Last updated: 30 October 2023

Dentsu UK Limited (“our”, “us”, “we”) is part of the Dentsu group (“Dentsu”). We are a global digital and media advertising company. Our core business is to help our clients improve how they advertise and market, whether by print, post, email or on websites. Information provided by people like you is therefore important to our business.

This privacy notice (“Notice”) covers our Identity Product (“Identity Product”): a set of processes that manage and associate information from a number of sources to create an identity map across those identifiers and tie them to an individual for the purpose of providing client services such as digital insights and targeted digital advertising.

Dentsu UK limited or Dentsu affiliate entities are responsible as controllers for the processing of personal data described in this Notice. The controlling dentsu entity will generally be the entity who commissioned the CCS survey where you provided us with your contact details (this is made clear at the time you consent it us processing your personal data). If you have any questions about the processing that is undertaken, or who your data controller is, please contact us using the details provided in section 11.

Please note that this Identity Product is only used in some dentsu markets and does not include any dentsu identity solutions operating in other markets covered by separate privacy policies.

This Notice explains:

1. Where the personal data we process comes from
2. Types of personal data we may process about you in connection with our Identity Products
3. How we use your personal data
4. How we share your personal data
5. The legal grounds for processing your personal data
6. Transferring personal data overseas
7. Use of special category data and children’s data
8. How long we keep your personal data
9. How we protect your personal data
10. Your rights in relation to your personal data
11. How to contact us
12. How we make changes to this Notice

This Notice does not cover:

• Our website activities, please see here for our Website Privacy Notice;
• The operation of CCS itself. Please see [here] for the Lifestyle Privacy Notice;
• Other data processing activities of our affiliates, including dentsu identity solutions in markets covered by a separate notice; or
• The data processing of our clients.

1.) Where the personal data we process comes from

We collect personal data directly from individuals via our CCS Survey – see our Lifestyle Survey Privacy Notice here for more information on this collection and processing.

We utilise personal data from third party sources including data brokers, data aggregators, publishers and data partner service providers.

Where personal data is shared with a third party, this will be deleted as soon as an activation is complete. As indicated in section 10 of this Notice, you can request that we delete personal data we have associated with you, however we may continue to receive personal data about you after we have processed your deletion request.

2.) Types of personal data we may process about you in connection with our Identity Products

We may process various types of personal information as a controller as part of some of our Identity Products Note other personal data may be relevant to the processing of some of these Identity Products, but we do not process this personal data in our role as data controller and therefore it is not covered in this privacy notice.  These may include the following:

(a) Data we received through your participation in the CCS survey. This includes:

• Information contained within the responses you give These will include your demographics, attitudes and interests. The Survey asks for your opinions, interests, hobbies; views on products and services items you own and buy; your age; occupation; income; lifestyle; media usage; views on marketing and advertising; and other information that is useful for describing different types of people. Your responses in relation to questions about your race, ethnicity, sexual orientation and religious or philosophical beliefs, your health, political opinions or trade union membership (“special category personal data”). It is up to you whether you provide this special category personal data when completing the Survey and you will be provided with a “prefer not to say” or a “neither agree/nor disagree” style answer to choose from.   We do not use this information to knowingly target you with marketing and advertising;
• Your contact details where you have explicitly consented to these being shared with us.
• Cookie data, where the survey drops cookies and you have consented to this being shared with us.

(b) Data we receive or utilise from third parties:

• Online identifiers, internet and Network Activity Information, including internet protocol (IP) address used to connect your computer to the internet, mobile device IDs, cookie IDs, Mobile Advertising IDs, websites that you visit and how you interact with those websites and any apps you may use. We may also receive information about your browsing habits across multiple websites and over time. We may also receive information about your interaction with emails or other electronic messages we send you, such as when you open or click on an email.
• Location Information, we may infer a location based on your IP address and collect from third parties other geolocation information.
• Third party data, meaning the data we utilise in the platforms of our activation partners such as meta IDs. Note, we do not process this data as a controller.
• Education Information, like your level of education and what institutions you may have attended.
• Financial such as indicators of income and wealth, such as individual and household annual income ranges, likelihood of savings and investments, and presence of credit accounts.
• Family / Household data (such as number of adults/children, multi-generational household, etc.). We do not knowingly receive information from individuals under 16, but we may receive information about how many children are in your household and their year of birth or age range.
• Professional and Employment Related Information, we may also collect information about your employment such as job and title, as well as your income level.
• Collect and develop Inferences, by using the other pieces of personal data collected about you. We may draw inferences about you, reflecting what we believe to be your preferences, characteristics, predispositions, and attitudes as well as attributes connected to your IP address.

We also process other types of information, not classified as personal data, which we may link to your personal data. This may include business information for the purposes of identifying segments of individuals who live near certain businesses, or aggregated credit card spend data for the purpose of modelling likely behaviour.

3.) How we use your personal data

(a) General Purposes

• We may use information to analyse and improve our products and services. For example, we may use your information to make our websites, apps, services, and products better. We might use your information to customise your experience to conduct research and analysis.
• We use information to administer our services and products, and for internal operations. For example, we use personal data for troubleshooting, data analysis, and testing.
• We use information for security purposes. For example, we may use personal data to protect our company, our clients, and our business partners. We also may use personal data to protect our websites or our services, as well as to detect and investigate activities that may be illegal or prohibited (such as cyber attacks or fraudulent transactions).
• We use information to respond to your requests or questions. We use information to contact you in response to your feedback or other matters related to our relationship with you (such as about this Notice).
• We use information for verification purposes. For example, we will use certain pieces of personal data to verify your identity if you make requests pursuant to this Notice. The verification steps and the pieces of personal data that we request may vary depending on the sensitivity and nature of your request.
• We use information as otherwise disclosed or permitted by law, or as we may notify you. We may use personal data to create deidentified or aggregated data which does not identify you or any other individual. We may use and disclose this anonymous or aggregated data as we choose.

(b) Research and Insights

•  We use personal data, including combined, matched or enriched data, to generate marketing insights. For example, to determine what proportion of a population might be interested in a particular product. We provide marketing insights information to our clients on things such as the potential size of a particular market and which traits are most likely to be interested in a particular product or service. Clients can use this information to target relevant people with advertising.
• We use your information to assess the effectiveness of client advertising and marketing campaigns.

(c) Deterministic Modelling

• To create Lookalike audiences through creating a ‘seed’ audience and then using that audience to find lookalikes across another platform.
• We use personal data to create advertising "segments”, for instance: "men living in a particular postcode area who are aged between 20 and 30". These segments are used by our clients to deliver targeted advertising.

(d) Attribution Modelling utilising personal data

• We combine or match personal data received from data partners including Zeotap with other data (for example, data coming from our Lifestyle Survey - see Privacy Notice) and enrich it. This combining, matching and enrichment process helps us select the most appropriate group of people for our clients’ advertising or marketing campaigns. We also conduct analytics and profiling that includes predicting people's purchasing behaviour, likelihood of response to marketing or purchase of a product, brand loyalty, product and brand affinities and preferences. This may involve probabilistic matching e.g. individuals who like puppies in London are also likely to like dog products. This process is sometimes also referred to as ‘attribute modelling’. 
• We use personal data to create advertising "segments”, for instance: "men living in a particular postcode area who are aged between 20 and 30". These segments are used by our clients to deliver targeted advertising.

(e) Attribution Modelling not using personal data

• We don’t use any personal data for this.

4.) How we share your personal data

We share your personal data with vendors and service providers who perform services on our behalf. We may share personal data with vendors who assist us with the uses of personal data described in this Notice. This may include vendors who send emails for us, help us manage and operate our websites and apps, provide advertising or marketing services, provide analytics and search engine support, track advertising impressions, investigate and prevent data incidents, provide physical and digital security services, audit our business and financial statements, provide legal advice, and place our advertisements on other platforms.

We share your personal data with trusted data partners, such as Zeotap, for the purposes of merging data with a common ID and delivering targeted advertising on behalf of our clients via third party platforms. For more information on Zeotap please see Zeotap’s Privacy Notice here.

We share your personal data with further trusted data partners, to enrich our audiences to better target our client’s advertising campaigns to people like you.  Please contact us if you would like more details about the other partners we use.

We share your personal data with social media platforms and publishers. We may share your personal data with social media platforms such as Meta and publishers who allow us to buy advertising space for our clients. This may mean that you receive our clients’ marketing messaging when you use those social media platforms and other digital properties. Again, in this context your data is processed by our clients’ as controller and you should refer to their privacy policy.

We will share your personal data if we think we have to in order to comply with the law or to protect ourselves, our clients and others. We may share any or all categories of personal data to respond to a court order or subpoena. We may also share this personal data if a government agency or investigatory body requests it. We might share your personal data in order to enforce our agreements and to protect our rights and/or the rights of others. We might share your personal data when we are investigating potential fraud.

We may share your personal data as part of a transaction, financing, with a successor to all or part of our business, or for other business needs.  For example, if we sell or merge any of our businesses (including any of our affiliates, divisions, and business units) or assets, we may disclose your personal data as a part of that transaction, including to the prospective buyer or partner, lender or bank, as the case may be. We may also share your personal data if there is a similar change to our corporate structure. We may also share your information with others as part of certain due diligence processes. We also share information for the purpose of management and administration of our business.

We may share personal data for other reasons we may describe to you from time to time or as permitted by law. 

5.) The legal grounds for processing your personal data

We only process your personal data for use with our Identity Products when we have received it based on your consent.

In cases where personal data held on our systems are used by our clients for the purposes of delivering targeted advertising, our advertiser clients are responsible for determining the legal grounds for this processing. Please refer to the relevant advertiser’s privacy notice for more information.

6.) Transferring personal data overseas

Your personal data is kept on servers in multiple countries and may be transferred outside of your country or territory (for example, outside of the UK or the EEA) for the purposes described in this Notice. We may transfer personal data to countries where Dentsu group companies or clients are located so that they may review and use the personal data for the purposes described in this Notice.  

We will only transfer your personal data outside the market in which you are located where we are satisfied that adequate levels of protection are in place to protect the integrity and security of any personal data being processed and in compliance with applicable privacy and data protection laws. This may be through a contract we have in place with the importing company, or because we know that where the importing company is based has even stricter data protection laws than the one you are based in/ it was received in.

We take internal data protection very seriously. Our employees and the service companies commissioned by us have been contractually bound to treat personal data with appropriate confidentiality and to act in compliance with data protection regulations.

7.) Use of special category data and children’s data

We do not knowingly process any sensitive or special category data as part of our Identity Product.

We do not knowingly process the personal data of individuals under the age of 16. If you have any concerns about your child’s privacy in relation to our services, or if you believe that your child may have provided personal data via our Identity Product without appropriate consent, please contact us at dpo@dentsu.com.

8.) How long we keep your personal data

We will keep your personal data for as long as is necessary for the purposes described in section 2, and in accordance with our legal obligations. After this time, your personal data will either be securely deleted or anonymised so that it can be used for analytical purposes.

9.) How we protect your personal data

Our safeguards include robust systems and processes designed to ensure that we collect only the minimum personal data necessary to pursue the purposes for which we process your personal data, and that only those who need to view your personal data can see it.

Under Dentsu’s Chief Information Security Officer, there is a group-wide security function tasked with understanding security threats. Policies have been implemented to help keep your personal data secure. These policies are aligned to applicable regulations and industry standards including ISO27001 and NIST and are applicable to all parts of Dentsu. 

10.) Your rights in relation to your personal data

You have rights (with some exceptions and restrictions) to:

• object to our processing of your personal data, including profiling. You can object, on grounds relating to your particular situation, at any time. In which case, we shall stop processing the data that your objection relates to, unless we can show compelling legitimate grounds to continue that processing;
• access your personal data. If you make this kind of request and we hold personal data about you, we are required to provide you with information on it, including a description and copy of the personal data and why we are processing it;
• request that we provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format;
• request erasure of your personal data in certain circumstances;
• request correction or updating of the personal data that we hold about you and that is inaccurate;
• request the restriction of our processing of your personal data in some situations. If you request this, we can continue to store your personal data but are restricted from processing it while the restriction is in place;
• complain to your local data protection authority about our collection or use of your personal data. For example, in the UK, the local data protection authority is the UK Information Commissioner's Office.

(a) How to exercise your rights

To exercise your rights you can directly contact the organisation with whom you shared your personal data – in this case you should refer to their respective privacy notices. Alternatively you can contact us directly using the contact details in Section 11 of this Notice.

If you choose to exercise the rights described above, we may ask you to provide additional information so that we can satisfy ourselves of your identity before we take further action.

The personal data we store are encrypted and may be stored against a Mobile Advertising ID or a Cookie ID. To be able to find you in our systems we may need your Mobile Advertising ID and/or Cookie ID. If you are not able to provide your Mobile Advertising ID and/or Cookie ID we may not be able to find your data. In some cases your data will have been completely anonymised and it will no longer be possible to identify you

(b) Cookies and how to withdraw consent

Cookies are small text files that are placed on your computer by websites that you visit. Our data partners may use cookies or pixels to collect data about you. Where you consent to cookies, you also have the right to withdraw that consent.

Most web browsers allow some control of cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

Find out how to manage cookies on popular browsers:

• Google Chrome
• Microsoft Edge
• Mozilla Firefox
• Microsoft Internet Explorer
• Opera
• Apple Safari

(c) Interest-based advertising on social media platforms / apps and how to opt-out

If you are displayed interest-based advertising on a social media platform, you may be able to opt-out of such advertising in the platform’s privacy settings. Please also refer to the platform’s privacy notice for more information on your rights and how to exercise them.

You may also be able to select  “Limit Ad Tracking” on iOS or “Opt-out of interest-based ads” on Google Android. You may reset the Mobile Advertising ID by selecting the option “Reset Advertising Identifier” on Apple iOS or “Reset Advertising ID” on Google Android. This will delete your current Mobile Advertising ID from your device and replace it with a new Mobile Advertising ID. 

Please note that this does not mean you will block all advertising, rather that the ads you are displayed will not be tailored to you and your interests.

11.) How to contact us

If you have any questions about this Notice or would like to exercise any of the rights mentioned in section 9 of this Notice, you can contact our Data Protection Officer in any of the following ways:

Address: Data Protection Officer, Dentsu UK Limited, Regent’s Place, 10 Triton Street, London, NW1 3BF

Telephone: (+44) (0) 207 070 7700

Email: dpo@dentsu.com

12.) How we make changes to the Notice

We may make changes to this Notice on occasion. We will post any revised versions of this Notice here. (https://www.dentsu.com/policies/dentsu-identity-product-privacy-notice)

Please review this Notice periodically to see if any changes have been made.

SUPPLEMENTARY INFORMATION

In this Supplementary Information section, we explain some of the terminology used in the Notice.

• "controller" – the person or company that controls the purposes and means of processing personal data.
• "EEA” – the European Economic Area, which comprises the current countries in the European Union plus Iceland, Liechtenstein and Norway.
• "personal data" – any information that relates to you (or from which you can be identified).
• "processing" – doing anything with personal data. For example, collecting it, storing it, disclosing it and deleting it.
• "profiling" – using automated means to process personal data in order to work out certain things about people, like analysing or predicting their performance at work, economic situation, personal preferences, interests, behaviour, location or movements.