Audiencerate
Vedi la piattaforma →

Policy

Data Regulation Policy

How Audiencerate processes personal data in its advertising and data platform services, and how you can exercise your rights.

Audiencerate Ltd (Company No. 8164319406, registered at 7 Bell Yard, London, WC2A 2JR, England) operates a marketing data platform and related advertising services. This Data Regulation Policy describes how we process personal data across our different service lines, your rights as a data subject, and how to exercise those rights.

For questions regarding this policy, you may contact us at privacy@audiencerate.com or reach our Data Protection Officer at dpo@audiencerate.com.

Overview of Our Services

Audiencerate operates across three main service areas, each involving distinct data processing activities:

  1. Digital Advertising Operations — We function as a third-party advertiser helping publishers deliver relevant, interest-based advertising to their audiences.
  2. Cross-Device and Cross-App Services — We link multiple devices and platforms pseudonymously to provide consistent user experiences across browsers and apps.
  3. Customer Data Platform (CDP) — We provide a SaaS platform that enables our business customers to manage first-party data, build audience segments, and activate omnichannel marketing campaigns.

Data Processing Activities

1. Digital Advertising Operations

When users visit websites that use Audiencerate's advertising services, we may install profiling cookies to categorize interests and serve relevant advertising. For example, a user who frequently visits travel websites may be placed in an "interest in travel" audience segment.

Legal basis: Explicit user consent, typically collected via the publisher's consent management platform (CMP) in compliance with the IAB TCF 2.0 framework. Consent may be withdrawn at any time using the opt-out mechanism below.

Data collected: Cookie identifiers, IP addresses (pseudonymized), visited URLs, timestamps, browser information, and inferred interest categories.

Retention period: Up to 90 days for standard advertising data; up to 12 months where required for legal compliance or fraud prevention.

2. Cross-Device and Cross-App Services

Audiencerate links multiple devices pseudonymously across browsers and platforms to help advertisers reach audiences consistently. The organization does not directly collect mobile app data but processes mobile advertising identifiers (IDFA for iOS, GAID for Android) on behalf of authorized partners through its data onboarding system.

Legal basis: Legitimate interest (for analytics and fraud prevention) and consent (for advertising personalization).

Data collected: Device identifiers (IDFA, GAID), hashed email addresses, cookie IDs, and pseudonymous user segments.

3. Customer Data Platform (CDP)

In its CDP service, Audiencerate acts as a data processor on behalf of its business customers (who act as data controllers). The CDP creates unified customer profiles from multiple data sources, enabling customers to manage first-party data, segment audiences, and activate omnichannel campaigns across Email, SMS, WhatsApp, and programmatic advertising channels including Google DV360.

Data categories processed on behalf of customers may include:

  • Identification details: name, email address, phone number, postal address
  • Contact information and communication preferences
  • Behavioral and transactional data (purchase history, website interactions)
  • Device and technical identifiers
  • Financial information (where provided by the data controller)

All CDP data processing is governed by Data Processing Agreements (DPAs) with each customer. Audiencerate does not use CDP customer data for its own advertising purposes.

Data Security Measures

Audiencerate is certified to ISO 27001:2022 and implements comprehensive technical and organizational security measures, including:

  • Encryption of data at rest and in transit
  • Access controls and role-based permissions
  • Regular security audits and penetration testing
  • Infrastructure hosted on Microsoft Azure with EU data residency options
  • Automated data processing pipelines — maintenance personnel cannot access the content of advertising data during normal operations

Data Retention

  • Advertising data: Maximum 90 days, or up to 12 months where required for legal compliance or fraud investigation.
  • CDP data: Retained throughout the customer relationship and for the period required by applicable legal obligations after termination.
  • Website interaction data: Up to 24 months after last interaction (see also our Privacy Policy).

International Data Transfers

Personal data may be transferred outside the European Economic Area (EEA) or the United Kingdom. Where such transfers occur, Audiencerate implements appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreements (IDTAs) where applicable
  • Transfer Impact Assessments to verify equivalent protection standards in destination countries

Data may also be shared with government authorities where required by law, or with third parties in the context of corporate transactions such as a merger, acquisition, or sale of assets.

Compliance Memberships and Certifications

Audiencerate maintains the following memberships and certifications relevant to data processing:

  • Network Advertising Initiative (NAI) — adherence to NAI Codes of Conduct for interest-based advertising
  • IAB TCF 2.0 — compliance with the IAB Europe Transparency and Consent Framework
  • ISO 27001:2022 — certified information security management system
  • GDPR / CCPA / DORA — native compliance with major privacy regulations
  • TRUSTe — certified privacy practices

Your Rights

European Users (GDPR)

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation:

  • Right of access — obtain a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your personal data
  • Right to restriction of processing — limit how we use your data
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — withdraw consent at any time for consent-based processing

California Users (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act provide you with the following rights:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by us
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising privacy rights

Additional US State Privacy Laws

Residents of Colorado (CPA), Connecticut (CTPDA), Utah (UCPA), and Virginia (CDPA) may also have rights similar to those listed above, including the right to opt out of targeted advertising, the right to access and correct personal data, and the right to deletion. Please contact us using the details below to exercise any of these rights.

Opt-Out from Advertising Profiling

You can disable Audiencerate's first-party profiling cookies used for interest-based advertising directly through the tool below. This will place an opt-out cookie on your browser. Note: this opt-out is browser-specific and device-specific. If you clear your cookies or use a different browser/device, you will need to opt out again.

Opt Out of Interest-Based Advertising

Click the button below to opt out of Audiencerate's profiling cookies on this browser. An opt-out cookie will be set on your device to record your preference.

You can also opt out via the NAI opt-out tool at optout.networkadvertising.org, which covers multiple NAI member companies including Audiencerate.

Opt Out of Profiling →

How to Exercise Your Rights

To exercise any of the rights described above, please contact us using one of the following methods:

We will respond to your request within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority (for UK residents: the Information Commissioner's Office at ico.org.uk; for EU residents: your local Data Protection Authority).

Changes to This Policy

We may update this Data Regulation Policy from time to time. Any changes will be posted on this page. We encourage you to review this policy periodically to stay informed about how we process personal data and how you can exercise your rights.