OneTag Limited is committed to protecting your personal information and respecting your privacy.This notice sets out the basis on which we will collect and use personal information about you. Please read this carefully to understand how we will handle your personal information. If you have any questions then please do contact us using the details below. This notice is provided in a layered format so you can click through to the specific areas set out below:
If you have any questions about this privacy notice, please contact us at:
We keep this privacy notice under regular review. This version was last updated on [3rd November] 2023. Changes to this notice will appear on this page and, where appropriate, will be notified to you.
OneTag Limited is the organisation responsible for your personal information (referred to as OneTag, we or us in this notice).
OneTag is a company operating services in the adtech industry. We provide these services on behalf of our clients, who are either publishers who own and operate websites or advertisers who wish to place adverts on those websites. We act as an intermediary, matching publishers with advertisers to ensure that appropriate adverts are placed. Our services are provided via our OneTag platform (our Platform).
OneTag participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. OneTag’s identification number within the framework is 241.
More information about what we do and the technology we use can be found on our website.
We are based in the UK but have offices in the European Union and the USA. This notice applies to individuals about whom we collect information, wherever in the world you are based. Our activities are governed by data protection law in the UK and, where relevant, the European Union.
Residents in other jurisdictions may have additional rights granted by local laws. We will always seek to comply with those requirements. For instance, individual consumers who are resident in US states that have enacted privacy laws are granted rights to receive information about how we use personal data and have the right to opt out of the sale of their personal information.
US state privacy laws that provide such rights to state residents include:
This notice provides you with information about our use of your personal information, and section 8 contains details of how you can opt out.
Our business involves the collection and use of information, but not all of that information is personal data. Personal data means: “any information relating to an identified or identifiable natural person (…) An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Data protection law applies to the processing of personal data. It does not apply where information is aggregated or anonymised so that an individual is not identifiable.
We collect information about:
End User Data that we collect includes a unique browser/cookie ID, IP addresses primarily in pseudonymised form (i.e. IP addresses with the last octet replaced with a zero), which may be matched with user behaviour on websites and other electronic interfaces.
We work with third parties that may separately collect additional data on users, to enable our customers to deliver targeted advertisements through our technology. We are not responsible for the collection and use of that information. Instead, it is governed by the privacy notice of the third party that is collecting and/or processing such personal data. We may also receive data from third parties through the mechanisms provided for this purpose (e.g. TCF of various publishers) by the various components involved in programmatic advertising (e.g. Google) as long as there is an adequate basis of legitimacy for the processing of your data.
We do not collect any special categories of personal data or data relating to criminal convictions relating to website users.
Authorised User Data collected includes names, passwords, email addresses and information about the use of our Platform.
We will provide a separate privacy notice to our employees in respect of our collection and use of Employee Data.
Our use of personal data to provide targeted advertising to users is based on the consent of the individual. Unless expressly authorised by the individual user, we do not collect or process personal data via our Platform.
We process End User Data to provide our services which enable our clients to sell and buy advertising space on websites and other interfaces. Our services enable our advertising partners to optimise their advertising campaigns and our publishing partners to optimise their revenues from the sale of advertising inventory. The purposes for which End User Data is used by OneTag on the basis of user consent are to:
Our Platform requires publishers and advertisers to inform us if the individual user has actually provided consent or not. If the publisher or advertiser does not confirm that an individual user has given consent, we do not submit any personal data to our advertising partners or any other third parties. We encourage our partners to use consent management tools to capture and submit to our Platform appropriate user consent signals to the processing of personal data.
We may also use End User Data on the basis of the End User consent to:
We believe that we have a legitimate business interest in being able to review and audit our systems in order to prevent fraud and ensure appropriate security.
Our Platform performs ad-verification and automated machine learning activities strictly on anonymous or pseudo-anonymised data.
We may share End User Data with our clients to help them improving their online advertising campaigns and for analytics, ad delivery, reporting and targeting purposes.
Authorised User Data is processed in order to provide account management to our clients. This is done on the basis of our legitimate interests. We believe that we have a legitimate interest in maintaining the security of the Platform, managing authorised users and monitoring usage for account management purposes.
We may also process some of your personal data, as indicated above, for fraud prevention purposes on our platform, based on our legitimate interest.
Our services require the regular sharing of End User Data between our publisher and advertiser clients to enable them (such as Google) to improve their respective services and platforms and otherwise use the information for their lawful business purposes. We will share such End User Data as is necessary for the performance of our services and in accordance with the consents of individual users. We enter into contractual arrangements with our clients to ensure that personal data is kept securely and only used for specific purposes.
Authorised User Data may be shared with the relevant client as part of routine account management activities.
We may also disclose personal data to the police or any other administrative or judicial authority, if such disclosure is necessary for the purposes of crime prevention or detection, or is otherwise required by law.
We process personal data in the UK or the European Union and generally do not transfer personal data outside those areas. Transfers of personal data from the UK to the European Union are authorised on the basis of adequacy regulations made by the UK government under data protection law, and transfers from the European Union to the UK are authorised on the basis of an adequacy decision of the European Commission or in the safeguards established under the GDPR, such as the standard contractual clauses and the EU-US Privacy Framework.
The security of the information we collect is very important to us. We use appropriate technical and organisational measures to ensure that all information, including personal data, is kept secure.
We use appropriate safeguards to ensure the protection of personal data. This includes, for example, measures for the authentication of the device (where necessary), processes to manage the authentication credentials, authorisation systems, encryption, processes to save back-up copies and to retrieve access to data and systems. Furthermore, personal data is only processed where necessary for the purposes for which it was collected and for which it was subsequently processed.
Personal data collected will be accessed only by those people who have been given specific authorisation to do so by us.
Exact retention periods will depend on our arrangements with particular clients, but in all cases End User Data will be stored and used only when deemed necessary and until the individual user revokes their consent and, in all cases, within the limits of any potential legal and administrative provision. At the end of the storage period, personal data will be deleted or made anonymous permanently. Authorised User Data will generally be retained for the lifetime of the arrangement with the relevant client and thereafter for a period of no more than seven years.
All information, including personal data, will be stored and used according to the applicable laws and within a timeframe considered appropriate for the reasons for which such personal data was initially collected and processed.
Under certain circumstances you have the following rights under data protection laws in relation to your personal data. Please note that not all of these rights are available all of the time, and are subject to certain restrictions.
You have the right to:
You can exercise any of these rights at any time by contacting us using the details set out in this notice. Please note, however, that we may not always be able to comply with your request. If this is the case, we will tell you why.
If you are unhappy with the way we have responded to your request or how we have otherwise used your personal data, please contact us to give us an opportunity to resolve your issues.
If you are in the UK, you also have the right to make a complaint to the Information Commissioner's Office, the UK’s independent regulator for data protection issues. More details of how to do so can be found at www.ico.org.uk/make-a-complaint. If you are based in a country in the European Union, you should contact the relevant supervisory authority in your area.
Cookies are small strings of text (Cookies) that our website or third parties not connected to us (Third Parties) send to your device, where they are stored for various purposes.
Certain types of Cookies function only to allow you to browse on this website or to enable basic features, as in the case of Navigation, Session or Functional Cookies, which allow you to navigate based on a number of selected criteria, such as, for instance, the preferred language. These are defined as Technical Cookies.
Disabling Technical Cookies may limit the ability to use or our website and prevent you from enjoying its features or the services offered.
Another type of cookies are the so-called Profiling Cookies, used for the purpose of profiling through the processing of your personal data. Your prior consent is required for the use of Profiling Cookies and is always optional. These Cookies are not strictly necessary to navigate on our website.
OneTag places the following third party cookie to provide services to our partners:
|OTP||Internal user/session identifier used for analytics and frequency capping||onetag-sys.com||13 months|
|opt-out||Opt-out preference||onetag-sys.com||13 months|