GroupM Global Privacy Notice

GroupM.com Privacy Notice

How and why we collect data and covering your choices.
(last update, Jan 2, 2020)

GroupM is a global media investment business and is the umbrella for a group of companies, including media planning and buying companies such as Mindshare, Mediacom, Wavemaker and Essence and technology providers including: [m]PLATFORM, Xaxis, BannerConnect and LemonPi. For more details about these technologies, please refer to the FAQ section of this notice which provides links to their own privacy notices.

In the European Economic Area (EEA) and Switzerland the GroupM legal entity responsible for the data that GroupM collects is GroupM UK Limited. Outside of the EEA and Switzerland the responsible legal entity is GroupM Worldwide, LLC. This notice outlines how and why GroupM (“GroupM”) collects and uses personal data specifically from visits to the groupm.com website (“Website”). It also explains your rights as someone who may provide personal data to GroupM through the Websites and how to exercise these rights. If you are an individual residing in the EEA or Switzerland you should be aware that our DPO can contacted at DPO@GroupM.com.


What information is collected and used by GroupM?

We collect information that enables us to identify your browser and device and tell us which pages within our Website you visit and on which pages you spend the most time. We do this by using the following:

Cookie is a small alphanumeric text file that we automatically assign to visitors to our website. It is stored in your browser and allows us to identify you.

Sometimes a cookie resides on your device for just the single time you’re visiting our Website; this is called a session cookie. Sometimes a cookie remains on your device until you delete it or it expires automatically; this is called a persistent cookie. Both types of cookies are used on our Website.

IP address means Internet protocol address
Pixel is a line of code that sits within our webpages and which we use to record that you have visited a particular page within our website.

We use some, or all, of this information to improve your website experience by delivering content that you are likely to prefer on future visits. Our lawful basis for this type of processing is that we have a legitimate interest in understanding and improving your experience of our Website.

If you don’t agree to us using cookies and the above information, you may prevent their use through your browser settings or you may choose to opt out HERE. By choosing not to accept cookies, certain Website features may not work as we have intended.


Specific Cookie Types used by GroupM
Performance

Analytics

Tracking

This type of cookie provides aggregated information about where a user may go on the Website.
Google Analytics

(persistent)

GroupM uses Google Analytics to help us analyze how visitors use the Website. Among other things, Google Analytics uses cookies to collect information about the number of visits to the Website, the webpage that referred visitors to the Website, language, device, browser and operating system, the pages visitors view within the Website and other similar details. We do not share this information with third parties. When used this way the Google Analytics cookie is a persistent cookie, and will remain on your device until the cookie expires or you delete it. These cookies may appear as _utma, _utmb, _utmc, _utmz, _utmv, _utmt.
Google Analytics

(session)

This cookie may appear as has_js. We do not retain this data as it is deleted upon closing of your browser, and therefore we cannot share it with any third parties.
Social media

Social Sharing

These are cookies that help with the Website’s functionality. These are third party cookies, and they allow you to share comments, pages, bookmarks, and likes, and help to provide access to social networking tools easily
Widgets Social media widgets used on this Website include LinkedIn, Twitter, and YouTube. These social media widgets collect information about your visit to the Website and your use of the social platform services (for example, buttons or likes) on the Website. We do not share information with these social platforms, however please keep in mind the social networks collect the data of your site visit and interaction with the social widget directly

Collection and Use of Contact Information.

There are a few instances where we may collect your name and contact details (such as e-mail address, telephone number and postal address). But, we won’t collect this information without consent and never use it in online advertising placement. Examples where you might voluntarily provide your name and contact details include:

  • Responding to requests: we keep a record of information, including email address and other contact information, solely for responding to a user’s request. For example:
    • If you click on the “contact us” link and submit a question or comment, we will collect your name, e-mail address, and phone number to send you a reply.
    • If you voluntarily ask to be added to our newsletter list, we will collect your e-mail address to send you our email newsletter.

By entering your contact information as noted above you are consenting to GroupM using that information to contact you regarding your request. This consent is our legal basis for using the information in this way.

If at any time you decide to withdraw your consent and like would us to remove you from our marketing e-mails or newsletters, or to unsubscribe from our database, you can contact us using the details provided at the bottom of this Privacy Notice. You must include your name, e-mail address, and clear instructions regarding changes you are requesting. You may also unsubscribe from e-mail newsletters by clicking on the “unsubscribe” link found at the bottom of the e-mail.

GroupM is a data controller responsible for your personal data (as this term or similar term is defined by applicable law) when you visit our Website or provide us with contact information.


California
*This section only applies if you are a resident of California under the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws (together “California Laws”).

Pursuant to Section 1798.83 of the California Civil Code, residents of California can obtain certain information about the types of personal information that companies with whom they have an established business relationship have shared with third parties for direct marketing purposes during the preceding calendar year. To request a list of companies, if any, to which GroupM has provided personal information for its own marketing purposes, please email us at DPO@groupm.com . Please allow 30 days for a response.


CCPA Personal Information We Collect

The Website collects the following categories of personal information, and the Website has collected the following categories of personal information (i) from its consumers within the last twelve (12) months, (ii) for the following purposes and (iii) from the following sources. In addition, we may share personal information with the below-identified categories of third parties.

Except as otherwise expressly set forth herein, we will not collect additional categories of personal data or use the personal data we collect for materially different, unrelated, or incompatible purposes without providing you notice.


Category of Personal Information

Category of Personal Information  Examples Purposes for Which Such Information Will be Used or Was Collected int he Preceding 12 Months Categories of Sources From Which Personal Information Will be Collected or Has Been Collected in the Preceding 12 Months
Personal Identifiers Name, postal address, online identifier, Internet Protocol address, email address. To respond to your requests, provide the requested service, market our services to you and provide information about events User completing a web form on the Website(s), registering for one of our events or subscribing to the newsletter
Cookie ID/IP address/Browser/Device ID/Location data See “cookie” information above
Internet or other similar network activity Browsing history, search history, information on a consumer’s interaction with a website, application or advertisement

 


As used in this CCPA section, “personal information” does not include:

  • Information that is lawfully made available from federal, state or local government records.
  • De-identified or aggregated information
  • Information excluded from the scope of the California Consumer Privacy Act of 2018 (“CCPA”),
    such as:

    • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and
    • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

Your Right to Know and Access Information

California consumers have the right to request that we disclose to them, for the 12-month period preceding the date of the request, (i) the categories of personal information we have collected about them, (ii) the categories of sources from which personal information is collected, (iii) the business or commercial purpose for the information collection, (iv) the categories of third parties with whom we have shared personal information, and (v) the specific pieces of personal information we hold about them.


Your Right to Request Deletion

You have the right to request that we delete any personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records. However, we may retain information that has been de-identified or aggregated.

  • Furthermore, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) in order to perform certain actions set forth under CCPA, such as detecting security incidents and protecting against illegal activity.
    • In any access or deletion request that you make pursuant to this notice, you should include your full name, e-mail address, and clear instructions regarding changes and/or information you are requesting in sufficient detail that allows us to properly understand, evaluate, and respond to your request. In addition, we ask that you please provide sufficient information to enable us to reasonably verify that you are the person (or an authorized representative of the person) regarding whom we collected the personal information. Generally speaking, verification will be performed by matching the identifying information provided by you to the personal information that we already have. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
    • In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity (or, in the case of an authorized representative, authority to make the request) and confirm that the personal information relates to you. With respect to any requests to delete your data, once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception under applicable law applies. If we cannot comply (in whole or in part) with a request, the response we provide will also explain the reasons we cannot comply.
    • We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing.

If you use an authorized agent to exercise the right to opt-out, you must provide the authorized agent written permission to do so, and we may deny the request if the authorized agent does not submit proof that it has been authorized by you to act on your behalf.

Note – Subject to applicable law, opting out through this mechanism will not prevent your personal information from being shared with third parties for non-marketing purposes (for example, to process one of your transactions). Further, this opt out mechanism will not prevent the transfer of personal information in connection with a merger, acquisition, bankruptcy or other sale of all or a portion of our assets.

To exercise any of your rights herein, you can contact us using the contact information provided at the bottom of this Privacy Notice. Please remember that any disclosures we provide will only cover the 12-month period preceding our receipt of your request. We will not discriminate against you for exercising any of your rights hereunder!


Frequently Asked Questions

Does GroupM share any information with other vendors or partners? We may provide access to information we collect to our vendors and contractors (also known as third parties) who are performing services on our behalf to enable the uses of your information that we have described above. These vendors are not permitted to use this information for any other purpose. As noted above the Website uses social media widgets including, but not limited to, YouTube, Twitter, and LinkedIn so users can easily share information about their visits with “likes” or “shares.” Always review the privacy policy of social media sites as their data collection practices are separate from GroupM practices. Additionally, we must disclose information when we believe we’re legally obliged to, or in order to investigate, prevent, or take action regarding prohibited activities, such as incidents of hacking, misuse, or other prohibited activities.

Does GroupM transfer your Personal Data outside the European Union? If you provide us with personal data, we may transfer that personal data to our affiliates and subsidiaries or to other third parties, across borders, and from your country or jurisdiction to other countries or jurisdictions around the world to enable us to use that personal data as described above. Our standard practice is to use European Union model clauses for the transfer of data from the EEA & Switzerland to other non-EEA countries.

Use of this site by Children & Children’s data: We’re sensitive to children’s privacy. Our Website is not developed for or directed at children under age 13. We specifically request that children not provide information about themselves through our Website. If you believe your child has provided this kind of information and would like it deleted from our database, you can contact us at DPO@groupm.com . If we become aware we’ve collected information about a child under the age of 13, we’ll delete it.

Data retention and storage: We will keep your information that we collect on the Website for a reasonable period for the purposes set out above. We follow generally accepted online advertising industry standards to ensure that your personal data disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. These standards include undertaking necessary physical, electronic, and management activities required to protect data integrity, access, and use.

Information Security: Maintaining the privacy of our users’ information is very important to us which means we take care and pay special attention to our security measures to protect this information from data breaches. We follow industry standards to protect against the unauthorized access to, retention of, and disclosure of information. This includes physical, electronic, and management activities to protect information integrity, access, and use.

Linking to other websites/Third party sites: A link from our Website to another website does not imply our endorsement of affiliates or websites, and we do not control third party websites to which we link, nor assume responsibility for their content or privacy policies. Once you follow a link to another website, the GroupM Privacy Notice no longer applies. It’s important to always read the privacy policy of any website you are visiting.

Transfer of data upon change of control: In the event that another company acquires us, or all or substantially all of the assets of our business, through a consolidation, merger, asset purchase, or other transaction, we reserve the right to transfer all information (including any information you may have provided through the “contact us” page) that is in our possession or under our control to the acquiring party, and that information may be used by the acquiring party in its business.

Data Subject Rights of individuals in the EEA and Switzerland: You have the right to access, update, change, delete, restrict the use of, or obtain a copy of your Personal Data in an easily readable format. In certain circumstances, you may also request that GroupM transfer your Personal Data to a third party, and the right to object to its use for marketing purposes. If you wish to exercise any of these rights please contact our DPO at DPO@GroupM.com.

Where our processing of your personal data is based on your consent, you also have the right to withdraw this consent at any time by contacting our DPO at DPO@GroupM.com. Please note that your withdrawal of consent will not affect the lawfulness of our processing of your personal data prior to withdrawal of consent.



[m]PLATFORM Companies & Privacy Notice Links

Changes to this Privacy Notice

Please note that because of the changing nature of privacy laws and regulations, digital technologies, and our business, we may modify this Privacy Notice from time to time. Please review this Privacy Notice periodically to become aware of any changes that may have occurred (we will update the effective date at the top of the page to help you know when changes have been made).

If you have any Complaints or wish to contact us: Please use the details set out below depending on where you are located and we will do our best to address any complaints or worries you may have about how we collect and handle your Personal Data.

If for whatever reason you don’t feel like we have adequately addressed your concerns you can contact the Data Protection Authority in your jurisdiction and make a formal complaint.


Europe:

GroupM UK Limited

DPO@GroupM.com

GroupM, 40 The Strand, London WC2N 5RW – Attn: Data Protection Officer


Outside Europe:

GroupM Worldwide LLC

Privacy@groupm.com

GroupM, 498, 7th Avenue, New York, NY, 10018, USA – Attn: Director of Privacy