Last updated: 15 June 2022

Dentsu UK Limited (“our”, “us”, “we”) is part of the Dentsu group (“Dentsu”). We are a global digital and media advertising company. Our core business is to help our clients improve how they advertise and market, whether by print, post, email or on websites. Information provided by people like you is therefore important to our business.

This privacy notice (“Notice”) covers our Identity Product (“Identity Product”): a set of processes that manage and associate information from a number of sources to create an identity map across those identifiers and tie them to an individual for the purpose of providing client services such as digital insights and targeted digital advertising.

Dentsu UK limited and Dentsu affiliate entities are responsible as controllers for the processing of personal data described in this Notice. Please note that this Identity Product is currently only used in the following markets and does not include any dentsu identity solutions operating in other markets not included on this list:

  • Germany
  • United Kingdom
  • Netherlands
  • Spain
  • France
  • Italy

This Notice explains:

  1. Types of personal data we may process about you in connection with our Identity Product
  2. Where the personal data comes from
  3. How we use your personal data
  4. How we share your personal data
  5. The legal grounds for processing your personal data
  6. Transferring personal data overseas
  7. Use of special category data and children’s data
  8. How long we keep your personal data
  9. How we protect your personal data
  10. Your rights in relation to your personal data
  11. How to contact us
  12. How we make changes to this Notice

This Notice does not cover:

  • Our website activities, please see here for our Website Privacy Notice
  • Other data processing activities of our affiliates, including dentsu identity solutions in markets not listed above
  • The data processing of our clients

1. Types of personal data we may process about you in connection with our Identity Product

We process various types of personal information as part of our Identity Product. These may include the following:

  • Demographic information, such as general descriptive data associated with the individual (such as gender, age, occupation, education, languages spoken) and household (such as number of adults/children, multi-generational household, etc.). We do not knowingly collect information from individuals under 16, but we may receive information about how many children are in your household and their year of birth or age range.
  • Commercial Information, we collect information about personal property, as well as products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies. This can include a number of sub-categories of information such as:
    • Geographic information - Descriptive data associated with residential address, such as urban/rural, time zone, census tract/block
    • Automotive information – Details about vehicles such as make/model, owned/leased, duration held, and vehicle value
    • How you like to use your electronic devices, including mobile phone, TV provider, internet access at home or at work. This may include whether you use social media, play games, download music or watch TV online, take or share photos or videos, research holidays, gamble, use mobile banking apps or online banking, etc.
    • Lifestyle, Interests, and Life Events – Expressed or inferred interest in activities and hobbies, such as camping, crafting, electronics, exercise, investing, outdoors, reading, real estate, and recent milestone events (e.g., birth of child, marriage, etc.)
    • Purchase and Purchase Intent – Noted or inferred purchase behaviour, such as in-store/catalogue/online purchasing, in-market for automobile, category shopper (e.g., crafts, gadgets, clothing, etc.)
    • Financial – Indicators of income and wealth, such as individual and household annual income ranges, likelihood of savings and investments, and presence of credit accounts
    • Events and Locations – Venue and event purchases, locations of shopping.
  • Online identifiers, internet and Network Activity Information, including internet protocol (IP) address used to connect your computer to the internet, mobile device IDs, cookie IDs, Mobile Advertising IDs, websites that you visit and how you interact with those websites and any apps you may use. We may also receive information about your browsing habits across multiple websites and over time. We may also receive information about your interaction with emails or other electronic messages we send you, such as when you open or click on an email.
  • Location Information, we may infer a location based on your IP address and collect from third parties other geolocation information.
  • Education Information, like your level of education and what institutions you may have attended.
  • Professional and Employment Related Information, we may also collect information about your employment such as job and title, as well as your income level.
  • Collect and develop Inferences, by using the other pieces of personal data collected about you. We may draw inferences about you, reflecting what we believe to be your preferences, characteristics, predispositions, and attitudes as well as attributes connected to your IP address.

We also process other types of information, not classified as personal data, which we may link to your personal data. This may include business information for the purposes of identifying segments of individuals who live near certain businesses, or aggregated credit card spend data for the purpose of modelling likely behaviour.

2. Where the personal data comes from

We receive personal data from third party sources including data brokers, data aggregators, publishers and data partner service providers such as Zeotap. This personal data may come from cookies/pixels or other offline sources utilised by our data partners.

We also collect personal data directly from individuals via our Lifestyle Survey – see our Lifestyle Survey Privacy Notice here for more information on this collection and processing.

We update data in our systems at least every thirty days. As indicated in section 10 of this Notice, you can request that we delete personal data we have associated with you, however we may continue to receive personal data about you after we have processed your deletion request.

3. How we use your personal data

We use your personal data for our commercial and business purposes, including to provide services to our clients. For example, we collect, process, keep and use the personal data to help our clients to deliver relevant advertising or marketing.

We combine or match personal data received from data partners including Zeotap with other data (for example, data coming from our Lifestyle Survey - see Privacy Notice) and enrich it. This combining, matching and enrichment process helps us select the most appropriate group of people for our clients’ advertising or marketing campaigns. We also conduct analytics and profiling that includes predicting people's purchasing behaviour, likelihood of response to marketing or purchase of a product, brand loyalty, product and brand affinities and preferences. This may involve probabilistic matching e.g. individuals who like puppies in London are also likely to like dog products. This process is sometimes also referred to as ‘attribute modelling’.  

We use personal data, including combined, matched or enriched data, to generate marketing insights. For example, to determine what proportion of a population might be interested in a particular product. We provide marketing insights information to our clients on things such as the potential size of a particular market and which traits are most likely to be interested in a particular product or service. Clients can use this information to target relevant people with advertising.

We use personal data to create advertising "segments”, for instance: "men living in a particular postcode area who are aged between 20 and 30". These segments are used by our clients to deliver targeted advertising.

We use your information to assess the effectiveness of client advertising and marketing campaigns.

We may use information to analyse and improve our products and services. For example, we may use your information to make our websites, apps, services, and products better. We might use your information to customise your experience to conduct research and analysis.

We use information to administer our services and products, and for internal operations. For example, we use personal data for troubleshooting, data analysis, and testing.

We use information for security purposes. For example, we may use personal data to protect our company, our clients, and our business partners. We also may use personal data to protect our websites or our services, as well as to detect and investigate activities that may be illegal or prohibited (such as cyber attacks or fraudulent transactions).

We use information to respond to your requests or questions. We use information to contact you in response to your feedback or other matters related to our relationship with you (such as about this Notice).

We use information for verification purposes. For example, we will use certain pieces of personal data to verify your identity if you make requests pursuant to this Notice. The verification steps and the pieces of personal data that we request may vary depending on the sensitivity and nature of your request.

We use information as otherwise disclosed or permitted by law, or as we may notify you. We may use personal data to create deidentified or aggregated data which does not identify you or any other individual. We may use and disclose this anonymous or aggregated data as we choose.

We use information to provide services to clients. When a client uses our Identity Product and related services to run an advertising or marketing campaign we are acting as a “service provider" for the client. As a service provider, we use that personal data for the client's advertising or marketing campaign and act as a processor on the client's instructions. In this context your personal data is processed by our clients’ as controller and their privacy policy will apply to that processing.

4. How we share your personal data

We share your personal data with vendors and service providers who perform services on our behalf. We may share personal data with vendors who assist us with the uses of personal data described in this Notice. This may include vendors who send emails for us, help us manage and operate our websites and apps, provide advertising or marketing services, provide analytics and search engine support, track advertising impressions, investigate and prevent data incidents, provide physical and digital security services, audit our business and financial statements, provide legal advice, and place our advertisements on other platforms.

We share your personal data with trusted data partners, such as Zeotap, for the purposes of merging data with a common ID and delivering targeted advertising on behalf of our clients via third party platforms. For more information on Zeotap please see Zeotap’s Privacy Notice here.

We share your personal data with social media platforms and publishers. We may share your personal data with social media platforms and publishers who allow us to buy advertising space for our clients. This may mean that you receive our clients’ marketing messaging when you use those social media platforms and other digital properties. Again, in this context your data is processed by our clients’ as controller and you should refer to their privacy policy.

We will share your personal data if we think we have to in order to comply with the law or to protect ourselves, our clients and others. We may share any or all categories of personal data to respond to a court order or subpoena. We may also share this personal data if a government agency or investigatory body requests it. We might share your personal data in order to enforce our agreements and to protect our rights and/or the rights of others. We might share your personal data when we are investigating potential fraud.

We may share your personal data as part of a transaction, financing, with a successor to all or part of our business, or for other business needs.  For example, if we sell or merge any of our businesses (including any of our affiliates, divisions, and business units) or assets, we may disclose your personal data as a part of that transaction, including to the prospective buyer or partner, lender or bank, as the case may be. We may also share your personal data if there is a similar change to our corporate structure. We may also share your information with others as part of certain due diligence processes. We also share information for the purpose of management and administration of our business.

We may share personal data for other reasons we may describe to you from time to time or as permitted by law. 

5. The legal grounds for processing your personal data

We process your personal data based on various legal grounds, depending on how we are using it.

We only process your data when we have received it based on your consent. Once we have received it, we combine and match your data with other sources to enrich and expand upon it and derive marketing insights based on our legitimate interest. We will not process your personal data if your interests, rights and freedoms override our interests.

In cases where personal data held on our systems are used by our clients for the purposes of delivering targeted advertising, our clients are responsible for determining the legal grounds for this processing. Please refer to the relevant advertiser’s privacy notice for more information.

6. Transferring personal data overseas

Your personal data is kept on servers in multiple countries and may be transferred outside of your country or territory (for example, outside of the UK or the EEA) for the purposes described in this Notice. We may transfer personal data to countries where Dentsu group companies or clients are located so that they may review and use the personal data for the purposes described in this Notice.  

When we transfer data, we take appropriate steps to ensure compliance with UK and EU data protection law. These steps might include, for example, transferring the personal data to a country which the UK Information Commissioner or the European Commission (as appropriate) has decided provides adequate protection for personal data, or to a company which has signed standard contractual clauses or an international data transfer agreement approved by the European Commission/UK Information Commissioner respectively.

7. Use of special category data and children’s data

We do not knowingly process any sensitive or special category data as part of our Identity Product.

We do not knowingly process the personal data of individuals under the age of 16. If you have any concerns about your child’s privacy in relation to our services, or if you believe that your child may have provided personal data via our Identity Product without appropriate consent, please contact us at dpo@dentsu.com.

8. How long we keep your personal data

We will keep your personal data for as long as is necessary for the purposes described in section 2, and in accordance with our legal obligations. After this time, your personal data will either be securely deleted or anonymised so that it can be used for analytical purposes.

9. How we protect your personal data

Our safeguards include robust systems and processes designed to ensure that we collect only the minimum personal data necessary to pursue the purposes for which we process your personal data, and that only those who need to view your personal data can see it.

Under Dentsu’s Chief Information Security Officer, there is a group-wide security function tasked with understanding security threats. Policies have been implemented to help keep your personal data secure. These policies are aligned to applicable regulations and industry standards including ISO27001 and NIST and are applicable to all parts of Dentsu. 

10. Your rights in relation to your personal data

You have rights (with some exceptions and restrictions) to:

  • object to our processing of your personal data, including profiling. You can object, on grounds relating to your particular situation, at any time. In which case, we shall stop processing the data that your objection relates to, unless we can show compelling legitimate grounds to continue that processing;
  • access your personal data. If you make this kind of request and we hold personal data about you, we are required to provide you with information on it, including a description and copy of the personal data and why we are processing it;
  • request that we provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format;
  • request erasure of your personal data in certain circumstances;
  • request correction or updating of the personal data that we hold about you and that is inaccurate;
  • request the restriction of our processing of your personal data in some situations. If you request this, we can continue to store your personal data but are restricted from processing it while the restriction is in place;
  • complain to your local data protection authority about our collection or use of your personal data. For example, in the UK, the local data protection authority is the UK Information Commissioner's Office.

           a. How to exercise your rights

To exercise your rights you can directly contact the organisation with whom you shared your personal data – in this case you should refer to their respective privacy notices. Alternatively you can contact us directly using the contact details in Section 11 of this Notice.

If you choose to exercise the rights described above, we may ask you to provide additional information so that we can satisfy ourselves of your identity before we take further action.

The personal data we store are encrypted and may be stored against a Mobile Advertising ID or a Cookie ID. To be able to find you in our systems we may need your Mobile Advertising ID and/or Cookie ID. If you are not able to provide your Mobile Advertising ID and/or Cookie ID we may not be able to find your data. In some cases your data will have been completely anonymised and it will no longer be possible to identify you.

          b. Cookies and how to withdraw consent

Cookies are small text files that are placed on your computer by websites that you visit. Our data partners may use cookies or pixels to collect data about you. Where you consent to cookies, you also have the right to withdraw that consent.

Most web browsers allow some control of cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

Find out how to manage cookies on popular browsers:

          c. Interest-based advertising on social media platforms / apps and how to opt-out

If you are displayed interest-based advertising on a social media platform, you may be able to opt-out of such advertising in the platform’s privacy settings. Please also refer to the platform’s privacy notice for more information on your rights and how to exercise them.

You may also be able to select  “Limit Ad Tracking” on iOS or “Opt-out of interest-based ads” on Google Android. You may reset the Mobile Advertising ID by selecting the option “Reset Advertising Identifier” on Apple iOS or “Reset Advertising ID” on Google Android. This will delete your current Mobile Advertising ID from your device and replace it with a new Mobile Advertising ID. 

Please note that this does not mean you will block all advertising, rather that the ads you are displayed will not be tailored to you and your interests.

11. How to contact us

If you have any questions about this Notice or would like to exercise any of the rights mentioned in section 9 of this Notice, you can contact our Data Protection Officer in any of the following ways:

Address: Data Protection Officer, Dentsu UK Limited, Regent’s Place, 10 Triton Street, London, NW1 3BF

Telephone: (+44) (0) 207 070 7700

Email: dpo@dentsu.com

12. How we make changes to the Notice

We may make changes to this Notice on occasion. We will post any revised versions of this Notice at dentsu.com/policies/dentsu-identity-product-privacy-notice 

Please review this Notice periodically to see if any changes have been made.

SUPPLEMENTARY INFORMATION

In this Supplementary Information section, we explain some of the terminology used in the Notice.

  • "controller" – the person or company that controls the purposes and means of processing personal data.
  • "EEA” – the European Economic Area, which comprises the current countries in the European Union plus Iceland, Liechtenstein and Norway.
  • "personal data" – any information that relates to you (or from which you can be identified).
  • "processing" – doing anything with personal data. For example, collecting it, storing it, disclosing it and deleting it.
  • "profiling" – using automated means to process personal data in order to work out certain things about people, like analysing or predicting their performance at work, economic situation, personal preferences, interests, behaviour, location or movements.