Effective date: 1/24/2023
PRIVACY PRACTICES FOR THE DURATION AD PLATFORM
Our Platform is designed to enable websites operated by our Publishers to serve ads which are more likely to be viewed by visitors to those sites. In order to do that, our Platform identifies ad slot(s) (i.e., the location(s) on a website where ads are typically served) where our systems believe that a site visitor is more likely to view an ad and enables advertisers and their technology platform providers (our “Partners”) to serve ads on our Publisher’s websites. Our Platform does not process PII; but the Platform does process Non-PII such as the browser agent, browser type, operating system, IP address (which may be used to generate your approximate geographic location), device type, and similar pseudonymous personal information that may be used by Duration or our Partners to recognize a browser or device over time. Our systems may also note whether your browser or device uses ad blocking tools in order to ascertain whether the ad is likely to be viewed by visitors to our Publisher’s websites.
Pursuant to serving ads, our Partners may obtain non-PII via the Platform. Our list of partners is below and we update this list on a quarterly basis:
- List of Partners
PRIVACY PRACTICES FOR THE AD PLATFORM
Data Subject Access & Deletion Rights
Duration respects data subject rights. We allow you to correct, amend, delete, or limit the use of your information. If you’re a Publisher or Partner and want to exercise your rights under applicable law, we ask that you reach out to the person at Duration that owns or manages the relationship between our two companies for more information. If you’ve provided information via our regulator business activities and want to exercise your rights, please email us at privacy@Durationmedia.net. UK, EEA and data subjects located in certain U.S. states such as California have additional privacy rights as described below.
We retain the Non-PII collected via the Platform for up to a year. If you stop having a business relationship with us, we will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Cross-Border Transfer of Data
We currently operate primarily to store all data in the U.S., which may have different data protection laws and rules than your jurisdiction. To the extent that our processing requires the transfer of personal data out of the UK, EEA or Switzerland, we typically use transfer mechanisms such as the Standard Contractual Clauses to effectuate such transfers safely.
Disclosure of Information to Third Parties, Onward Transfer
Pursuant to running our business, we will share information collected via the Platform with trusted third-party partners who may help us to manage the Platform and otherwise help us operate our business. The third-party service providers used by Duration include: a) cloud computer, data storage and file storage providers, b) customer billing systems partners, c) login authentication providers to ensure that the logins to our systems are working efficiently d) outsourced computer programmers helping ensure our systems are operating properly, e) auditing, debugging and security vendors. These agents work on our behalf and use data only as directed by us under written agreements which outline how they may use such data and require that such third party agents provide at least the same level of privacy protection as we do.
The company may also share aggregate data collected via the Platform with unaffiliated third parties. This information cannot be used to contact or identify any person individually and is not considered personal information or personal data in most places.
Duration may be required to disclose your information to third parties when obligated to do so by law and in order to investigate, prevent, or take action regarding suspected, or actual prohibited activities, including transfer reasonably intended to meet national security or law enforcement requirements, or when we believe in good faith that disclosure is necessary to protect our rights, including but not limited to fraud and situations involving potential threats to the physical safety of any person.
Finally, Duration may transfer information to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change. If Duration is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Website of any change in ownership or uses of your information, as well as any choices you may have regarding your information.
Disclosure of Information via the Platform; Privacy Choices
We disclose Non-PII collected via the Platform with Publisher and Partners. And while we don’t create profiles or engage in cross-context behavioral advertising via the Platform, our Publishers and Partners may engage in those practices. Accordingly, our sharing of data via the Platform may be deemed a sale under applicable law. Where our systems detect that a data subject has opted-out of profiling, data sales, sharing or behavioral ad targeting, we will pass on that choice downstream to any recipients. Our systems take no direct action in response to browser based Do Not Track signals.
Security of Data
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
U.S. Data Subjects in Applicable States
Certain U.S. States each provide additional privacy protections for data subjects located within their jurisdictions, including: a) the right to see what data we have about you, your computer or device (i.e., the right to know), b) the right to delete the data we have about you, your computer or device (i.e., the right to delete), c) the right to correct data we have about you, your computer or device, d) the right to opt-out of the sale of data about you, your computer or device to certain third parties (i.e., the right to opt-out from sales of your information), and e) the right to port such data to a different company. We do not discriminate against you if you exercise any of the above rights.
While we attempt to honor these rights for data subjects located in all U.S. states, please note that we may not be able to honor a right if doing so would otherwise violate applicable law. Further details about exercising these rights can be found on our data request page. Data subjects may access those rights with respect to Duration by calling our toll-free California privacy hotline at (833) 287-4845 or sending us an email to privacy@Durationmedia.net. As a California data subject, if you make a subject access request as set out in this policy, you are entitled to see and delete the personal information that we have about you. We will confirm your request within 10 business days and make a good faith attempt to fulfill your request within 45 days.
If you are a Customer or partner of Duration and have questions about your ability to see the data used to login to our systems, we ask that you direct your question to the person that owns the business relationship. If you are a consumer and want to see what data we may have on behalf of one of our customers, kindly reach out to that individual customer.
The number of CCPA requests to know that Duration received, compiled with whole or part and denied in 2021:0, 0 and 0
The number of CCPA requests to delete that Duration received, compiled with whole or part and denied in 2021: 0, 0 and 0.
The number of CCPA requests to opt-out that Duration received (not including requests made via Duration’s cookie based opt-out mechanism) compiled with whole or part and denied in 2021: 0, 0 and 0.
The median number of days within which Duration substantively responded to requests to know, requests to delete and requests to opt-out: N/A, N/A and N/A.
The CCPA defines personal information broadly and as such, it includes Non-PII pseudonymous identifiers such as cookie IDs and mobile advertising IDs. Under the CCPA, your request to see the personal information that we have about you may include: (1) specific pieces of personal information that we may have about you; (2) categories of personal information we have collected about you; (3) categories of sources from which the personal information is collected; (4) categories of personal information that we sold or disclosed for a business purpose about you; (5) categories of third parties to whom the personal information was sold or disclosed for a business purpose under the CCPA; and (6) the business or commercial purpose for collecting or selling personal information.
We may take reasonable steps to verify your request. We will fulfill requests we are able to verify so long as we are not prohibited from doing so by applicable law and/or the information is not essential for us for billing, fraud prevention or security purposes. We will share our reason(s) for denying your request in the event that we are unable to fulfill your request.
You may make an access or deletion request via an authorized agent by having such agent follow the process outlined above. Please note that we will request any authorized agent demonstrate that they have been authorized by you to make a request on your behalf. And we will attempt to verify your request. We require any authorized agents to provide us with contact details such as an email address and phone number so that we may ensure a timely response.
The United Kingdom (UK) and European Economic Area (EEA)
As an EEA, UK or Swiss data subject, you have the right – partly under certain conditions:
- to request information about the processing of your data free of charge, as well as the receipt of a copy of your personal data;
- to request information on the purposes of the processing, the categories of personal data being processed, the recipients of the data (if they are passed on), the duration of the storage or the criteria for determining the duration;
- to correct your data. Should your personal data be incomplete, you have the right to complete the data, taking into account the processing purposes;
- to delete or block your personal data. Reasons for the existence of a cancellation/blocking right can be, among others, the revocation of the consent on which the processing is based, the data subject objects to the processing, the personal data were processed unlawfully;
- to restrict the processing of your personal data;
- to object the processing of your personal data;
- to revoke your consent to the processing of your personal data in the future, and;
- to complain to the competent supervisory authority about inadmissible data processing.
- As an EEA, UK or Swiss data subject, you may access those rights with respect to Duration by sending us an email to privacy@Durationmedia.net.
The Duration technology Platform collects certain pseudonymous personal data from EEA data subject via our publisher Publishers and may pass this information downstream to our Partners. We process this data via our legitimate interest and consent and are registered as a vendor in the IAB TCF Framework (vendor 674). To the extent that our Publishers obtain a consent (e.g., for their placement of cookies), we pass the consent string downstream to Partners.
We collect pseudonymous information via our Website using legitimate interest and obtain a consent for the cookies which are not strictly necessary when those are placed by third-parties via the Website.
We may receive certain personal data from the personnel of our Publishers and Partners where such personnel are located in the EEA or other places outside of the United States. For example, some Publishers and Partners may provide email and login credentials to login to our systems, and we need payment information from Publishers and Partners to process or billing. The legal basis for such processing of data is contractual necessity.
Children’s Privacy; Sensitive and Special Category Data.
Our Platform is not intended for use by children under the age of 16 (“Children”). We do not knowingly collect personally identifiable information from Children under 16. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.
We don’t knowingly collect sensitive or special category data such as ethnicity, religion, sexual interest, health data as defined under applicable law other than in an employment context which is covered under a different policy.
By email: privacy@Durationmedia.net. If you have unresolved concerns, you may also have the right to complain to your local data protection authority.
Duration Media, Inc
82 Nassau St #60692
New York, NY 10038
EU Data Subjects may contact the Duration Media Representative in the EU at:
|EU representative||DLA PIPER ABBC|
|Street Name & Number||Largo S. Carlos 3|
|Postcode or equivalent||1200-410|
UK Data Subjects may contact the Duration Media Representative in the UK at:
|UK representative||Andrew Pancer|
|Street Name & Number||47 Connaught Street|
|Postcode or equivalent||W2 2BB|
Our Data Protection Officer is Michael Hannon who may be contacted at firstname.lastname@example.org