Policies

California Privacy Rights

Under the CCPA, California residents and households have certain rights around the collection, use, and sharing of their personal information.

Disclosure or Sale of Personal Information

We have not disclosed or sold any personal information to third parties for any business or commercial purpose in the preceding twelve (12) months.  We do not and will not disclose or sell your personal information without giving you notice and an opportunity to opt out of such disclosure or sale as required by law.

We do not offer financial incentives associated with our collection, use, or disclosure of your personal information.

We collect various categories of personal information when you use this Site or our Partner sites, including identifiers, commercial information, internet or other electronic network or device activity, geolocation data, and professional information.  A detailed description of the information we collect and how we use it is provided in Section 1 (Information We Collect and How We Use It) above.  Section 3 (Third Parties and Categories of Information) above describes the categories of third parties with whom we share personal information, and what information may be shared and under what circumstances.

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”).  In particular, we have collected the following categories of personal information from consumers from the following within the last twelve (12) months:

Category
Examples
Collected
A. Identifiers
A real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
Yes
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.  Some personal information in this category may overlap with other categories.
Yes
C. Protected classification characteristics under California or federal law
Age (forty (40) years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
Yes
D. Commercial information
Records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Yes
E. Biometric information
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
No
F. Internet or other similar network activity
Browsing history, information on a consumer’s interaction with a website, application, or advertisement.
Yes
G. Geolocation data
Physical location or movements.
Yes
H. Sensory data
Audio, electronic, visual, thermal, olfactory, or similar information.
No
I. Professional or employment-related information
Current or past job history or performance evaluations, and administering employment benefits including retirement, health, and other benefit programs, services, or products to which consumers and their dependents or their beneficiaries receive access through the consumer’s employer.
Yes
J. Non-public education information (Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99))
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
No
K. Inferences drawn from other personal information
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Yes

Under the CCPA, personal information does not include:

  • Publicly available information from government records;
  • Deidentified or aggregated consumer information;
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996, and the California Confidentiality of Medical Information Act, or clinical trial data; or
  • Sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994.

We receive the categories of personal information listed in the chart above from the following sources:

  • Directly from you;
  • Partners or their agents (e.g., information that our Partners give to us related to the services for which they engage us); and
  • Directly and indirectly from activity on our Site (e.g., usage details collected automatically).

Use of Personal Information

We may use or disclose the personal information we collect for some or more of the following business purposes:

  • To fulfill or meet the reason for which such personal information is provided;
  • To provide you with information, products, or services that you request from us;
  • To improve our Site and its contents to you;
  • For testing, research, analysis, and product development;
  • As necessary or appropriate to protect our rights or the rights of others;
  • To respond to law enforcement requests and as required by applicable law, regulation, rule, or court order;
  • As otherwise set forth in the CCPA; or
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

We will not collect additional categories of personal information or use the personal information we collect for materially different, unrelated, or incompatible purposes without notifying you as required by law.

Sharing Personal Information

We may disclose your personal information to a third party (i.e., our Partners) for a business purpose.  When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, we have disclosed the following categories of personal information (listed above) for a business purpose with two (2) categories of third parties: (1) service providers (“Service Providers”); and (2) third parties to whom you or your agents authorized us to disclose your information in connection with our products or services (“Authorized Third Parties”) – detailed in the chart below:

Category
Examples
Categories of Third Parties We Shared Personal Information With
A. Identifiers
A real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
Service Providers; and Authorized Third Parties
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.  Some personal information in this category may overlap with other categories.
Service Providers; and Authorized Third Parties
C. Protected classification characteristics under California or federal law
Age (forty (40) years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
Service Providers; and Authorized Third Parties
D. Commercial information
Records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Service Providers; and Authorized Third Parties
F. Internet or other similar network activity
Browsing history, information on a consumer’s interaction with a website, application, or advertisement.
Service Providers; and Authorized Third Parties
G. Geolocation data
Physical location or movements.
Service Providers; and Authorized Third Parties
I. Professional or employment-related information
Audio, electronic, visual, thermal, olfactory, or similar information.
Service Providers; and Authorized Third Parties
K. Inferences drawn from other personal information
Current or past job history or performance evaluations, and administering employment benefits including retirement, health, and other benefit programs, services, or products to which consumers and their dependents or their beneficiaries receive access through the consumer’s employer.
Service Providers; and Authorized Third Parties

Your Data Privacy Rights Under CCPA

Generally, California resident or household consumers have the following data privacy rights under the CCPA:

  • Right to Know: You may request that a business tell you what specific personal information it collected, shared, or sold about you, and why it was collected, shared, or sold;
  • Right to Delete: You may request that a business delete personal information that it collected from you, subject to some exceptions;
  • Right to Opt-Out: You may request that a business stop selling your personal information;
  • Rights for Minors: A business cannot sell the personal information of minors under the age of sixteen (16) without their permission and, for children under thirteen (13), without parental consent; and
  • Right to Non-Discrimination: A business may not discriminate against consumers who exercise their rights under the CCPA.

Right to Know (i.e., Information About and Access to Your Personal Information)

You have the right to request that we disclose personal information we collected about you pursuant to Civil Code sections 1798.100, 1798.110, or 1798.115 including any or all of the following:

  • Specific pieces of personal information that we collected about you;
  • Categories of personal information we collected about you;
  • Categories of sources from which your personal information is collected;
  • Categories of personal information that we sold or disclosed for a business purpose about you;
  • Categories of third parties to whom your personal information was sold or disclosed for a business purpose; and
  • The business or commercial purpose for collecting or selling your personal information.

In responding to your verified consumer request to know, we will provide information on:

  • The categories of personal information we collected about you (e.g., IP address, geolocation data, internet activity such as web browsing histories, and professional or employment-related information) in the preceding twelve (12) months from the date we receive your request;
  • The categories of sources from which your personal information was collected (e.g., cookies);
  • The business or commercial purpose for which we collected or sold your personal information (e.g., fraud prevention, marketing, etc.);
  • The categories of third parties with which we share your personal information;
  • The categories of personal information that we sold in the preceding twelve (12) months, and for each category identified, the categories of third parties to which we sold that particular category of personal information; and
  • The categories of personal information that we disclosed for a business purpose in the preceding twelve (12) months, and for each category identified, the categories of third parties to whom we disclosed that particular category of personal information.

The CCPA also requires that if requested, we provide you with responsive materials in a readily usable format that allows you to transmit your information from one (1) entity to another without hindrance.

Right to Delete

The CCPA generally permits you to request that we and our direct service providers (i.e., Partners) delete personal information collected from you in accordance with Civil Code section 1798.105.  However, we are not required to delete your personal information for any of the following reasons:

  • if we need your information to complete the transaction for which it was collected;
  • to comply with a legal obligation;
  • to comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.), as amended;
  • to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • to identify and repair errors that impair existing and intended functionality; or
  • to make other internal and lawful uses of your information that are compatible with the context in which you provided it.

Verifiable Consumer Requests

The CCPA considers the right to know and the right to delete as verifiable consumer requests.  Verifiable consumer requests must: (i) provide sufficient information that allows us to reasonably verify that you are in fact the California resident or Household about whom we collected personal information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We may deny a request to know or a request to delete if we cannot verify your identity or authority to make the request or confirm that the requested personal information relates to you.

We will only use personal information that you provide us to verify your identity or authority.

How to Submit a Request to Know or a Request to Delete

Submit your request using the information in Section 7 (Contact Information) above and include the value of your tribalfusion.com ANON_ID cookie (“TF ANON_ID Cookie Value” or “Cookie Value”) as explained below.

Verifying Your Identity with Your TF ANON_ID Cookie Value

Your Cookie Value is the only repository where consumer identifying information may be stored.  To find your TF ANON_ID Cookie Value (highlighted blue in example below):

  • Open your web browser and go to “tribalfusion.com”;
  • Locate the ANON_ID cookie (see image below) in your browser’s privacy or cookie settings (location will vary by browser); and
  • Copy the TF ANON_ID Cookie Value and email it to privacy@VDX.tv.

Your Cookie Value is the only repository where consumer identifying information may be stored.  To find your TF ANON_ID Cookie Value (highlighted blue in example below):

Our Confirmation of or Response to Your Request to Know or Request to Delete

The CCPA generally permits you to request that we and our direct service providers (i.e., Partners) delete personal information collected from you in accordance with Civil Code section 1798.105.  However, we are not required to delete your personal information for any of the following reasons:

  • permanently and completely erasing your personal information on our existing systems (except archived or back-up systems);
  • deidentifying your personal information; or
  • aggregating your personal information.

If we deny your request, we will (unless otherwise prohibited by law):

  • describe the basis for the denial, including any conflict with federal or state law, or CCPA exception;
  • delete any personal information that is not subject to the exception (if any); and
  • will not use your personal information retained for any other purpose than provided for by the CCPA exception.

If we are unable to verify your identity, we may deny your request.  However, we will inform you that your identity cannot be verified.

Right to Opt-Out of the Sale of Your Information

Under the CCPA, you may opt-out of the sale of your personal information from a business to third parties.  While we do not sell your personal information suppression of any sharing of your personal information can be applied by following the same steps laid out in the Right to Delete above.

Rights for Minors

Our Site and services are not intended for children.  We do not knowingly collect, maintain, or sell the personal information of children under the age of sixteen (16).

Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights.  We will not:

  • Deny you services;
  • Charge you different prices or rates for services by granting discounts or other benefits, or imposing penalties;
  • Provide you a different level or quality of services; or
  • Suggest that you may receive a different price or rate for services or a different level or quality of services.

Who May Exercise Your CCPA Rights

Only you, a valid power of attorney under the California Probate Code, as amended, or a natural person or business entity registered with the Secretary of State to conduct business in California that you authorize to act on your behalf (“Authorized Agent”), may make a verifiable consumer request to know or delete related to your information.

If you wish to submit a request to know or a request to delete via an Authorized Agent, your Authorized Agent must provide us with written and signed permission from you to submit the request(s).  “Signed” means that the written attestation, declaration, or permission has either been physically signed or provided electronically per the Uniform Electronic Transactions Act, Civil Code section 1633.7 et seq.

Next, contact us (as outlined in Section 7 (Contact Information) above) so we may verify your identity and confirm that you provided the requesting Authorized Agent permission to submit the request(s).

Fees

We will not charge a fee to process or respond to your verifiable consumer request unless it is excessive.  If we reasonably determine that the request requires a fee, we will tell you why we made that decision and give you a cost estimate in writing before completing your request.

Shine The Light Law

Separate from the CCPA, California Civil Code Section 1798.83, as amended, also known as the “Shine The Light” law gives California residents the right to request and obtain what personal information we share with third parties for those third parties’ direct marketing purposes.  We do not disclose your personal information to third parties for such third parties to directly market their services to you.  If you have any questions about our Shine The Light Law practices, please contact us as outlined in Section 7 (Contact Information) above.

Do Not Track

California law requires us to tell you how we respond to web browser Do Not Track (“DNT”) signals.  DNT allows users a way to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services.  We do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

Disclosure of Consumer Requests

As required by the California Consumer Privacy Act (“CCPA”), VDX.tv handled the following types of consumer requests during the year 2020:

Type of Request
Received
Fulfilled
Denied
Average Response Time
Subject Access
25
25
0
8 days
Data Removal
48
48
0
5 days
Opt-out/Delete
63
62
0
10 days

Note, these are global numbers, not only from California residents.

In terms of the data we use, “opt-out” is the same as “delete”. “Data Removal” in the table above means that if we receive a request regarding data on one of our partner publisher websites, over which we have no editorial control, we will forward the request to the partner publisher for further action.

1. Adding Publishers into the Network

1.1 Adding Publishers into the network

Strict policies are in place to ensure that only high-quality sites are selected for VDX.tv’s network. Adding publishers evolves from a two-step process:

Site Acceptance:

  • Publishers must meet the VDX.tv Publisher Code of Conduct before being accepted
  • Manual quality checks are performed by VDX.tv employees to ensure compliance
  • Sites are also constantly scanned by our proprietary PageGuardTM technology and are removed if questionable content is found
  • Transparent site lists are always made available for advertisers to approve or remove sites that are not an appropriate match for their brand

Domain Verification:

  • Before a new site goes live, they must identify all domains that they will/might run an VDX.tv ad on
  • After the publisher submits the domain(s), VDX.tv employees manually vet the domain for brand-safety purposes
  • If the domain is approved, it is added into the ‘approved domain’ list. VDX.tv’s ad server references this approved list to learn where it is and is not allowed, to serve an impression
  • If a non-approved domain calls our ad server for an ad, the ad server rejects the request and will NOT serve that domain an ad
  • This process and proprietary technology prevents publishers from accidentally or intentionally retrafficking our ads to questionable sites

1.2 Publisher Code of Conduct Overview

  • The VDX.tv Publisher Code of Conduct defines types of prohibited content (i.e. pornography, copyright infringement, spam, fraud, pyramid schemes, etc…) and types of prohibited actions (i.e. tag re-trafficking, altering ad creative, pay for clicks/impressions, timed rotations/auto-refresh, etc…)
  • Publisher domains are approved at VDX.tv’s discretion (i.e. no publishers with downloadable software, no publishers that may be harmful to the business reputation of VDX.tv)

1.3 Inventory acquired through RTB

  • We supplement our on-network activity with inventory acquired off-network.
  • We typically use TAG-certified (https://www.tagtoday.net/registry) exchange partners, where feasible.
  • We always run activity via a pre-vetted domain Accept list, unless otherwise agreed with the client.
  • Our list of partners is available for review, although please note, this is subject to change.

1.4 Ads.txt

  • We support ads.txt and have done so since its launch in 2017.
  • We continue to work with publishers who have an ads.txt file enabled and enter us as an approved seller of their inventory.
  • Any inventory acquired through RTB is also ads.txt compliant.
  • We are committed to our role in creating a cleaner, more transparent advertising ecosystem for everyone.

2. Brand Safety

The following section outlines the various roles that both proprietary and 3rd party technology plays in ensuring delivery to the audience intended by the agency/brand.

2.1 PageGuard™

PageGuard™ is VDX.tv’s proprietary answer to ensuring that all campaigns are delivered to safe environments. It uses a 3 step processes to provide a comprehensive and proactive solution to prevent the possibility of ads appearing on inappropriate content:

  • Site acceptance (covered in section 1.1)
  • Domain Verification (covered in section 1.1)
  • Page Level Contextualization: Pages are scanned daily according to traffic priority. Our proprietary page-level contextualization technology then categorizes these pages, assessing the safety of the content. In the event a page is deemed to be an unsafe brand environment, VDX.tv will not serve an ad.

2.2 3rd Party Content Verification

In addition to PageGuard, we can also layer on 3rd party verification via one of our integrated partners, or via a vendor of the client’s choice. This works as follows:

  1. An agency/brand decides they want to run a 3rd party verification tool 
  2. Agency either works directly with the verification provider to create verification specifications OR allows VDX.tv to pick a preferred vendor
  3. Agency sends the specifications to VDX.tv – specs might include an Accept/Block list, intended or violating website categorizations, violating keywords, intended geo targeting, etc…
  4. VDX.tv targets the campaign in our ad server per the agency’s specifications
  5. Campaign is set live after applying the verification code in either the agency’s ad server or VDX.tv’s ad server
  6. VDX.tv starts to receive reporting from the agency ad server AND the verification tool
  • If no violations are seen, continue to run campaign
  • If violations are seen, adjust campaign targeting until the violations go below the predetermined threshold or disappear altogether

**Due to occasionally inaccurate categorizations by the 3rd party vendors, VDX.tv account managers are trained to vet the site categorization from the vendors against their own personal categorization. If the AM categorization vastly disagrees with the vendor’s categorization engine, the AM may pursue the agency to add the site to a whitelist OR the verification vendor to re-categorize the site.

2.3 Take Down Policy

If violations are seen, we adjust the campaign targeting until the violations go below the predetermined threshold or disappear altogether. Correction of flagged violations will occur within 48 hours, but best endeavors will be made to rectify immediately. The contractual consequences of not responding appropriately to a takedown request in the specified time frame will be subject to the terms of individual IOs.

3. Geo Targeting

We utilize the leading databases for effective geo-targeting. Please note that there may be minor discrepancies as a result of different vendors using different databases. 

4. Malware

VDX.tv uses The Media Trust as its 3rd party malware detection service. 

4.1 Media Trust Integration

We have an API integration with the Media Trust that allows them to programmatically scan our ad tags looking for malware. If malware is detected on a tag, this is immediately flagged for internal review and where necessary, the campaign paused and client notified. 

5. Fraud

VDX.tv has a number of safeguards in place to help keep our network clean and free of invalid traffic: PageGuard, click fraud algorithms, impression fraud algorithms, and a proprietary ad server that allows us to monitor and adjust accordingly.

5.1 Impression Fraud

We do not serve any campaigns to robotic impressions

  • For every impression, we compare the user agent with a list of known user agents and if found, we mark the request origination from a robot
  • Apart from the above static list, we maintain a count of ads served to a user over a certain amount of time. If that gets too high, we flag the activity as potentially invalid and any subsequent impressions for the remaining browsing session will not be counted. That flag can be removed if the activity returns to normal behavior for a sufficient period of time.
  • Bots are detected and blocked in the future both by means of built-in logic inside our ad server and offline processes.

5.2 Click Fraud

  • The ad server first checks the combination of creative id (via the mediadata_id), user_id (the unique id associated with a cookie) and timestamp. If we’ve seen the combination before, disregard the click request (it’s a duplicate). The ad server has a strong algorithm to detect all duplicate clicks and disregard those duplicate requests.
  • Next, check the IP address and user agent requesting the click against our list of known robots. If either is found, the click request will not be honored.
  • If a user has clicked more than a certain number in a preset amount of time, it will be treated as ROBOT for all subsequent views/clicks
  • Bots are detected and blocked in the future both by means of built-in logic inside our ad server and having offline processes.

5.3 Manual Monitoring

We look for suspicious patterns in the data that may indicate bots or purchased traffic

  • Pre-launch monitoring: Prior to approval, a domain is manually vetted using a combination of licensed tools and proprietary methodology to help determine the likelihood that the domain engages in nefarious behavior
  • Post-launch monitoring: After domain approval and traffic starts flowing, pubs are monitored on certain distributions of inventory types, as well as fluctuations of various metrics
  • Consultative technology monitoring: various services are leveraged as an additional safeguard

VDX.tv’s dedicated publisher team manually monitors this publisher activity on an ongoing basis. If irregularities are noticed, we will either:

  • Remove the publisher immediately, OR
  • Start a conversation regarding the infraction(s). If the publisher is forthcoming with information, we will entertain a second chance. If not, they will be removed

6. Verified Services Used

Please refer to our list of services that are leveraged by VDX.tv’s display network to guarantee accurate delivery of advertiser campaigns. Some of these services are used on request, while others are used at regular or consistent intervals.

VDX.tv reserves the right, at its sole discretion, to modify, discontinue or terminate these Safety Guidelines at any time and without advance notice. Continued access to or use of VDX.tv’s services after any such revision constitutes agreement to the revised Safety Guidelines.

Last modified July 2022

Copyright © 2022 VDX.tv

VDX.tv takes a zero-tolerance approach towards slavery and human trafficking within its supply chain and expects the same commitment from its suppliers, contractors, and business partners. This statement sets out the steps it has taken during the financial year to reflect this commitment.

Organisational structure

VDX.tv is an international video advertising effectiveness company. We employ over 500 people in a number of offices located across North America, Europe, Middle East, Africa and Asia Pacific.

Our Supply Chains

Our key supply chains comprise:

  • Digital advertising marketplaces, exchanges, supply-side platforms and publishers;
  • Other companies supplying services connected to the serving, monitoring and verification of on-line advertisements;
  • Data suppliers; and
  • Other IT and technical service companies.

These businesses are predominantly staffed by highly-skilled employees. We consider that the sector that we operate in, the transactions that we undertake and any business relationships that we enter into all carry a negligible risk in terms of slavery and human trafficking.

In light of the above, VDX.tv assesses that the overall risk from slavery and human trafficking within its business is negligible.

Our Approach

VDX.tv acts ethically and with integrity in all its business relationships. VDX.tv is committed to ensuring that there is no slavery or human trafficking in its supply chains or in any part of our business. We hire individuals directly via interview process, whether permanent staff or contractor. The vast majority of our employees are permanent staff.  

Due Diligence

VDX.tv will not support or deal with any business knowingly involved in slavery or human trafficking.

VDX.tv will remain alert to any risk from slavery and human trafficking. If VDX.tv has any reason to suspect that any of its suppliers are affected by slavery or human trafficking, it will carry out reasonable and proportionate investigations and take whatever action it considers appropriate.

Further Steps

We will review the risk from slavery and human trafficking annually and assess whether the risk has increased. If the risk has increased, we will consider what further actions are required to ensure that slavery and human trafficking is not taking place in any part of our business or supply chains. Such further actions may include adapting the supply chain and/or extending training about slavery and human trafficking more widely across employees.

This statement is made pursuant to section 54(1) of the UK Modern Slavery Act 2015.