Effective Date: June 1st 2021

1. INTRODUCTION

DoubleVerify, Inc. (“DoubleVerify”) is the industry leader in providing transparency and accountability in online advertising. Our accredited platforms (the “Solutions”) provide independent, digital media measurement, data and analytics about ad impression delivery and website traffic to advertisers and advertising inventory sellers (together “Customers”). For more details about the Solutions, please refer to the relevant privacy notice available [here link]. 

As used in this Privacy Notice, “Personal Information” means information that relates to an identified individual or to an identifiable individual. We believe in providing strong privacy protections to any individual whose information we may process in any capacity – because we believe privacy is a fundamental right, not something that should depend on where you may live. To live up to that principle, we treat any data that relates or is linked to an identified or identifiable individual as “Personal Information” regardless of that individual’s location.

This DoubleVerify privacy notice (the “Global Privacy Notice”) applies to individuals (“you” and “your”) who: (i) may be visitors of the DoubleVerify websites, such as www.doubleverify.com, (together “Websites”), (ii) may come in contact with any of our marketing and sales related efforts or activities (“Sales Activities”), and (iii) may use our Solutions’ reporting tools and dashboards (together “Reporting Tool(s)”). The purpose of this Global Privacy Notice is to inform you of DoubleVerify’s privacy practices, particularly our approach to the use, collection, and sharing of your Personal Information as well as your privacy rights and how to exercise them. DoubleVerify operates the functions contemplated and covered by the Global Privacy Notice as a “controller” or a “business”, as relevant from time to time under applicable laws.

2. PERSONAL INFORMATION PROCESSED, PURPOSES AND LEGAL BASES OF PROCESSING

The following chart provides an outline of the categories of Personal Information we process, including examples of what data points are included in each category, as well as the applicable purposes and legal basis of processing. Please note that often the same Personal Information is collected and processed for multiple purposes. For example, if you register for one of our events, we collect your Personal Information to enable your attendance, but we may also have the ability to use the same information for promotional purposes. As such, our collection and processing of your Personal Information and the applicable legal basis vary based on the context.

Category of Personal Information Examples of data points Purposes and Legal Basis of Processing
Contact Information This information could include first and last name, email address, telephone number, business address, position and title. Contact Information is collected to support DoubleVerify’s Sales Activities, to respond to your requests, provide support to Customers, prospects and sales leads, market our Solutions and provide information about any events we host or sponsor. In these scenarios, Contact Information is generally shared directly by you, for example by completing a form on our Websites, registering for one of our events or subscribing to one of our newsletters. Some information about you may be collected from publicly available resources. To the extent applicable and required from time to time, our lawful basis to process such Personal Information is your consent.  
Account Information This information could include business contact information such as name, email address, title, company information, as well as credentials, such as user information and password, for our Reporting Tools.  Account Information is necessary for DoubleVerify to operate the Reporting Tools, comply with our contractual and legal obligations, provide Customer support and effectively manage its standard business operations, such as providing billing and invoices to our Customers. In these scenarios, Account Information is generally shared directly by you or by our Customers in the course of their business relationship with DoubleVerify. Our lawful basis to process this Personal Information is our legitimate interest in supporting our daily business processes and operations. 

Account Information is necessary to enable Customers and their designated representatives to access our Reporting Tools. In these scenarios, Account Information is generally shared directly by you or by our Customers in the course of their business relationship with DoubleVerify. Our lawful basis to process this Personal Information is based on our obligation to fulfill requirements mandated in our contracts to provide our Solutions.

Cookie Data (First and Third Party tracking) This information could include cookie IDs, Internet Protocol (IP) address, browser and device information, general location information and account log-in information. Cookie Data may be necessary to enable our Websites and Reporting tools to operate efficiently, understand and improve your experience, ensure we remain compliant with local laws and regulations and protect ourselves against fraud, illegal activity and security risks, improve our Websites, Solutions and Reporting Tools and ensure we are able to effectively monitor activity on our Websites and Reporting Tools. Our lawful basis for this type of processing of Cookie related information is based on our legitimate interest to pursue these goals.

Cookies and other tracking technologies may be used to collect information about your use of our Websites and Reporting Tools so that they can provide advertising about products and services tailored to your interests on our Websites, or on other websites, and improve the features, quality and performance of our Reporting. To the extent applicable from time to time, our lawful basis to process such Cookie Data is your consent. 

For more information about how DoubleVerify uses cookies please refer to Section 10, “DoubleVerify’s Use of Cookies and Similar Technologies” of this Global Privacy Notice.

Email Performance Information This information could include data about your interaction with an email you may have received from us, including, for example whether you clicked on a link or opened the email.  Email Performance Information may be collected to analyze and understand how you interact with our communications to report and improve our communications and Sales Activities intended to promote our Solutions. Our lawful basis for this type of processing of Email Performance Information related information is based on our legitimate interest to pursue these goals. It’s important to note that while this information is associated with the individual user, DoubleVerify’s use of Email Performance Information is generally limited to aggregated and anonymous inferences drawn from the data collected.
Page Interaction Data This information could include whether you click on links or banners, or information about your device or browser.  Page Interaction Data may be necessary to help us understand how you interact with our Websites to improve their performance, prevent fraud, illegal activity or security risks, improve our Websites and Reporting Tools and ensure we are able to effectively monitor activity on our Websites. Our lawful basis for this type of processing of Page Interaction Information related information is based on our legitimate interest to pursue these goals. It’s important to note that while this information is associated with the individual user, DoubleVerify’s use of Page Interaction Data is generally limited to aggregated and anonymous inferences drawn from the data collected.
Reporting Tools Interaction Data This information could include general usage information about how you use and interact with our Reporting Tools, your click activity and most used features, the types of reports created and the general performance of the Reporting Tools during a use session, as well as any feedback you may provide about the Reporting Tools.   Reporting Tools Interaction Data may be necessary to help us understand how you interact with our Reporting Tools, to improve their performance, prevent fraud, illegal activity or security risks, improve our Websites and Reporting Tools and ensure we are able to effectively monitor activity on our Reporting Tools. Reporting Tools Interaction Data may also be used to improve our Solutions. Our lawful basis for this type of processing of Reporting Tools Interaction Information related information is based on our legitimate interest to pursue these goals. It’s important to note that while this information is associated with the individual user, DoubleVerify’s use of Reporting Tools Interaction Data is generally limited to aggregated and anonymous inferences drawn from the data collected. 
Web Logs This information could include information about your browser type, operating system, Internet Protocol (IP) address, click-activity and date/time stamps of your use. Web Logs may be necessary to help us monitor out networks, Websites and Reporting Tools, including to prevent fraud, illegal activity and security risks, improve our Websites and Reporting Tools and ensure we are able to effectively monitor activity on our Websites and Reporting Tools. Our lawful basis for this type of processing of Web Logs related information is based on our legitimate interest to pursue these goals. It’s important to note that while this information is associated with the individual user, DoubleVerify’s use of Web Logs is generally limited to aggregated and anonymous inferences drawn from the data collected.

In addition to the information outlined above, we may also develop inferences drawn from the Personal Information we collect about you and we may collect or receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available information.

3. USE AND PROCESSING OF YOUR PERSONAL INFORMATION

In addition to the uses outlined in Section 3, “Personal Information Processed, Purposes and Legal Bases of Processing”, DoubleVerify may use your Personal Information and any inferences drawn from such Personal Information in the following ways:

  • To recognize you when you visit our Websites, interact with our Sales Activities or use our Reporting Tools;
  • To promote our Solutions and improve our Sales Activities, including sending marketing and promotional materials and information related to our Solutions to Customers, prospects and sales leads;
  • To improve our Websites, Sales Activities, Solutions and Reporting Tools;
  • To promote the security of our Solutions, Websites, Sales Activities and Reporting Tools;
  • To conduct analysis;
  • To respond to inquiries from individuals, third parties and government entities;
  • To enable us to fulfill contractual requirements provided for in our Customer agreements;
  • For internal administrative purposes; and
  • And otherwise required by applicable laws and regulations.

4. TO WHOM AND HOW DOES DOUBLEVERIFY DISCLOSE YOUR PERSONAL INFORMATION?

DoubleVerify does not disclose Personal Information to third parties, except as strictly necessary for our business purposes to operate, support, maintain and improve our Websites, Sales Activities and Reporting Tools. To the extent we voluntarily share any Personal Information, we ensure it is protected by the recipients in a manner consistent with our own policies and standards. 

We may share your Personal Information with:

Service Providers – companies we have contracted to provide us services such as IT and system administration, infrastructure and hosting services, research and analytics, support and quality assurance, security and other services, for the purposes and pursuant to the legal basis described above. You can request a list of our Service Providers, what Personal Information they receive and for what purposes by contacting us. You can find our contact information in Section 13 “How to Contact DoubleVerify” of this Global Privacy Notice.

Affiliates – such as a parent company, sister companies, subsidiaries, joint ventures or other companies under common control, to the extent necessary to operate, maintain and improve our Solutions. You can request a list of our Affiliates, what Personal Information they receive and for what purposes by contacting us. You can find our contact information in Section 13 “How to Contact DoubleVerify” of this Global Privacy Notice.

Third Parties involved in a Corporate Transaction – in the event that DoubleVerify is acquired or merged with another company, or in the event of a reorganization, dissolution or other fundamental corporate change. 

Additional disclosures to Third Parties – we may be able to share your Personal Information with other third parties based on your consent, or, in limited circumstances without your consent, for example, to the extent we are legally required to share such Personal Information as further described in this Section or in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies.

We may be legally required to disclose your Personal Information:

(a) If a government entity, tribunal, law enforcement or regulatory agency requires such disclosure (for example as part of an ongoing investigation, subpoena, similar legal process or proceeding);

(b) As otherwise required under any applicable law, regulation, or rule; and

(c) If we believe, in good faith, that such disclosure is necessary to protect or defend our rights or the rights of others, to assist in an investigation or to prevent illegal activity.

5. FOR WHAT PERIOD OF TIME DO WE RETAIN INFORMATION ABOUT YOU?

We will retain your Personal Information for the period necessary to fulfill the applicable purpose outlined in this Global Privacy Notice. After the Personal Information is no longer necessary or after any retention requirements provided for by applicable laws expire, the corresponding Personal Information is securely deleted.

6. HOW IS PERSONAL INFORMATION SECURED?

DoubleVerify has implemented appropriate technical, physical and organizational measures designed to protect Personal Information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access, as well as all other forms of unlawful processing. While we follow generally accepted standards and best practices to protect Personal Information, no method of storage or transmission is 100% secure. However, we are constantly working to improve our safeguards and keep your Personal Information secure.

7. TRANSFERS OF PERSONAL INFORMATION BETWEEN COUNTRIES

Please be aware that the Personal Information we collect may be transferred to and maintained on servers or databases located outside your state, province, country, or other jurisdiction. While some of your Personal Information may be temporarily stored or cached in a storage facility closer to you, to ensure our Websites and Reporting Tools are efficient and responsive, DoubleVerify generally stores all Personal Information collected through our Websites, Sales Activities and Reporting Tools in the United States. As a global company, we have office locations in many countries, including in the United States, the United Kingdom, France, Belgium, Finland, Germany, Israel, Canada, Mexico, Brazil, Japan, India, Singapore and Australia. Our employees at these locations may be required to access your Personal Information to support our operations. The level of data protection established in some of these locations, such as the United States, may be lower than the one established in the European Union or other jurisdictions that have enacted strong privacy laws and regulations. We take measures to ensure that your Personal Information is stored safely with us, meeting regulatory privacy and security requirements imposed on European Union businesses. We also ensure that any other recipient of your Personal Information offers an adequate level of protection and security, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission or other applicable regulator.

8. WHAT ARE YOUR PRIVACY RIGHTS?

Individuals in certain jurisdictions may have data subject rights enabling them to make requests related to their Personal Information. Most jurisdictions also provide individuals with the right to be informed of how any Personal Information is collected, used and with whom it may have been shared or disclosed, as well as for what purposes. DoubleVerify’s Global Privacy Notice is intended to meet any such requirements, but if you have any additional questions or would like to better understand how your Personal Information may have been collected, used or with whom it may have been shared or disclosed, and why, please contact us by using Section 13 “How to Contact DoubleVerify” below. 

Residents of the European Economic Area or California, among others, have several rights under the applicable privacy laws and regulations, for example under the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”). To exercise these rights, you can use this Form or contact us using Section 13 “How to Contact DoubleVerify” below. In accordance with certain laws and regulations, such as the CCPA, you may also designate an authorized agent to submit a request or exercise a right on your behalf. We will not discriminate or retaliate against you for exercising your rights.

These rights are:

  1. a) The right to access to any Personal Information we may hold about the you, including information about the categories and the specific pieces of Personal Information.
  2. b) The right to correct any inaccurate Personal Information we may hold about you. 
  3. c) The right to request that DoubleVerify delete any Personal Information we may hold about you.
  4. d) Under certain circumstances and to the extent technically feasible, the right to request that we provide your Personal Information directly to another (i.e., a right to data portability). Keep in mind that you can share your Personal Information with anyone you wish to share it with
  5. e) The right to request that the processing of Personal Information about you be suspended or restricted for a period of time, for example while you assess whether you have other rights you would want to exercise. 
  6. f) To the extent your Personal Information is processed based on a legitimate interest, you have a right to object to such processing. 
  7. g) To the extent your Personal Information is processed based on your consent, you have a right to withdraw that consent at any time.

To the fullest extent possible, we fulfill any request related to an End User provided we can match the End User to Personal Information we hold on our systems. However, in certain circumstances we may be required to verify your identity to fulfill a request. To verify your identity or understand the scope of your request we may need to request additional information about you. You will not be required to create an account with us to submit a request or have it fulfilled. You will need to provide an email address so we can communicate with you and support your request, as well as any information we may need to allow us to verify whether we hold any Personal Information about you. Please be aware that circumstances may exist that will render us unable to fulfill your request, but if we are unable to fulfill your request we will explain why. To the extent we do not hold any Personal Information about you we will let you know. We make best efforts to respond to all inquiries and requests as soon as reasonably possible, but please allow up to thirty (30) days for us to respond.

9. ADDITIONAL DISCLOSURES

Certain privacy laws and regulations, such as the CCPA, require businesses to disclose whether they sell Personal Information. DoubleVerify does not disclose Personal Information in a way that would constitute a “sale” under California and Nevada laws.

10. DOUBLEVERIFY’S USE OF COOKIES AND SIMILAR TECHNOLOGIES

Like many other companies, we use cookies, pixels and software development kits (SDKs) to learn and remember things about you, to improve your experience and our Websites, Sales Activities and Reporting Tools. To the extent these technologies collect Personal Information Section 2, “Personal Information Processed, Role, Purposes and Legal Bases of Processing” and Section 3, “Use and Processing of Personal Information” of this Global Privacy Notice explains how that Personal Information is collected and used. Except to the extent explicit consent for the use of cookies and similar technologies may be required by applicable laws or regulations, continued use of our Websites and Reporting Tools will constitute implicit consent to DoubleVerify’s use of such technologies. 

Cookies are small alphanumeric text files that are automatically assigned to visitors of a particular website or page. Cookies may be temporary and only reside on your browser or device during your visit, in which case they are called “session cookies,” or they may remain on your browser or device until you delete the cookie or it automatically expires, in which case they are called “persistent cookies”. Pixels are lines of code that sit within a webpage that are used to record information about a visit to that webpage. 

DoubleVerify uses the following types of cookies:

Type of cookies Purpose of the cookies
Performance and Analytics Cookies These types of cookies provide aggregated and individual information about how individuals interact with or use our Websites or Reporting Tools. The information collected allows us to optimize performance, improve efficiency and responsiveness, improve our Websites and Reporting Tools, enhance safety features and prevent fraud and illegal activity.
Google Analytics (Persistent) This type of cookie allows us to gather information about your visits to our Websites or Reporting Tools remains on your browser or device until you delete it or it automatically expires. 
Google Analytics 

(Session)

This type of cookie provides information about your visit on our Websites and Reporting Tools that may include the cookie. We do not retain this data as it is deleted upon closing of your browser, and therefore we cannot share it with any third parties.
Authentication and Security Cookies These types of cookies support log-ins in our Reporting Tools and allow us to enable faster and more secure access to our Reporting Tools. 
Social Media Sharing  These types of cookies help with the Websites’ functionality. These are third party cookies, and they allow you to share comments, pages, bookmarks, and likes, and help to provide access to social networking tools more easily. 
Social Media Widgets Social media widgets we use on this Website include YouTube, LinkedIn, Facebook and Twitter. These social media widgets collect information about your visit to our Websites and your use of the social platform services (for example, buttons or likes) on our Websites. We do not share information with these social platforms, however please keep in mind that these social networks collect the data related to your visit on our Websites and any direct interaction with the social widget.

If you have more questions about the cookies and other technologies used by DoubleVerify, what Personal Information they receive and for what purposes you can contact us for more information. You can find our contact information in Section 13 “How to Contact DoubleVerify” of this Global Privacy Notice.

The use of cookies is now standard for most websites. However, if you are uncomfortable with the use of cookies, you can manage and control them through your browser.

To find out how to manage cookies on popular browsers visit these pages:

If the browser you use is not listed here, you should be able to find this information on the browser developer’s website. Please be aware that any changes or preferences you set are only valid for the browser you set them on, if you are using different browsers or devices you will need to adjust your preferences on each individual browser or device.

Please note that by disabling the use of cookies on our site may prevent you from accessing or using some of our Websites’ or Reporting Tools’ features.

11. GOVERNING LAW

To the extent applicable, this Global Privacy Notice is governed by and interpreted in accordance with the internal laws of the state of Delaware, and jurisdiction and venue for any dispute will be in Delaware.

12. CHANGES TO THIS GLOBAL PRIVACY NOTICE

We may update this Global Privacy Notice from time to time to reflect changes in our practices, policies or other internal or external changes, as well as to comply with new legal requirements. Any changes will be posted as soon as they go ingo effect. If we make updates, we will update the “effective date” listed at the top to help you understand when changes were made. To stay informed of any such updates, we encourage you to refer back to this Global Privacy Notice regularly.  Please note that any translation of this Global Privacy Notice is intended solely to facilitate your access to this information. The English version is the only official version of this Global Privacy Notice and any translation inaccuracies or discrepancies are not binding and have no legal effect for compliance or enforcement purposes.

13. HOW TO CONTACT DOUBLEVERIFY IF YOU HAVE QUESTIONS, CONCERNS, COMMENTS OR SUGGESTIONS?

If you have any questions, concerns or comments about this Global Privacy Notice, or you believe your personal information has been used in a way that is not consistent with the Global Privacy Notice or your choices, you can contact our Privacy Team, via postal mail or email, at:

Privacy Officer / Data Protection Officer (Privacy Team)
DoubleVerify, Inc.

233 Spring St., 4th Floor
New York, NY 10013

privacy-policy@doubleverify.com

We are committed to achieving a fair resolution of any complaint or concern you may have about your privacy of this Marketing Privacy Notice. However, if you believe we have not been able to assist you, nothing in this Global Privacy Notice limits or attempts to limit your rights under applicable laws, including your ability, depending on your country of residence, to file a complaint with your local Data Protection Authority or other agency with jurisdiction over privacy related matters.

TRUSTe
TRUSTe
TRUSTe

Effective Date: June 1st 2021

1. INTRODUCTION

DoubleVerify, Inc. (“DoubleVerify”, “we”, “us” or “our”) is the industry leader in providing transparency and accountability in online advertising. Our accredited platforms provide independent digital media measurement, data and analytics about advertisement (or “ad”) impression delivery and website traffic, to help advertisers and advertising inventory sellers (together “Customers”) confirm accurate delivery characteristics, including brand safety, viewability metrics, contextual and environmental parameters (for example, the website on which an ad appears, and where it appears on the webpage), ad impression and website traffic quality characteristics, and provide insights that allow our Customers to make informed decisions about the placement of their creative and brand. 

DoubleVerify uses various technologies to collect information about online advertising, website traffic, mobile app traffic, and connected device traffic in order to deliver advertising transparency and accountability products and solutions to our Customers (collectively, “Solutions”).

We believe in providing strong privacy protections to any individual whose information we may process in any capacity – because we believe privacy is a fundamental right, not something that should depend on where you may live. To live up to that principle, we treat any data that relates or is linked to an identified or identifiable individual as “Personal Information” regardless of that individual’s location. As it relates to our Solutions, DoubleVerify limits any information we collect to “pseudonymous information” which is information that does not allow the identification of an individual without additional information. An example of “pseudonymous information” that DoubleVerify processes is your Internet Protocol (“IP”) address, which is a number that is automatically assigned to a computer when the Internet is used. While DoubleVerify treats “pseudonymous information” as Personal Information, we never combine that “pseudonymous information” with any other data that would enable us to identify the individual. 

This notice of privacy practices (the “Solutions Privacy Notice”) is intended to inform individuals whose data may be processed through our Solutions (“End User(s)” or, “you” and “your”) of : (1) the types of information DoubleVerify may gather about you or your device when an advertisement that is analyzed by us is delivered to you on a website you are viewing or in an app you are using, (2) our privacy practices, how we may use, share, and otherwise process information that is deemed Personal Information, and (3) what your rights are with regards to such Personal Information. This Solutions Privacy Notice also explains what non-personal information (“Technical Information”) we collect about the ads that we track and how we use that Technical Information to power our Solutions.

2. ROLE, PURPOSE AND LEGAL BASIS OF PROCESSING

DoubleVerify’s Solutions include fraud elimination (“Fraud Elimination”) and geography compliance verification (“Geo Verification”), which require the processing of Personal Information. DoubleVerify operates Fraud Elimination as a “controller” or “business” and Geo Verification as a “processor” or “service provider”. Notwithstanding the foregoing, in limited circumstances where DoubleVerify does not directly collect Personal Information and such Personal Information is collected and provided by a Customer for DoubleVerify’s analysis (for example as it relates to some of our partnerships with social media Customers), we may serve as a “processor” or “service provider” at all times. 

DoubleVerify’s legal basis for processing Personal Information through our Solutions is the legitimate interest of: (i) our Customers to avoid ad-related fraud and present geographically accurate and compliant information to End Users, (ii) the End Users in receiving fraud-free and geographically accurate and compliant information, and (iii) the general public in the continued availability of a free internet.

3. WHAT DATA DO WE COLLECT AND FOR WHAT PURPOSES?

DoubleVerify, to carry out its business purposes of providing, maintaining and improving its Solutions collects and uses certain categories of Personal Information and Technical Information. The categories of Personal Information and Technical Information processed through the DoubleVerify Solutions are outlined below. To the extent Personal Information is required for the operation of one or more features of a DoubleVerify Solution, such Personal Information will be used only for the specific purposes outlined below, unless otherwise required by law. Additionally, in some circumstances, it may be necessary to process the Personal Information in conjunction with some Technical Information for DoubleVerify’s Solutions to properly function. In any such scenarios, the combined data is considered Personal Information and protected accordingly. We never combine, analyze or enrich the Personal Information and Technical Information we process with additional information with the goal of identifying the End Users. We never track you or your online activities across apps and websites or over time, we do not rely on persistent technologies such as third-party cookies and we never create profiles or audience groups to target individuals. 

  1. Categories of Technical Information collected and used to power the DoubleVerify Solutions:
    • Advertising campaign attributes – The identifier of the advertiser that delivers an ad, its campaign and placement identifiers, the identifiers of the media property selling the inventory to the advertiser or any intermediary advertising platform are collected and processed to identify the Customer we are servicing, to apply the correct settings for the Customer, to segment the Customer reports according to these identifiers and to bill the Customer.
    • Web content attributes – The web address (URL) of the page/frame where the ad is being delivered to, and the address of any referring pages/frames are collected to ensure the ads are delivered in the right context our Customer has set in the profile settings in our system.
    • Mobile application attributes – The mobile application name, mobile application id, app store, developer of the application, star ratings of the application, age rating of the application and other publicly available information about the mobile application where the advertisement is delivered to. This information is used to ensure the advertisements are delivered in the right context our Customer has set in the profile settings in our system.
    • Digital environment attributes – The type of connected device the advertisement is being delivered to: mobile, desktop, connected TV or other device, the browser type and version used to render the page where the ad appears and the operating system are collected to determine what version of our code would properly run in that environment and to properly measure if the advertisement had the chance to become viewable on the screen according to industry standards which vary between environments.
    • Viewability attributes – The location of the ad on the page, the size of the ad, the size of the screen, the size of the viewport, the tab focus status, the browser focus status, the time duration the ad was in the viewable part of the webpage and the scroll position of the webpage are collected to determine and report to our Customers if the advertisement had the chance to become viewable on the screen.
    • Exposure and engagement attributes – Data that shows if the ad was clicked, swiped, tapped or touched, resized, skipped, muted, paused, rotated, hovered or changed volume is collected to help our Customers measure the performance of the advertisement, the advertising campaign or the media property.
  2. Categories of data collected and used to power Fraud Elimination:
    • Pseudonymous electronic presence and device identifiers – i.e. IP address, user agent string or derivatives of the combination of these two values – are used in order to assess whether the online presence or device is participating in or associated with a fraudulent scheme.
  3. Categories of data collected and used to power Geo Verification:
    • Pseudonymous electronic presence and device identifiers – IP address – are collected to determine the geographical location they are associated with. Each IP is associated with a country, and, within the United States, may be associated with more specific information down to zip code. Exact geolocation information is never collected about you. 

The Solutions are not intended to or directed at the processing of children’s Personal Information. We do not knowingly collect Personal Information from children under the age of 16. If you are a parent or guardian and believe your child’s Personal Information may have been processed through the Solutions, please contact us by using the information in Section 13 “How to Contact DoubleVerify” below and we will take steps to securely delete their Personal Information from our systems.

4. HOW DO WE USE DATA WE COLLECT?

DoubleVerify only uses the Technical Information and Personal Information collected for the purposes outlined in Section 3, “What Data do we Collect and for What Purposes?”, of this Solutions Privacy Notice. In general, the Technical Information and your Personal Information are processed to provide reporting, dashboards, feedback and insights (“Reporting”) to our Customers. Any Reporting, in any format, is anonymized and aggregated, or, to the extent impression level information is required, each impression is de-identified to ensure your Personal Information is never shared with Customers. This Section provides additional insight into how the Technical Information and your Personal Information is processed to achieve the business purposes specified in Section 3 of this Solutions Privacy Notice. 

DoubleVerify uses the Technical Information collected through the Solutions, as specified in Section 3.1, in the following ways:

  • To analyze and report on the context in which advertisements are displayed, their quality, authenticity and performance. Specifically, information illustrating whether an ad being displayed is in compliance with a Customer’s pre-set legal and placement requirements, as well as preference settings the Customer has established in our system.
  • To provide insights and preemptive decisioning of impression opportunities. DoubleVerify technology analyzes the data characteristics of an impression opportunity and determines whether the Customer’s advertisement should be displayed or not, for example by determining that the surrounding content does not align with that Customer’s branding and preferences.

DoubleVerify, to power Fraud Elimination, uses the Technical Information and Personal Information collected through the Solutions, as specified in Section 3.1 and 3.2, to:

  • To review and identify specific ad impressions that are fraudulent due to being generated by bot-controlled, non-human browsers.
  • To assess and identify invalid traffic such as traffic generated by ad injectors, traffic originated in data centers, misrepresented traffic, emulated traffic and other types of invalid traffic.
  • To analyze and identify websites, mobile and connected device apps, and media properties that have fraudulent traffic and/or generate fraudulent advertising impressions.
  • To identify traffic patterns across websites participating in fraudulent advertising activity.
  • To differentiate between traffic generated by bot-controlled, non-human browsers and human browsers.
  • To determine whether ads analyzed follow applicable legal requirements and preferences set by our Customers.
  • Determine if a middleware is attempting to misrepresent its operating characteristics to prevent the identification of fraud or other invalid traffic.
  • Determine if website traffic or ad impressions are originating from a server farm rather than human-generated browsing activity.
  • Determine if traffic is being acquired through fraudulent practices or through other traffic acquisition practices that are not compliant with a Customer’s guidelines or preferences.
  • To create records of IP addresses and user agent strings associated with fraudulent schemes and non-human generated traffic (“Fraud Tables”). Because such data points are associated with non-human interactions, they do not constitute Personal Information.  

DoubleVerify, to power Fraud Elimination, uses the Technical Information and Personal Information collected through the Solutions, as specified in Section 3.3, to:

  • Assess at high level (country, state, region, or, for US residents, zip code) the geographic location of the End User and verify if the End User is located within the Customer’s campaign or traffic settings.

5. TO WHOM AND HOW DOES DOUBLEVERIFY DISCLOSE PERSONAL INFORMATION AND TECHNICAL INFORMATION?

DoubleVerify does not disclose Personal Information to third parties, except as strictly necessary for our business purposes to operate, maintain and improve our Solutions. To the extent we voluntarily share any Personal Information, we ensure it is protected by the recipients in a manner consistent with our own policies and standards. 

We may share your Personal Information with:

Service Providers – companies we have contracted to provide us services such as IT and system administration, infrastructure and hosting services, research and analytics, support and quality assurance, security and other services, for the purposes and pursuant to the legal basis described above. You can request a list of our Service Providers, what Personal Information they receive and for what purposes by contacting us. You can find out contact information in Section 13 “How to Contact DoubleVerify” of this Solutions Privacy Notice.

Affiliates – such as a parent company, sister companies, subsidiaries, joint ventures or other companies under common control, to the extent necessary to operate, maintain and improve our Solutions. You can request a list of our Affiliates, what Personal Information they receive and for what purposes by contacting us. You can find out contact information in Section 13 “How to Contact DoubleVerify” of this Solutions Privacy Notice.

Third Parties engaged by our Customers – to support our Customers, we may integrate our Solutions with other tools and services engaged by our Customers to deliver enhanced services and reporting capabilities. Under no circumstances do we receive data from these integrations that enable DoubleVerify to enrich our data and identify End Users. In limited scenarios, we may share impression level information with companies engaged by our Customers to conduct research on marketing effectiveness.

Third Parties involved in a Corporate Transaction – in the event that DoubleVerify is acquired or merged with another company, or in the event of a reorganization, dissolution or other fundamental corporate change. 

We may be legally required to disclose your Personal Information:

(a) If a government entity, tribunal, law enforcement or regulatory agency requires such disclosure (for example as part of an ongoing investigation, subpoena, similar legal process or proceeding);

(b) As otherwise required under any applicable law, regulation, or rule; and

(c) If we believe, in good faith, that such disclosure is necessary to protect or defend our rights or the rights of others, to assist in an investigation or to prevent illegal activity. 

Fraud Tables and other Fraud Elimination related reports, data feeds, APIs and dashboards that do not contain Personal Information may be shared with or made available to Customers and other third parties, including for example industry organizations, as necessary for DoubleVerify to carry out its business purposes of providing, maintaining and improving the Fraud Elimination portion of our Solutions and combat ad-fraud. 

We do not share your Personal Information with our Customers. Any reports and analytics we make available to Customers via our Reporting Portal are anonymous, which means they do not contain Personal Information. The reports are generally aggregated, but in limited circumstances impression level reporting is provided to our Customers, via FTP end points or APIs, provided that such reports do not contain any Personal Information. We may share Technical Information, which is anonymous, in aggregated formats or in its raw form, with third parties as we deem necessary to carry out our business purposes of providing, maintaining and improving the Solutions. Additionally, we may share anonymous or de-identified data on an aggregate basis in the normal course of operating our business; for example, to publish case studies and reports to show trends about the benefits and performance of our Solutions.

6. FOR WHAT PERIOD OF TIME DO WE RETAIN INFORMATION ABOUT YOU?

DoubleVerify retains any Personal Information processed through its Solutions only as long as necessary to effectuate the purposes outlined in this Solutions Privacy Notice, and in no event longer than forty-five (45) days. Upon the expiration of that period, the Personal Information is securely purged from DoubleVerify’s systems. 

Fraud Tables may be retained indefinitely to ensure the proper functionality of the Fraud Elimination Solution. 

Technical Information, as it is anonymous in nature, may be retained by DoubleVerify indefinitely or as long as otherwise provided for in DoubleVerify’s policies and permitted by applicable laws and DoubleVerify’s agreements with its Customers.

7. HOW IS PERSONAL INFORMATION SECURED?

DoubleVerify has implemented appropriate technical, physical and organizational measures designed to protect Personal Information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access, as well as all other forms of unlawful processing. While we follow generally accepted standards and best practices to protect Personal Information, no method of storage or transmission is 100% secure. However, we are constantly working to improve our safeguards and keep your Personal Information secure.

8. TRANSFERS OF PERSONAL INFORMATION BETWEEN COUNTRIES

Please be aware that the Personal Information we collect may be transferred to and maintained on servers or databases located outside your state, province, country, or other jurisdiction. While your Personal Information may be transmitted through a local temporary data center to ensure the Solutions are efficient and responsive, DoubleVerify ultimately stores all Personal Information collected through the Solutions in the United States. As a global company, we have office locations in the United States, the United Kingdom, France, Belgium, Finland, Germany, Israel, Canada, Mexico, Brazil, Japan, India, Singapore and Australia. Our employees at these locations may be required to access your Personal Information to support our Solutions. The level of data protection established in some of these locations, such as the United States, may be lower than the one established in the European Union or other jurisdictions that have enacted strong privacy laws and regulations. We take measures to ensure that your Personal Information is stored safely with us, meeting regulatory privacy and security requirements imposed on European Union businesses. We also ensure that any other recipient of your Personal Information offers an adequate level of protection and security, for instance, by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission or other applicable regulator. DoubleVerify’s privacy practices, described in this Privacy Notice, comply with the APEC Cross Border Privacy Rules (CBPR) System and the Privacy Recognition for Processors (PRP) system. The APEC CBPR system and the APEC PRP system provide frameworks for organizations to ensure protection of personal information transferred among participating APEC economies. More information about the APEC frameworks can be found here and here. If you have any questions about where we store Personal Information you can contact us as outlined in Section 13 “How to Contact DoubleVerify” of this Global Privacy Notice.

9. WHAT ARE YOUR PRIVACY RIGHTS?

End Users in certain jurisdictions may have data subject rights enabling them to make requests related to their Personal Information. Most jurisdictions also provide End Users with the right to be informed of how any Personal Information is collected, used and with whom it may have been shared or disclosed, as well as for what purposes. DoubleVerify’s Solutions Privacy Notice is intended to meet any such requirements, but if you have any additional questions or would like to better understand how your Personal Information may have been collected, used or with whom it may have been shared or disclosed, and why, please contact us by using Section 13 “How to Contact DoubleVerify” below. 

Residents of the European Economic Area or California, among others, have several rights under the applicable privacy laws and regulations, for example, under the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”). To exercise these rights, you can use this Form or contact us using Section 13 “How to Contact DoubleVerify” below. In accordance with certain laws and regulations, such as the CCPA, you may also designate an authorized agent to submit a request or exercise a right on your behalf. We will not discriminate or retaliate against you for exercising your rights.

These rights are:

  1. a) The right to access to any Personal Information we may hold about you, including information about the categories and the specific pieces of Personal Information.
  2. b) The right to correct any inaccurate Personal Information we may hold about you. Please keep in mind that due to the nature of the Personal Information we collect and the method of our collection, it is highly unlikely that we hold Personal Information that is inaccurate or that would meet the circumstances requiring a correction. 
  3. c) The right to request that DoubleVerify delete any Personal Information we may hold about you.
  4. d) The right to request that the processing of Personal Information about you be suspended or restricted for a period of time, for example, while you assess whether you have other rights you would want to exercise. 
  5. e) To the extent your Personal Information is processed based on a legitimate interest, you have a right to object to such processing. 

To the fullest extent possible, we fulfill any request related to an End User provided we can match the End User to Personal Information we hold on our systems. However, in certain circumstances we may be required to verify your identity to fulfill a request. To verify your identity or understand the scope of your request we may need to request additional information about you. You will not be required to create an account with us to submit a request or have it fulfilled. You will need to provide an email address so we can communicate with you and support your request, as well as any information we may need to allow us to verify whether we hold any Personal Information about you. Please be aware that circumstances may exist that will render us unable to fulfill your request, but if we are unable to fulfill your request we will explain why. To the extent we do not hold any Personal Information about you we will let you know. We make best efforts to respond to all inquiries and requests as soon as reasonably possible, but please allow up to thirty (30) days for us to respond.

To the extent DoubleVerify serves as a “processor” or “service provider”, as defined in the applicable law, you may need to direct your requests to exercise your rights to the relevant Customer who serves as the “controller” or “business”.

10. ADDITIONAL DISCLOSURES

Certain privacy laws and regulations, such as the CCPA, require businesses to disclose whether they sell Personal Information. DoubleVerify does not disclose Personal Information in a way that would constitute a “sale” under California and Nevada laws.

11. GOVERNING LAW

To the extent applicable, this Global Privacy Notice is governed by and interpreted in accordance with the internal laws of the state of Delaware, and jurisdiction and venue for any dispute will be in Delaware.

12. CHANGES TO THIS SOLUTIONS PRIVACY NOTICE

We may update this Solutions Privacy Notice from time to time to reflect changes in our Solutions, practices, policies or other internal or external changes, as well as to comply with new legal requirements. Any changes will be posted as soon as they go into effect. If we make updates, we will update the “effective date” listed at the top of this Solutions Privacy Notice to help you understand when changes were made. To stay informed of any such updates, we encourage you to refer back to this Solutions Privacy Notice regularly.  Please note that any translation of this Solutions Privacy Notice is intended solely to facilitate your access to this information. The English version is the only official version of this Solutions Privacy Notice and any translation inaccuracies or discrepancies are not binding and have no legal effect for compliance or enforcement purposes.

13. HOW TO CONTACT DOUBLEVERIFY

If you have any questions, concerns or comments about this Solutions Privacy Notice, or you believe your Personal Information has been used in a way that is not consistent with the Privacy Notice or your choices, you can contact our Privacy Team at:

Privacy Officer / Data Protection Officer (Privacy Team)
DoubleVerify Inc.
233 Spring St., 4th Floor
New York, NY 10013
privacy-policy@doubleverify.com

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.- based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. We are committed to achieving a fair resolution of any complaint or concern you may have about your privacy or this Solutions Privacy Notice. However, if you believe we have not been able to assist you, nothing in this Solutions Privacy Notice limits or attempts to limit your rights under applicable laws, including your ability, depending on your country of residence, to file a complaint with your local Data Protection Authority or other agency with jurisdiction over privacy related matters.

CTV Unlimited CTV is becoming a critical channel for advertisers. With increased consumption comes the need for transparent measurement. DV's approach to CTV measurement gives you insights into fraud, viewability and brand safety - and not just with a handful of CTV publishers, but across all your buys.