch TV online, take or share photos or videos, research holidays, gamble, use mobile banking apps or online banking, etc.
  • Lifestyle, Interests, and Life Events – Expressed or inferred interest in activities and hobbies, such as camping, crafting, electronics, exercise, investing, outdoors, reading, real estate, and recent milestone events (e.g., birth of child, marriage, etc.)
  • Purchase and Purchase Intent – Noted or inferred purchase behavior, such as in-store/catalog/online purchasing, in-market for automobile, category shopper (e.g., crafts, gadgets, clothing, etc.)
  • Financial – Indicators of income and wealth, such as individual and household annual income ranges, likelihood of savings and investments, and presence of credit accounts
  • Events and Locations – Venue and event purchases, locations of shopping.
     
• Internet and Network Activity Information, including internet protocol (IP) address used to connect your computer to the internet, mobile device IDs, websites that you visit and how you interact with those websites and any apps you may use. We may also receive information about your browsing habits across multiple websites and over time. We may also receive information about your interaction with emails or other electronic messages we send you, such as when you open or click on an email.
• Location Information, we may infer a location based on your IP address and collect from third parties other geolocation information.
• Education Information, like your level of education and what institutions you may have attended.
• Professional and Employment Related Information, we may also collect information about your employment such as job and title, as well as your income level.
• We collect and develop Inferences by using the other pieces of personal information collected about you. We may draw inferences about you, reflecting what we believe to be your preferences, characteristics, predispositions, and attitudes as well as attributes connected to your IP address.
• Sensitive Personal Information, we may collect sensitive information for the purpose of drawing inferences about you, such as: 
  • your social security, driver’s license, state identification card, or passport number;
  • your account log-In, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
  • your precise geolocation;
  • your racial or ethnic origin, religious or philosophical beliefs, or union membership;
  • genetic data;
  • the processing of biometric information for the purpose of uniquely identifying you; and
  • personal information collected and analyzed concerning your health, sex life, or sexual orientation. 

We also process other types of information, not classified as personal information, which we may link to your personal information. This may include business information for the purposes of identifying segments of individuals who live near certain businesses, or aggregated credit card spend data for the purpose of modelling likely behavior.

03 | How We Use Your Personal Information

Except where prohibited by law or court order, we use your personal information for the following purposes:

• to provide services to our clients; 
• to combine or match personal information; 
• to enable the download of our content;
• to send you newsletters and advertising messages (these may contain information relating to our brands and services);
• to respond to your requests and feedback;
• to analyze and/or improve our websites and services; and
• to recognize you across multiple touchpoints by creating a single record for you;  
• other purposes for which we seek your consent; and
• to protect us, our websites, clients, employees, and business partners from fraud or other malicious activity.

In the table below we set out further information about the purposes for which we use your personal information and the categories of third parties to which we disclose this personal information. In the second column, we also specify how such personal information is categorized under California and Virginia law. For more information about the categories of personal information under California and Virginia law, see Your California and Virginia Rights.

We use information as otherwise disclosed or permitted by law, or as we may notify you. We may use personal information to create deidentified or aggregated data which does not identify you or any other individual. We may use and disclose this anonymous or aggregated data as we choose.

3.1 Services We Provide to Clients

When a client uses our services to run an advertising or marketing campaign, we are what's known as a “service provider" or “third party” for the client provided data used for that campaign. We use that personal information for the client's advertising or marketing campaign and act on the client's instructions.

04 | Personal Information Sharing and Disclosure

Information shared within dentsu international
Dentsu International is a globally operating media group consisting of multiple companies. Therefore, we may from time to time disclose your personal information within our group of companies.

Information shared with our third-party service providers
We use a number of third parties to perform business functions on our behalf, such as sending our newsletters and hosting our online services and customer relationship management. We will disclose personal information to these vendors and service providers to enable them to provide their services.

Information shared with clients and entities authorized by our clients.
We may share personal information from our products with clients and their agencies and other entities authorized by them for their analytics, profiling, and/or marketing purposes including email and postal mail fulfillment providers. We will provide our clients with information so that they can send marketing or show ads to consumers. We may share hashed or anonymized user data from email communications or website activities with third parties so they may set cookies and/or collect your data directly from you (e.g. through a cookie or other technology) for their own use and subject to their own privacy policies. This data may be combined and linked with data from other sources.

Information shared with social media platforms and publishers.
We may share your personal information with social media platforms and publishers who allow us to buy advertising space for our clients. This may mean that you receive our clients’ marketing messaging when you use those social media platforms and other digital properties.

Information shared with other parties as required by law or to prevent or investigate illegal activities
Where required or permitted by law, personal information may be provided to others, such as regulator and law enforcement agencies, for example in response to a court order or a subpoena, or in response to a law enforcement agency’s request, or where we believe it is necessary to investigate, prevent or take action regarding illegal activities or to protect dentsu international, our websites, customers, employees, and business partners from fraud or other malicious activity, and as otherwise required by law.

Information shared due to corporate mergers or restructuring
We may disclose personal information with any successor to all or part of our business. For example, if part of our business is sold, we may give our customer list as part of that transaction.

We may share personal information for other reasons we may describe to you from time to time or as permitted by law.

05 | Where and When We Send Personal Information

Our products containing your personal information is kept in the US and backed up in the US. Dentsu International is a globally operating media group consisting of multiple companies. Therefore, we may from time to time disclose your personal information within our group of companies. Some of our group companies are located in the European Union (“EU”) or European Economic Area (“EEA”), and we implement and maintain policies designed to ensure the security of such disclosures and transfers in accordance with the applicable privacy and data protection laws.

06 | Retention of your Information

We update data in our systems at least every thirty days. As indicated in Your Choices section below, you can request that we delete personal information we have associated with you, however we may continue to receive personal information about you after we have processed your deletion request.

07 | Your Choices

This section explains the choices you may exercise over the use of your personal information.

7.1 Opting Out of Certain Tracking and Interest Based Advertising

We enable users to opt-out from certain uses of information in a digital environment. If you want to opt-out from our solutions from the browser you are currently using, click here and our systems will attempt to place an opt-out cookie on your computer.

We and other third party companies collect and receive information from across a variety of websites and mobile applications you visit or use over time in order to infer your interests and deliver relevant advertising to the browsers and devices you may use, including across associated devices. This type of advertising is known as interest-based advertising. You may visit http://www.aboutads.info/choices/ to learn more about this activity and opt out of our and many of our partners collection and use of data for that purpose. Some mobile operating systems have their own opt-out mechanisms that apply to IBA in mobile app environments. To exercise this opt-out, please visit the privacy settings of your Android or iOS device. We adhere to the Digital Advertising Alliance’s Self-Regulatory Principles.

Please note that if you clear cookies from your browser or reset your device identifier, you may need to renew your opt-out choice. You will also continue to receive advertising after an opt-out, but those advertisements may be less relevant to your interests. If you use multiple browsers or devices you will need to exercise your choices on those browsers or devices as well.

While we do not currently respond to Do Not Track signals, when our systems detect the presence of our opt-out cookie or a mobile o/s opt-out indicator, our solutions will stop engaging in IBA for the opted out browser or device. And if we have linked two or more browsers or devices as described above, our systems will attempt to sever the link for the opted out browser or device.

7.2 Your California and Virginia Rights

This section describes the rights that residents of California and Virginia have and how to exercise such rights. If you are a California resident, the California Consumer Privacy Act, as amended, (“CCPA”) requires us to provide you with the following additional information about: (1) the purpose for which we use each category of “personal information” (as defined in the CCPA) we collect; and (2) the categories of third parties to which we (a) disclose such personal information for a business purpose, (b) “share” personal information for “cross-context behavioral advertising,” and/or (c) “sell” such personal information.

The Virginia Consumer Data Protection Act (VCDPA) provides Virginia residents with additional rights with respect to their personal data.

Under the CCPA, “sharing” is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites, and “selling” is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration. 

We “share” and “sell” information so that our clients can provide more relevant and tailored advertising to you.

You can make the following requests with respect to your personal information:

• Right to Access – You have the right to request that we provide you with a copy of the specific pieces of personal information we collected about you over the past 12 months.
• Right to Delete – You have the right to request that we delete your personal information that we maintain about you, subject to certain exceptions.
  • If you were known by another name or lived at another address, we may not be able to locate all information which relates to you if you do not include it in the form below. Please provide as much information as possible so that we can try to identify all records which relate to you.  We may keep certain personal information in accordance with our legal obligations and rights, such as keeping sufficient information about you to recognize that you have made a personal information request and to keep a record of that request.
  • However, if we lawfully receive your personal information after fulfilling your deletion request, that new information may be included in future data products unless/until you submit a new deletion request. However, if one of our clients separately has your personal information and they provide it to us, along with specific instructions on how we are to use it on their behalf, you may still receive their advertising. (We do not add our clients’ data to our own data products unless allowed to by our clients)
• Right to Opt-Out of Targeted Advertising – You have the right to request that we not include your data for any targeted advertising we conduct.
  • Your choices do NOT affect marketing that is not based on your personal information. For example, you may still receive advertising based on the content and predicted audience of the website you are browsing. This is known as “contextual advertising” and will not stop in response to your requests.
• Right to Correct – You have the right to request that we correct inaccurate personal information that we maintain about you, subject to certain exceptions.
• Right to Limit Use of Sensitive Personal Information – You have the right to request that we do not process or share your sensitive personal information.
• Right to Opt-Out of Profiling – You have the right to request that we not process your information for profiling.
• Right to Non-Discrimination – You have the right to not receive discriminatory treatment for the exercise of your privacy rights.
• Do Not Sell/Share My Info – You can request that we not sell your personal information by clicking Do Not Sell/Share My Info. For purposes of this Privacy Notice, “sell” means the sale of your personal information to an outside party for monetary or other valuable consideration, subject to certain exceptions set forth in applicable California law.  For purposes of this Privacy Notice, “share” means the disclosure of your personal information to an outside party for cross-contextual behavioral advertising purposes, subject to certain exceptions set forth in applicable California law. Any opt-out of cookie-based tracking for advertising purposes is specific to the device, website, and browser you are using, and is deleted whenever you clear your browser’s cache. 

You can make these requests online by clicking here, or by calling us at (+1) (833) 570-5939 (toll-free in the US).  For any business-to-business requests, you can make these requests online by clicking here, or by calling us at (+1) (833) 570-5939 (toll-free in the US). For any employment related requests, you can make these requests online by clicking here.

We may deny certain requests, or fulfill a request only in part, based on our legal rights and obligations. For example, we may retain personal information as permitted by law, such as for tax or other record keeping purposes, to maintain an active account, and to process transactions and facilitate customer requests. Note that for purposes of these requests under this Privacy Notice, personal information does not include information about job applicants, employees and other of our personnel; information about employees and other representatives of third-party entities we may interact with; or information we have collected as a service provider to our clients. Finally, please note that we are required by California Civil Code section 1798.105(d) to keep a record of your request.

Only you, or a person or business entity registered with the California Secretary of State (for California residents) that you authorize to act on your behalf (an “authorized agent”), may make the requests set forth above. You may also make a request on behalf of your minor child.

The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information (including information that reasonably enables us verify the identifying information we currently maintain about you) that allows us to reasonably verify that you are the person about whom we collected the personal information or an authorized representative.

We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing. In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. The method used to verify your identity will depend on the type, sensitivity and value of the information, including the risk of harm to you posed by any authorized access or deletion. Generally speaking, verification will be performed by matching the identifying information provided by you to the personal information that we already have.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request (and will not be made more than twice in a 12-month period). If we cannot comply with a request, or cannot fully comply with a request, the response we provide will also explain the reasons we cannot comply. If we deny your request in whole or in part, you may have the right to appeal the decision. In such circumstances, we will provide you with information regarding the appeals process.

Data Subject Rights Requests Metrics - California Consumer Privacy Act

• Click here to view our most recent reporting metrics

If you reside in California, you have the right to ask us one time each year if we have shared personal information with third parties for their direct marketing purposes. To make a request, please send us an email, or write to us at the address listed below. Indicate in your letter that you are a California resident making a “Shine the Light” inquiry.

08 | How We Protect Your Personal Information

We have reasonable security measures in place to help protect personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

We have implemented reasonable, industry-standard security policies, standards and practices designed to protect information from internal and external threats. The degree of protection for each piece of information is based on the risk and consequences associated with having that information compromised. While no security measures will provide for absolute security, all of our employees responsible for the management of information have the responsibility to adhere to our documented security controls, which are developed commensurate with the understood risk.

09 | Data Suppliers, Clients, and Third Parties

This Privacy Notice is limited to the personal information received and used by us in connection with our products and does not apply to personal information collected through one of our websites. We may obtain information through various sources (see Sources of Information) and are not responsible for the privacy practices of such sources. We also may share information with our clients and other third parties and are not responsible for the privacy practices of such clients and third parties.

10 | Children

We do not actively seek to collect personal information about children aged 16 or under. If you have any concerns about your child’s privacy in relation to our services, or if you believe that your child under the age of 16 may have entered personal information onto our website, please contact us at dpous@merkleinc.com. We will delete such personal information from our records or seek verifiable parental or legal guardian consent to retain such information within a reasonable time.

11 | Updates

This Privacy Notice may be updated from time to time to reflect changes in law, best practice or a change in our practices regarding the treatment of personal information. The date of the most recent revision will appear below. You should review this page from time to time to ensure that you are happy with any changes that have been made. If you do not agree to the changes, please do not continue to use our services and please refrain from sharing your personal information with us.

This policy is effective as of July 1, 2023.

12 | Contact

If you have any questions about this Privacy Notice or would like to exercise any of the rights mentioned above, you can contact our Data Protection Officer in any of the following ways:

Address: Data Protection Officer
Merkle Inc.
7001 Columbia Gateway Drive
Columbia, MD 21046

Telephone:
(+1) (833) 570-5939 (US, toll-free)

Or by email at: dpous@merkleinc.com